1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258 | Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4906 480K ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
27 1620 ACCEPT all -- lo any anywhere anywhere
3951 305K INPUT_direct all -- any any anywhere anywhere
3951 305K INPUT_ZONES_SOURCE all -- any any anywhere anywhere
3951 305K INPUT_ZONES all -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 FORWARD_direct all -- any any anywhere anywhere
0 0 FORWARD_IN_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_IN_ZONES all -- any any anywhere anywhere
0 0 FORWARD_OUT_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_OUT_ZONES all -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 6323 packets, 648K bytes)
pkts bytes target prot opt in out source destination
6501 697K OUTPUT_direct all -- any any anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- eth0 any anywhere anywhere
0 0 ACCEPT all -- tun0 any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- + any anywhere anywhere
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any eth0 anywhere anywhere
0 0 ACCEPT all -- any tun0 anywhere anywhere
0 0 ACCEPT all -- any lo anywhere anywhere
0 0 ACCEPT all -- any + anywhere anywhere
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- any any anywhere anywhere
0 0 FWDI_public_deny all -- any any anywhere anywhere
0 0 FWDI_public_allow all -- any any anywhere anywhere
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_trusted_log all -- any any anywhere anywhere
0 0 FWDI_trusted_deny all -- any any anywhere anywhere
0 0 FWDI_trusted_allow all -- any any anywhere anywhere
Chain FWDI_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_external (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_external_log all -- any any anywhere anywhere
0 0 FWDO_external_deny all -- any any anywhere anywhere
0 0 FWDO_external_allow all -- any any anywhere anywhere
Chain FWDO_external_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere
Chain FWDO_external_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_external_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- any any anywhere anywhere
0 0 FWDO_public_deny all -- any any anywhere anywhere
0 0 FWDO_public_allow all -- any any anywhere anywhere
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_trusted_log all -- any any anywhere anywhere
0 0 FWDO_trusted_deny all -- any any anywhere anywhere
0 0 FWDO_trusted_allow all -- any any anywhere anywhere
Chain FWDO_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
3951 305K ACCEPT all -- eth0 any anywhere anywhere
0 0 ACCEPT all -- tun0 any anywhere anywhere
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT all -- + any anywhere anywhere
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_dmz (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_dmz_log all -- any any anywhere anywhere
0 0 IN_dmz_deny all -- any any anywhere anywhere
0 0 IN_dmz_allow all -- any any anywhere anywhere
Chain IN_dmz_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_dmz_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_dmz_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_external (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_external_log all -- any any anywhere anywhere
0 0 IN_external_deny all -- any any anywhere anywhere
0 0 IN_external_allow all -- any any anywhere anywhere
Chain IN_external_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_external_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_external_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_home (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_home_log all -- any any anywhere anywhere
0 0 IN_home_deny all -- any any anywhere anywhere
0 0 IN_home_allow all -- any any anywhere anywhere
Chain IN_home_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_home_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_home_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_internal (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_internal_log all -- any any anywhere anywhere
0 0 IN_internal_deny all -- any any anywhere anywhere
0 0 IN_internal_allow all -- any any anywhere anywhere
Chain IN_internal_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_internal_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_internal_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_public_log all -- any any anywhere anywhere
0 0 IN_public_deny all -- any any anywhere anywhere
0 0 IN_public_allow all -- any any anywhere anywhere
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:webmin ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_trusted (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_trusted_log all -- any any anywhere anywhere
0 0 IN_trusted_deny all -- any any anywhere anywhere
0 0 IN_trusted_allow all -- any any anywhere anywhere
Chain IN_trusted_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- any any anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:domain ctstate NEW
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:domain ctstate NEW
Chain IN_trusted_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_trusted_log (1 references)
pkts bytes target prot opt in out source destination
Chain IN_work (0 references)
pkts bytes target prot opt in out source destination
0 0 IN_work_log all -- any any anywhere anywhere
0 0 IN_work_deny all -- any any anywhere anywhere
0 0 IN_work_allow all -- any any anywhere anywhere
Chain IN_work_allow (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
Chain IN_work_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_work_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
|