Chain INPUT (policy DROP 1 packets, 40 bytes) pkts bytes target prot opt in out source destination 10403 11M CW_in_log all -- * * 0.0.0.0/0 0.0.0.0/0 10403 11M CW_in_drop all -- * * 0.0.0.0/0 0.0.0.0/0 15 1200 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 03-11 INVALID ' 15 1200 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 22 1181 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW 9326 11M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 32 5762 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 27 1270 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 0 0 LOG icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 06-12 pingflood ' 0 0 DROP icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 0 0 LOG icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 06-22 pingflood ' 0 0 DROP icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 0 0 LOG icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 06-32 pingflood ' 0 0 DROP icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 06-71 badICMP ' 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 131 27330 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 4 228 CW_SSHBF tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW recent: SET name: SSH side: source 849 119K CW_in_allow all -- * * 0.0.0.0/0 0.0.0.0/0 813 117K CW_in_silence all -- * * 0.0.0.0/0 0.0.0.0/0 92 4512 CW_in_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- eth0 * 0.0.0.0/0 224.0.0.0/4 0 0 DROP all -- eth2 * 0.0.0.0/0 224.0.0.0/4 71 3312 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 13-11 deadPCKT ' 74 3432 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 1 packets, 136 bytes) pkts bytes target prot opt in out source destination 77514 39M CW_in_log all -- * * 0.0.0.0/0 0.0.0.0/0 77514 39M CW_in_drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.FOR 03-13 INVALID ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW 76266 38M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 1248 66819 CW_out_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 0 0 LOG icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.FOR 06-25 pingflood ' 0 0 DROP icmp -- eth2 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 0 0 LOG icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.FOR 06-35 pingflood ' 0 0 DROP icmp -- eth1 * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.FOR 06-73 badICMP ' 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 747 36884 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0 501 29935 CW_in_deny all -- * * 0.0.0.0/0 0.0.0.0/0 264 16111 ACCEPT all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 237 13824 CW_dnat all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.FOR 13-13 deadPCKT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 9 packets, 2716 bytes) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.OUT 03-15 INVALID ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 state NEW 5639 566K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED 7 420 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED 32 5762 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 240 17514 CW_out_deny all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 127.0.0.0/8 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 10.0.0.0/8 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 172.16.0.0/12 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 192.168.0.0/16 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 224.0.0.0/4 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 240.0.0.0/5 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 0.0.0.0/8 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 169.254.0.0/16 0 0 CW_out_mart all -- * eth0 0.0.0.0/0 192.0.2.0/24 0 0 CW_out_mart all -- * eth1 0.0.0.0/0 !192.168.0.0/24 0 0 CW_out_mart all -- * eth2 0.0.0.0/0 !192.168.1.0/24 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12 0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.OUT 06-75 badICMP ' 0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0 240 17514 CW_out_allow all -- * * 0.0.0.0/0 0.0.0.0/0 3 206 ACCEPT udp -- * * 0.0.0.0/0 64.81.127.2 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 64.81.159.2 udp dpt:53 0 0 ACCEPT udp -- * * 0.0.0.0/0 216.231.41.2 udp dpt:53 30 1800 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.OUT 13-15 deadPCKT ' 30 1800 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain CW_SSHBF (1 references) pkts bytes target prot opt in out source destination 4 228 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 !recent: CHECK seconds: 300 hit_count: 4 name: SSH side: source 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `IPT f.IN 08-11 CW_SSHBF ' 0 0 TARPIT tcp -- * * 0.0.0.0/0 0.0.0.0/0 Chain CW_dnat (1 references) pkts bytes target prot opt in out source destination 196 11748 ACCEPT tcp -- * eth1 0.0.0.0/0 192.168.0.51 tcp dpt:22 41 2076 ACCEPT tcp -- * eth1 0.0.0.0/0 192.168.0.51 mport dports 49152:49162 Chain CW_in_allow (1 references) pkts bytes target prot opt in out source destination 4 228 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 25 1344 ACCEPT tcp -- * * 0.0.0.0/0 66.93.220.99 tcp dpt:80 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 7 336 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 Chain CW_in_deny (2 references) pkts bytes target prot opt in out source destination 18 1080 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 Chain CW_in_drop (2 references) pkts bytes target prot opt in out source destination Chain CW_in_log (2 references) pkts bytes target prot opt in out source destination Chain CW_in_silence (1 references) pkts bytes target prot opt in out source destination 195 87444 DROP udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 mport dports 53,67,123,137:138,1026:1029,1433:1434 526 25264 DROP tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 mport dports 135,139,445,1080,1433,2745,4899,5554,6129,9898 0 0 DROP udp -- eth2 * 0.0.0.0/0 0.0.0.0/0 mport dports 137:138 0 0 DROP tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 mport dports 139,445 Chain CW_out_allow (1 references) pkts bytes target prot opt in out source destination 6 360 ACCEPT tcp -- * eth0 0.0.0.0/0 128.114.59.17 tcp dpt:21 8 480 ACCEPT tcp -- * eth0 0.0.0.0/0 128.125.253.59 tcp dpt:21 0 0 ACCEPT tcp -- * eth0 0.0.0.0/0 128.118.41.81 tcp dpt:21 193 14668 ACCEPT udp -- * eth0 0.0.0.0/0 66.180.134.50 udp dpt:123 Chain CW_out_deny (2 references) pkts bytes target prot opt in out source destination Chain CW_out_mart (11 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 05-15 outMartian ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain synlimit (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT !tcp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 20/sec burst 5 0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 08-24 synflood ' 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 2/sec burst 5 LOG flags 0 level 4 prefix `IPT f.IN 08-26 weirdPCKT ' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0