Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
423 36366 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED
59 17575 input_ext all -- br0 * 0.0.0.0/0 0.0.0.0/0
21 6960 input_ext all -- br1 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-IN-ILL-TARGET '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2 100 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
360 54688 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (5 references)
pkts bytes target prot opt in out source destination
78 24431 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
2 104 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp dpt:22 flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-ACC-TCP '
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 PKTTYPE = multicast LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 state INVALID LOG flags 6 level 4 prefix `SFW2-INext-DROP-DEFLT-INV '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
转载于:https://blog.51cto.com/jxwpx/860014
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
