diff options
author | Jate Sujjavanich <jatedev@gmail.com> | 2021-07-23 04:17:24 +0000 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2021-07-24 10:48:10 -0700 |
commit | da09c4c74344a339dfda670650381e6cf219bed7 (patch) | |
tree | d87e9dbe9c3162a836f2e03fd346e6fbfeb8402e | |
parent | 5eff5262e3890ccef11f9fa4bbc81963c0889da2 (diff) | |
download | meta-openembedded-da09c4c74344a339dfda670650381e6cf219bed7.tar.gz |
ufw: backport patches, update RRECOMMENDS, python3 support, tests
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
9 files changed, 18155 insertions, 7 deletions
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch b/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch new file mode 100644 index 000000000..9c268599f --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | * check-requirements now gives iptables output on failure. Patch thanks to | ||
2 | S. Nizio. | ||
3 | |||
4 | Written by Jamie Strandboge <jamie@canonical.com> | ||
5 | |||
6 | The patch was imported from git://git.launchpad.net/ufw | ||
7 | commit id 9a6d8beb4cb1d1646c7d2a19e4aea9898f4571bb | ||
8 | |||
9 | Removed ChangeLog patch due to backport status of this patch. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
13 | |||
14 | --- check-requirements.orig 2012-12-03 16:37:20.214274095 +0100 | ||
15 | +++ ufw-0.33/tests/check-requirements 2012-12-03 16:40:16.298728133 +0100 | ||
16 | @@ -29,14 +29,19 @@ | ||
17 | runtime="yes" | ||
18 | shift 1 | ||
19 | fi | ||
20 | - if $@ >/dev/null 2>&1 ; then | ||
21 | + local output ret=0 | ||
22 | + # make sure to always return success below because of set -e | ||
23 | + output=$( "$@" 2>&1 ) || ret=$? | ||
24 | + if [ $ret -eq 0 ]; then | ||
25 | echo pass | ||
26 | else | ||
27 | if [ "$runtime" = "yes" ]; then | ||
28 | echo "FAIL (no runtime support)" | ||
29 | + echo "error was: $output" | ||
30 | error_runtime="yes" | ||
31 | else | ||
32 | echo FAIL | ||
33 | + echo "error was: $output" | ||
34 | error="yes" | ||
35 | fi | ||
36 | fi | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch b/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch new file mode 100644 index 000000000..7a97773de --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch | |||
@@ -0,0 +1,14903 @@ | |||
1 | use conntrack instead of state module. Patch based on work by S. Nizio. | ||
2 | |||
3 | https://bugs.launchpad.net/ufw/+bug/1065297 | ||
4 | |||
5 | The patch was imported from git://git.launchpad.net/ufw | ||
6 | commit id 2a24ab2c46a1370d230d380a7b794ac3f8296799 | ||
7 | |||
8 | Removed ChangeLog patch due to backport status of this patch. | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
12 | |||
13 | diff --git a/README b/README | ||
14 | index 0cc2b2f..fead7c0 100644 | ||
15 | --- a/README | ||
16 | +++ b/README | ||
17 | @@ -24,13 +24,14 @@ Linux kernel configured with the following modules (not exhaustive): | ||
18 | limit | ||
19 | multiport | ||
20 | recent | ||
21 | - state | ||
22 | - | ||
23 | -* python2.5 is no longer supported | ||
24 | -** Systems with iptables below 1.4 will not have IPv6 application rule support. | ||
25 | - ufw will give a warning when users try to use this functionality, but ufw | ||
26 | - will otherwise work fine. ufw is known to work with iptables 1.3.8 in this | ||
27 | - degraded mode. | ||
28 | + conntrack*** | ||
29 | + | ||
30 | +* python2.5 is no longer supported | ||
31 | +** Systems with iptables below 1.4 will not have IPv6 application rule | ||
32 | + support. ufw will give a warning when users try to use this functionality, | ||
33 | + but ufw will otherwise work fine. ufw is known to work with iptables 1.3.8 | ||
34 | + in this degraded mode. | ||
35 | +*** As of 0.34, the 'conntrack' modules is used instead of 'state' | ||
36 | |||
37 | ufw has been widely tested on Linux 2.6.24 and higher kernels. You may also | ||
38 | use the check-requirements script in the tests/ directory to see if your | ||
39 | diff --git a/conf/before.rules b/conf/before.rules | ||
40 | index bc11f36..9917b87 100644 | ||
41 | --- a/conf/before.rules | ||
42 | +++ b/conf/before.rules | ||
43 | @@ -22,12 +22,12 @@ | ||
44 | -A ufw-before-output -o lo -j ACCEPT | ||
45 | |||
46 | # quickly process packets for which we already have a connection | ||
47 | --A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
48 | --A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
49 | +-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
50 | +-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
51 | |||
52 | # drop INVALID packets (logs these in loglevel medium and higher) | ||
53 | --A ufw-before-input -m state --state INVALID -j ufw-logging-deny | ||
54 | --A ufw-before-input -m state --state INVALID -j DROP | ||
55 | +-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny | ||
56 | +-A ufw-before-input -m conntrack --ctstate INVALID -j DROP | ||
57 | |||
58 | # ok icmp codes | ||
59 | -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT | ||
60 | diff --git a/conf/before6.rules b/conf/before6.rules | ||
61 | index fb1a8f1..8b7e4ff 100644 | ||
62 | --- a/conf/before6.rules | ||
63 | +++ b/conf/before6.rules | ||
64 | @@ -34,16 +34,16 @@ | ||
65 | -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT | ||
66 | |||
67 | # quickly process packets for which we already have a connection | ||
68 | --A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
69 | --A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
70 | +-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
71 | +-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT | ||
72 | |||
73 | # for multicast ping replies from link-local addresses (these don't have an | ||
74 | # associated connection and would otherwise be marked INVALID) | ||
75 | -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT | ||
76 | |||
77 | # drop INVALID packets (logs these in loglevel medium and higher) | ||
78 | --A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny | ||
79 | --A ufw6-before-input -m state --state INVALID -j DROP | ||
80 | +-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny | ||
81 | +-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP | ||
82 | |||
83 | # ok icmp codes | ||
84 | -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT | ||
85 | diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8 | ||
86 | index d9e3d5a..76403d6 100644 | ||
87 | --- a/doc/ufw-framework.8 | ||
88 | +++ b/doc/ufw-framework.8 | ||
89 | @@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: | ||
90 | net.ipv4.ip_forward=1 | ||
91 | .TP | ||
92 | Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: | ||
93 | - \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ | ||
94 | - \-j ACCEPT | ||
95 | - \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ | ||
96 | + \-A ufw\-before\-forward \-m conntrack \\ | ||
97 | + \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT | ||
98 | + \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ | ||
99 | \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT | ||
100 | .TP | ||
101 | Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: | ||
102 | @@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: | ||
103 | net.ipv4.ip_forward=1 | ||
104 | .TP | ||
105 | Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules: | ||
106 | - \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\ | ||
107 | - \-j ACCEPT | ||
108 | + \-A ufw\-before\-forward \-m conntrack \\ | ||
109 | + \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT | ||
110 | |||
111 | - \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\ | ||
112 | - \-\-state NEW \-j ACCEPT | ||
113 | + \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \\ | ||
114 | + \-m conntrack \-\-ctstate NEW \-j ACCEPT | ||
115 | |||
116 | - \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\ | ||
117 | + \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\ | ||
118 | \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT | ||
119 | |||
120 | \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT | ||
121 | diff --git a/locales/po/ufw.pot b/locales/po/ufw.pot | ||
122 | index fc56838..dc4b8e9 100644 | ||
123 | --- a/locales/po/ufw.pot | ||
124 | +++ b/locales/po/ufw.pot | ||
125 | @@ -8,7 +8,7 @@ msgid "" | ||
126 | msgstr "" | ||
127 | "Project-Id-Version: PACKAGE VERSION\n" | ||
128 | "Report-Msgid-Bugs-To: \n" | ||
129 | -"POT-Creation-Date: 2012-08-12 10:55-0500\n" | ||
130 | +"POT-Creation-Date: 2012-12-03 14:33-0600\n" | ||
131 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" | ||
132 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" | ||
133 | "Language-Team: LANGUAGE <LL@li.org>\n" | ||
134 | @@ -21,7 +21,7 @@ msgstr "" | ||
135 | msgid ": Need at least python 2.6)\n" | ||
136 | msgstr "" | ||
137 | |||
138 | -#: src/ufw:109 src/frontend.py:575 src/frontend.py:877 | ||
139 | +#: src/ufw:109 src/frontend.py:577 src/frontend.py:879 | ||
140 | msgid "Aborted" | ||
141 | msgstr "" | ||
142 | |||
143 | @@ -103,7 +103,7 @@ msgstr "" | ||
144 | msgid "New profiles:" | ||
145 | msgstr "" | ||
146 | |||
147 | -#: src/backend_iptables.py:88 src/backend.py:322 | ||
148 | +#: src/backend_iptables.py:88 src/backend.py:339 | ||
149 | #, python-format | ||
150 | msgid "Unsupported policy '%s'" | ||
151 | msgstr "" | ||
152 | @@ -130,44 +130,44 @@ msgstr "" | ||
153 | msgid "Checking raw ip6tables\n" | ||
154 | msgstr "" | ||
155 | |||
156 | -#: src/backend_iptables.py:250 | ||
157 | +#: src/backend_iptables.py:253 | ||
158 | msgid "Checking iptables\n" | ||
159 | msgstr "" | ||
160 | |||
161 | -#: src/backend_iptables.py:252 | ||
162 | +#: src/backend_iptables.py:255 | ||
163 | msgid "Checking ip6tables\n" | ||
164 | msgstr "" | ||
165 | |||
166 | -#: src/backend_iptables.py:255 src/backend_iptables.py:495 | ||
167 | +#: src/backend_iptables.py:258 src/backend_iptables.py:501 | ||
168 | msgid "problem running" | ||
169 | msgstr "" | ||
170 | |||
171 | -#: src/backend_iptables.py:261 | ||
172 | +#: src/backend_iptables.py:264 | ||
173 | msgid "Status: inactive" | ||
174 | msgstr "" | ||
175 | |||
176 | -#: src/backend_iptables.py:397 | ||
177 | +#: src/backend_iptables.py:400 | ||
178 | msgid "To" | ||
179 | msgstr "" | ||
180 | |||
181 | -#: src/backend_iptables.py:398 | ||
182 | +#: src/backend_iptables.py:401 | ||
183 | msgid "From" | ||
184 | msgstr "" | ||
185 | |||
186 | -#: src/backend_iptables.py:399 | ||
187 | +#: src/backend_iptables.py:402 | ||
188 | msgid "Action" | ||
189 | msgstr "" | ||
190 | |||
191 | -#: src/backend_iptables.py:415 | ||
192 | +#: src/backend_iptables.py:418 | ||
193 | msgid "\n" | ||
194 | msgstr "" | ||
195 | |||
196 | -#: src/backend_iptables.py:423 | ||
197 | +#: src/backend_iptables.py:426 | ||
198 | #, python-format | ||
199 | msgid "Default: %(in)s (incoming), %(out)s (outgoing)" | ||
200 | msgstr "" | ||
201 | |||
202 | -#: src/backend_iptables.py:427 | ||
203 | +#: src/backend_iptables.py:430 | ||
204 | #, python-format | ||
205 | msgid "" | ||
206 | "Status: active\n" | ||
207 | @@ -176,174 +176,174 @@ msgid "" | ||
208 | "%(app)s%(status)s" | ||
209 | msgstr "" | ||
210 | |||
211 | -#: src/backend_iptables.py:431 | ||
212 | +#: src/backend_iptables.py:434 | ||
213 | #, python-format | ||
214 | msgid "Status: active%s" | ||
215 | msgstr "" | ||
216 | |||
217 | -#: src/backend_iptables.py:436 src/backend_iptables.py:446 | ||
218 | +#: src/backend_iptables.py:439 src/backend_iptables.py:449 | ||
219 | msgid "running ufw-init" | ||
220 | msgstr "" | ||
221 | |||
222 | -#: src/backend_iptables.py:440 src/backend_iptables.py:450 | ||
223 | +#: src/backend_iptables.py:443 src/backend_iptables.py:453 | ||
224 | #, python-format | ||
225 | msgid "" | ||
226 | "problem running ufw-init\n" | ||
227 | "%s" | ||
228 | msgstr "" | ||
229 | |||
230 | -#: src/backend_iptables.py:459 | ||
231 | +#: src/backend_iptables.py:462 | ||
232 | msgid "Could not set LOGLEVEL" | ||
233 | msgstr "" | ||
234 | |||
235 | -#: src/backend_iptables.py:465 | ||
236 | +#: src/backend_iptables.py:468 | ||
237 | msgid "Could not load logging rules" | ||
238 | msgstr "" | ||
239 | |||
240 | -#: src/backend_iptables.py:617 src/backend.py:229 | ||
241 | +#: src/backend_iptables.py:623 src/backend.py:246 | ||
242 | #, python-format | ||
243 | msgid "Couldn't open '%s' for reading" | ||
244 | msgstr "" | ||
245 | |||
246 | -#: src/backend_iptables.py:626 | ||
247 | +#: src/backend_iptables.py:632 | ||
248 | #, python-format | ||
249 | msgid "Skipping malformed tuple (bad length): %s" | ||
250 | msgstr "" | ||
251 | |||
252 | -#: src/backend_iptables.py:657 | ||
253 | +#: src/backend_iptables.py:663 | ||
254 | #, python-format | ||
255 | msgid "Skipping malformed tuple: %s" | ||
256 | msgstr "" | ||
257 | |||
258 | -#: src/backend_iptables.py:679 src/backend.py:260 | ||
259 | +#: src/backend_iptables.py:685 src/backend.py:277 | ||
260 | #, python-format | ||
261 | msgid "'%s' is not writable" | ||
262 | msgstr "" | ||
263 | |||
264 | -#: src/backend_iptables.py:837 | ||
265 | +#: src/backend_iptables.py:850 | ||
266 | msgid "Adding IPv6 rule failed: IPv6 not enabled" | ||
267 | msgstr "" | ||
268 | |||
269 | -#: src/backend_iptables.py:841 | ||
270 | +#: src/backend_iptables.py:854 | ||
271 | #, python-format | ||
272 | msgid "Skipping unsupported IPv6 '%s' rule" | ||
273 | msgstr "" | ||
274 | |||
275 | -#: src/backend_iptables.py:845 | ||
276 | +#: src/backend_iptables.py:858 | ||
277 | #, python-format | ||
278 | msgid "Skipping unsupported IPv4 '%s' rule" | ||
279 | msgstr "" | ||
280 | |||
281 | -#: src/backend_iptables.py:848 | ||
282 | +#: src/backend_iptables.py:861 | ||
283 | msgid "Must specify 'tcp' or 'udp' with multiple ports" | ||
284 | msgstr "" | ||
285 | |||
286 | -#: src/backend_iptables.py:860 | ||
287 | +#: src/backend_iptables.py:873 | ||
288 | msgid "Skipping IPv6 application rule. Need at least iptables 1.4" | ||
289 | msgstr "" | ||
290 | |||
291 | -#: src/backend_iptables.py:865 | ||
292 | +#: src/backend_iptables.py:878 | ||
293 | #, python-format | ||
294 | msgid "Invalid position '%d'" | ||
295 | msgstr "" | ||
296 | |||
297 | -#: src/backend_iptables.py:869 | ||
298 | +#: src/backend_iptables.py:882 | ||
299 | msgid "Cannot specify insert and delete" | ||
300 | msgstr "" | ||
301 | |||
302 | -#: src/backend_iptables.py:872 | ||
303 | +#: src/backend_iptables.py:885 | ||
304 | #, python-format | ||
305 | msgid "Cannot insert rule at position '%d'" | ||
306 | msgstr "" | ||
307 | |||
308 | -#: src/backend_iptables.py:930 | ||
309 | +#: src/backend_iptables.py:943 | ||
310 | msgid "Skipping inserting existing rule" | ||
311 | msgstr "" | ||
312 | |||
313 | -#: src/backend_iptables.py:941 src/frontend.py:386 | ||
314 | +#: src/backend_iptables.py:954 src/frontend.py:388 | ||
315 | msgid "Could not delete non-existent rule" | ||
316 | msgstr "" | ||
317 | |||
318 | -#: src/backend_iptables.py:946 | ||
319 | +#: src/backend_iptables.py:959 | ||
320 | msgid "Skipping adding existing rule" | ||
321 | msgstr "" | ||
322 | |||
323 | -#: src/backend_iptables.py:962 | ||
324 | +#: src/backend_iptables.py:975 | ||
325 | msgid "Couldn't update rules file" | ||
326 | msgstr "" | ||
327 | |||
328 | -#: src/backend_iptables.py:967 | ||
329 | +#: src/backend_iptables.py:980 | ||
330 | msgid "Rules updated" | ||
331 | msgstr "" | ||
332 | |||
333 | -#: src/backend_iptables.py:969 | ||
334 | +#: src/backend_iptables.py:982 | ||
335 | msgid "Rules updated (v6)" | ||
336 | msgstr "" | ||
337 | |||
338 | -#: src/backend_iptables.py:977 | ||
339 | +#: src/backend_iptables.py:990 | ||
340 | msgid "Rule inserted" | ||
341 | msgstr "" | ||
342 | |||
343 | -#: src/backend_iptables.py:979 | ||
344 | +#: src/backend_iptables.py:992 | ||
345 | msgid "Rule updated" | ||
346 | msgstr "" | ||
347 | |||
348 | -#: src/backend_iptables.py:989 | ||
349 | +#: src/backend_iptables.py:1002 | ||
350 | msgid " (skipped reloading firewall)" | ||
351 | msgstr "" | ||
352 | |||
353 | -#: src/backend_iptables.py:992 | ||
354 | +#: src/backend_iptables.py:1005 | ||
355 | msgid "Rule deleted" | ||
356 | msgstr "" | ||
357 | |||
358 | -#: src/backend_iptables.py:995 | ||
359 | +#: src/backend_iptables.py:1008 | ||
360 | msgid "Rule added" | ||
361 | msgstr "" | ||
362 | |||
363 | -#: src/backend_iptables.py:1010 src/backend_iptables.py:1098 | ||
364 | +#: src/backend_iptables.py:1023 src/backend_iptables.py:1114 | ||
365 | msgid "Could not update running firewall" | ||
366 | msgstr "" | ||
367 | |||
368 | -#: src/backend_iptables.py:1065 | ||
369 | +#: src/backend_iptables.py:1078 | ||
370 | #, python-format | ||
371 | msgid "Could not perform '%s'" | ||
372 | msgstr "" | ||
373 | |||
374 | -#: src/backend_iptables.py:1089 | ||
375 | +#: src/backend_iptables.py:1105 | ||
376 | msgid "Couldn't update rules file for logging" | ||
377 | msgstr "" | ||
378 | |||
379 | -#: src/backend_iptables.py:1147 src/backend.py:578 | ||
380 | +#: src/backend_iptables.py:1163 src/backend.py:595 | ||
381 | #, python-format | ||
382 | msgid "Invalid log level '%s'" | ||
383 | msgstr "" | ||
384 | |||
385 | -#: src/backend_iptables.py:1244 | ||
386 | +#: src/backend_iptables.py:1260 | ||
387 | #, python-format | ||
388 | msgid "Could not find '%s'. Aborting" | ||
389 | msgstr "" | ||
390 | |||
391 | -#: src/backend_iptables.py:1256 | ||
392 | +#: src/backend_iptables.py:1272 | ||
393 | #, python-format | ||
394 | msgid "'%s' already exists. Aborting" | ||
395 | msgstr "" | ||
396 | |||
397 | -#: src/backend_iptables.py:1262 | ||
398 | +#: src/backend_iptables.py:1278 | ||
399 | #, python-format | ||
400 | msgid "Backing up '%(old)s' to '%(new)s'\n" | ||
401 | msgstr "" | ||
402 | |||
403 | -#: src/backend_iptables.py:1278 src/backend.py:185 | ||
404 | +#: src/backend_iptables.py:1294 src/backend.py:202 | ||
405 | #, python-format | ||
406 | msgid "Couldn't stat '%s'" | ||
407 | msgstr "" | ||
408 | |||
409 | -#: src/backend_iptables.py:1283 | ||
410 | +#: src/backend_iptables.py:1299 | ||
411 | #, python-format | ||
412 | msgid "WARN: '%s' is world writable" | ||
413 | msgstr "" | ||
414 | |||
415 | -#: src/backend_iptables.py:1285 | ||
416 | +#: src/backend_iptables.py:1301 | ||
417 | #, python-format | ||
418 | msgid "WARN: '%s' is world readable" | ||
419 | msgstr "" | ||
420 | @@ -352,102 +352,102 @@ msgstr "" | ||
421 | msgid "Couldn't determine iptables version" | ||
422 | msgstr "" | ||
423 | |||
424 | -#: src/backend.py:138 | ||
425 | +#: src/backend.py:155 | ||
426 | msgid "Checks disabled" | ||
427 | msgstr "" | ||
428 | |||
429 | -#: src/backend.py:144 | ||
430 | +#: src/backend.py:161 | ||
431 | msgid "ERROR: this script should not be SUID" | ||
432 | msgstr "" | ||
433 | |||
434 | -#: src/backend.py:147 | ||
435 | +#: src/backend.py:164 | ||
436 | msgid "ERROR: this script should not be SGID" | ||
437 | msgstr "" | ||
438 | |||
439 | -#: src/backend.py:152 | ||
440 | +#: src/backend.py:169 | ||
441 | msgid "You need to be root to run this script" | ||
442 | msgstr "" | ||
443 | |||
444 | -#: src/backend.py:162 | ||
445 | +#: src/backend.py:179 | ||
446 | #, python-format | ||
447 | msgid "'%s' does not exist" | ||
448 | msgstr "" | ||
449 | |||
450 | -#: src/backend.py:191 | ||
451 | +#: src/backend.py:208 | ||
452 | #, python-format | ||
453 | msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" | ||
454 | msgstr "" | ||
455 | |||
456 | -#: src/backend.py:198 | ||
457 | +#: src/backend.py:215 | ||
458 | #, python-format | ||
459 | msgid "%s is world writable!" | ||
460 | msgstr "" | ||
461 | |||
462 | -#: src/backend.py:202 | ||
463 | +#: src/backend.py:219 | ||
464 | #, python-format | ||
465 | msgid "%s is group writable!" | ||
466 | msgstr "" | ||
467 | |||
468 | -#: src/backend.py:218 | ||
469 | +#: src/backend.py:235 | ||
470 | #, python-format | ||
471 | msgid "'%(f)s' file '%(name)s' does not exist" | ||
472 | msgstr "" | ||
473 | |||
474 | -#: src/backend.py:243 | ||
475 | +#: src/backend.py:260 | ||
476 | #, python-format | ||
477 | msgid "Missing policy for '%s'" | ||
478 | msgstr "" | ||
479 | |||
480 | -#: src/backend.py:247 | ||
481 | +#: src/backend.py:264 | ||
482 | #, python-format | ||
483 | msgid "Invalid policy '%(policy)s' for '%(chain)s'" | ||
484 | msgstr "" | ||
485 | |||
486 | -#: src/backend.py:254 | ||
487 | +#: src/backend.py:271 | ||
488 | msgid "Invalid option" | ||
489 | msgstr "" | ||
490 | |||
491 | -#: src/backend.py:325 | ||
492 | +#: src/backend.py:342 | ||
493 | #, python-format | ||
494 | msgid "Default application policy changed to '%s'" | ||
495 | msgstr "" | ||
496 | |||
497 | -#: src/backend.py:407 | ||
498 | +#: src/backend.py:424 | ||
499 | msgid "No rules found for application profile" | ||
500 | msgstr "" | ||
501 | |||
502 | -#: src/backend.py:466 | ||
503 | +#: src/backend.py:483 | ||
504 | #, python-format | ||
505 | msgid "Rules updated for profile '%s'" | ||
506 | msgstr "" | ||
507 | |||
508 | -#: src/backend.py:472 | ||
509 | +#: src/backend.py:489 | ||
510 | msgid "Couldn't update application rules" | ||
511 | msgstr "" | ||
512 | |||
513 | -#: src/backend.py:494 | ||
514 | +#: src/backend.py:511 | ||
515 | #, python-format | ||
516 | msgid "Found multiple matches for '%s'. Please use exact profile name" | ||
517 | msgstr "" | ||
518 | |||
519 | -#: src/backend.py:496 | ||
520 | +#: src/backend.py:513 | ||
521 | #, python-format | ||
522 | msgid "Could not find a profile matching '%s'" | ||
523 | msgstr "" | ||
524 | |||
525 | -#: src/backend.py:562 | ||
526 | +#: src/backend.py:579 | ||
527 | msgid "Logging: " | ||
528 | msgstr "" | ||
529 | |||
530 | -#: src/backend.py:566 | ||
531 | +#: src/backend.py:583 | ||
532 | msgid "unknown" | ||
533 | msgstr "" | ||
534 | |||
535 | -#: src/backend.py:596 | ||
536 | +#: src/backend.py:613 | ||
537 | msgid "Logging disabled" | ||
538 | msgstr "" | ||
539 | |||
540 | -#: src/backend.py:598 | ||
541 | +#: src/backend.py:615 | ||
542 | msgid "Logging enabled" | ||
543 | msgstr "" | ||
544 | |||
545 | @@ -526,6 +526,7 @@ msgid "" | ||
546 | " %(limit)-31s add limit %(rule)s\n" | ||
547 | " %(delete)-31s delete %(urule)s\n" | ||
548 | " %(insert)-31s insert %(urule)s at %(number)s\n" | ||
549 | +" %(reload)-31s reload firewall\n" | ||
550 | " %(reset)-31s reset firewall\n" | ||
551 | " %(status)-31s show firewall status\n" | ||
552 | " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" | ||
553 | @@ -540,87 +541,87 @@ msgid "" | ||
554 | " %(appdefault)-31s set default application policy\n" | ||
555 | msgstr "" | ||
556 | |||
557 | -#: src/frontend.py:160 | ||
558 | +#: src/frontend.py:162 | ||
559 | msgid "n" | ||
560 | msgstr "" | ||
561 | |||
562 | -#: src/frontend.py:161 | ||
563 | +#: src/frontend.py:163 | ||
564 | msgid "y" | ||
565 | msgstr "" | ||
566 | |||
567 | -#: src/frontend.py:162 | ||
568 | +#: src/frontend.py:164 | ||
569 | msgid "yes" | ||
570 | msgstr "" | ||
571 | |||
572 | -#: src/frontend.py:207 | ||
573 | +#: src/frontend.py:209 | ||
574 | msgid "Firewall is active and enabled on system startup" | ||
575 | msgstr "" | ||
576 | |||
577 | -#: src/frontend.py:214 | ||
578 | +#: src/frontend.py:216 | ||
579 | msgid "Firewall stopped and disabled on system startup" | ||
580 | msgstr "" | ||
581 | |||
582 | -#: src/frontend.py:265 | ||
583 | +#: src/frontend.py:267 | ||
584 | msgid "Could not get listening status" | ||
585 | msgstr "" | ||
586 | |||
587 | -#: src/frontend.py:326 | ||
588 | +#: src/frontend.py:328 | ||
589 | msgid "Added user rules (see 'ufw status' for running firewall):" | ||
590 | msgstr "" | ||
591 | |||
592 | -#: src/frontend.py:329 | ||
593 | +#: src/frontend.py:331 | ||
594 | msgid "" | ||
595 | "\n" | ||
596 | "(None)" | ||
597 | msgstr "" | ||
598 | |||
599 | -#: src/frontend.py:381 src/frontend.py:479 src/frontend.py:489 | ||
600 | +#: src/frontend.py:383 src/frontend.py:481 src/frontend.py:491 | ||
601 | #, python-format | ||
602 | msgid "Invalid IP version '%s'" | ||
603 | msgstr "" | ||
604 | |||
605 | -#: src/frontend.py:412 | ||
606 | +#: src/frontend.py:414 | ||
607 | msgid "Invalid position '" | ||
608 | msgstr "" | ||
609 | |||
610 | -#: src/frontend.py:486 | ||
611 | +#: src/frontend.py:488 | ||
612 | msgid "IPv6 support not enabled" | ||
613 | msgstr "" | ||
614 | |||
615 | -#: src/frontend.py:497 | ||
616 | +#: src/frontend.py:499 | ||
617 | msgid "Rule changed after normalization" | ||
618 | msgstr "" | ||
619 | |||
620 | -#: src/frontend.py:521 | ||
621 | +#: src/frontend.py:523 | ||
622 | #, python-format | ||
623 | msgid "Could not back out rule '%s'" | ||
624 | msgstr "" | ||
625 | |||
626 | -#: src/frontend.py:525 | ||
627 | +#: src/frontend.py:527 | ||
628 | msgid "" | ||
629 | "\n" | ||
630 | "Error applying application rules." | ||
631 | msgstr "" | ||
632 | |||
633 | -#: src/frontend.py:527 | ||
634 | +#: src/frontend.py:529 | ||
635 | msgid " Some rules could not be unapplied." | ||
636 | msgstr "" | ||
637 | |||
638 | -#: src/frontend.py:529 | ||
639 | +#: src/frontend.py:531 | ||
640 | msgid " Attempted rules successfully unapplied." | ||
641 | msgstr "" | ||
642 | |||
643 | -#: src/frontend.py:540 | ||
644 | +#: src/frontend.py:542 | ||
645 | #, python-format | ||
646 | msgid "Could not find rule '%s'" | ||
647 | msgstr "" | ||
648 | |||
649 | -#: src/frontend.py:545 src/frontend.py:550 | ||
650 | +#: src/frontend.py:547 src/frontend.py:552 | ||
651 | #, python-format | ||
652 | msgid "Could not find rule '%d'" | ||
653 | msgstr "" | ||
654 | |||
655 | -#: src/frontend.py:562 | ||
656 | +#: src/frontend.py:564 | ||
657 | #, python-format | ||
658 | msgid "" | ||
659 | "Deleting:\n" | ||
660 | @@ -628,93 +629,93 @@ msgid "" | ||
661 | "Proceed with operation (%(yes)s|%(no)s)? " | ||
662 | msgstr "" | ||
663 | |||
664 | -#: src/frontend.py:593 | ||
665 | +#: src/frontend.py:595 | ||
666 | msgid "Unsupported default policy" | ||
667 | msgstr "" | ||
668 | |||
669 | -#: src/frontend.py:622 src/frontend.py:767 | ||
670 | +#: src/frontend.py:624 src/frontend.py:769 | ||
671 | msgid "Firewall reloaded" | ||
672 | msgstr "" | ||
673 | |||
674 | -#: src/frontend.py:624 | ||
675 | +#: src/frontend.py:626 | ||
676 | msgid "Firewall not enabled (skipping reload)" | ||
677 | msgstr "" | ||
678 | |||
679 | -#: src/frontend.py:641 src/frontend.py:655 src/frontend.py:692 | ||
680 | +#: src/frontend.py:643 src/frontend.py:657 src/frontend.py:694 | ||
681 | msgid "Invalid profile name" | ||
682 | msgstr "" | ||
683 | |||
684 | -#: src/frontend.py:660 src/frontend.py:842 | ||
685 | +#: src/frontend.py:662 src/frontend.py:844 | ||
686 | #, python-format | ||
687 | msgid "Unsupported action '%s'" | ||
688 | msgstr "" | ||
689 | |||
690 | -#: src/frontend.py:679 | ||
691 | +#: src/frontend.py:681 | ||
692 | msgid "Available applications:" | ||
693 | msgstr "" | ||
694 | |||
695 | -#: src/frontend.py:700 | ||
696 | +#: src/frontend.py:702 | ||
697 | #, python-format | ||
698 | msgid "Could not find profile '%s'" | ||
699 | msgstr "" | ||
700 | |||
701 | -#: src/frontend.py:705 | ||
702 | +#: src/frontend.py:707 | ||
703 | msgid "Invalid profile" | ||
704 | msgstr "" | ||
705 | |||
706 | -#: src/frontend.py:708 | ||
707 | +#: src/frontend.py:710 | ||
708 | #, python-format | ||
709 | msgid "Profile: %s\n" | ||
710 | msgstr "" | ||
711 | |||
712 | -#: src/frontend.py:709 | ||
713 | +#: src/frontend.py:711 | ||
714 | #, python-format | ||
715 | msgid "Title: %s\n" | ||
716 | msgstr "" | ||
717 | |||
718 | -#: src/frontend.py:712 | ||
719 | +#: src/frontend.py:714 | ||
720 | #, python-format | ||
721 | msgid "" | ||
722 | "Description: %s\n" | ||
723 | "\n" | ||
724 | msgstr "" | ||
725 | |||
726 | -#: src/frontend.py:718 | ||
727 | +#: src/frontend.py:720 | ||
728 | msgid "Ports:" | ||
729 | msgstr "" | ||
730 | |||
731 | -#: src/frontend.py:720 | ||
732 | +#: src/frontend.py:722 | ||
733 | msgid "Port:" | ||
734 | msgstr "" | ||
735 | |||
736 | -#: src/frontend.py:769 | ||
737 | +#: src/frontend.py:771 | ||
738 | msgid "Skipped reloading firewall" | ||
739 | msgstr "" | ||
740 | |||
741 | -#: src/frontend.py:779 | ||
742 | +#: src/frontend.py:781 | ||
743 | msgid "Cannot specify 'all' with '--add-new'" | ||
744 | msgstr "" | ||
745 | |||
746 | -#: src/frontend.py:794 | ||
747 | +#: src/frontend.py:796 | ||
748 | #, python-format | ||
749 | msgid "Unknown policy '%s'" | ||
750 | msgstr "" | ||
751 | |||
752 | -#: src/frontend.py:851 | ||
753 | +#: src/frontend.py:853 | ||
754 | #, python-format | ||
755 | msgid "" | ||
756 | "Command may disrupt existing ssh connections. Proceed with operation " | ||
757 | "(%(yes)s|%(no)s)? " | ||
758 | msgstr "" | ||
759 | |||
760 | -#: src/frontend.py:864 | ||
761 | +#: src/frontend.py:866 | ||
762 | #, python-format | ||
763 | msgid "" | ||
764 | "Resetting all rules to installed defaults. Proceed with operation (%(yes)s|" | ||
765 | "%(no)s)? " | ||
766 | msgstr "" | ||
767 | |||
768 | -#: src/frontend.py:868 | ||
769 | +#: src/frontend.py:870 | ||
770 | #, python-format | ||
771 | msgid "" | ||
772 | "Resetting all rules to installed defaults. This may disrupt existing ssh " | ||
773 | diff --git a/setup.py b/setup.py | ||
774 | index 6fb3751..1685401 100644 | ||
775 | --- a/setup.py | ||
776 | +++ b/setup.py | ||
777 | @@ -35,7 +35,7 @@ import sys | ||
778 | import shutil | ||
779 | import subprocess | ||
780 | |||
781 | -ufw_version = '0.33' | ||
782 | +ufw_version = '0.34' | ||
783 | |||
784 | def cmd(command): | ||
785 | '''Try to execute the given command.''' | ||
786 | diff --git a/src/backend_iptables.py b/src/backend_iptables.py | ||
787 | index 76d8515..478e35c 100644 | ||
788 | --- a/src/backend_iptables.py | ||
789 | +++ b/src/backend_iptables.py | ||
790 | @@ -564,7 +564,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): | ||
791 | lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ | ||
792 | policy) | ||
793 | if not pat_logall.search(s): | ||
794 | - lstr = '-m state --state NEW ' + lstr | ||
795 | + lstr = '-m conntrack --ctstate NEW ' + lstr | ||
796 | snippets[i] = pat_log.sub(r'\1-j \2\4', s) | ||
797 | snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ | ||
798 | '-user-logging-' + suffix, s)) | ||
799 | @@ -580,9 +580,9 @@ class UFWBackendIptables(ufw.backend.UFWBackend): | ||
800 | pat_limit = re.compile(r' -j LIMIT') | ||
801 | for i, s in enumerate(snippets): | ||
802 | if pat_limit.search(s): | ||
803 | - tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \ | ||
804 | + tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ | ||
805 | s) | ||
806 | - tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \ | ||
807 | + tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ | ||
808 | ' --update --seconds 30 --hitcount 6' + \ | ||
809 | ' -j ' + prefix + '-user-limit', s) | ||
810 | tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) | ||
811 | @@ -1212,12 +1212,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend): | ||
812 | prefix = "[UFW BLOCK] " | ||
813 | if self.loglevels[level] < self.loglevels["medium"]: | ||
814 | # only log INVALID in medium and higher | ||
815 | - rules_t.append([c, ['-I', c, '-m', 'state', \ | ||
816 | - '--state', 'INVALID', \ | ||
817 | + rules_t.append([c, ['-I', c, '-m', 'conntrack', \ | ||
818 | + '--ctstate', 'INVALID', \ | ||
819 | '-j', 'RETURN'] + largs, '']) | ||
820 | else: | ||
821 | - rules_t.append([c, ['-A', c, '-m', 'state', \ | ||
822 | - '--state', 'INVALID', \ | ||
823 | + rules_t.append([c, ['-A', c, '-m', 'conntrack', \ | ||
824 | + '--ctstate', 'INVALID', \ | ||
825 | '-j', 'LOG', \ | ||
826 | '--log-prefix', \ | ||
827 | "[UFW AUDIT INVALID] "] + \ | ||
828 | @@ -1236,7 +1236,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend): | ||
829 | |||
830 | # loglevel medium logs all new packets with limit | ||
831 | if self.loglevels[level] < self.loglevels["high"]: | ||
832 | - largs = ['-m', 'state', '--state', 'NEW'] + limit_args | ||
833 | + largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args | ||
834 | |||
835 | prefix = "[UFW AUDIT] " | ||
836 | for c in self.chains['before']: | ||
837 | diff --git a/src/ufw-init-functions b/src/ufw-init-functions | ||
838 | index f4783e7..c5e0319 100755 | ||
839 | --- a/src/ufw-init-functions | ||
840 | +++ b/src/ufw-init-functions | ||
841 | @@ -251,15 +251,15 @@ ufw_start() { | ||
842 | # add tracking policy | ||
843 | if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then | ||
844 | printf "*filter\n"\ | ||
845 | -"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\ | ||
846 | -"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\ | ||
847 | +"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ | ||
848 | +"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ | ||
849 | "COMMIT\n" | $exe-restore -n || error="yes" | ||
850 | fi | ||
851 | |||
852 | if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then | ||
853 | printf "*filter\n"\ | ||
854 | -"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\ | ||
855 | -"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\ | ||
856 | +"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ | ||
857 | +"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ | ||
858 | "COMMIT\n" | $exe-restore -n || error="yes" | ||
859 | fi | ||
860 | |||
861 | diff --git a/src/util.py b/src/util.py | ||
862 | index fe9cd5c..bf0a6f6 100644 | ||
863 | --- a/src/util.py | ||
864 | +++ b/src/util.py | ||
865 | @@ -737,12 +737,12 @@ def get_netfilter_capabilities(exe="/sbin/iptables"): | ||
866 | # the stuff we know isn't supported everywhere but we want to support. | ||
867 | |||
868 | # recent-set | ||
869 | - if test_cap(exe, chain, ['-m', 'state', '--state', 'NEW', \ | ||
870 | + if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \ | ||
871 | '-m', 'recent', '--set']): | ||
872 | caps.append('recent-set') | ||
873 | |||
874 | # recent-update | ||
875 | - if test_cap(exe, chain, ['-m', 'state', '--state', 'NEW', \ | ||
876 | + if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \ | ||
877 | '-m', 'recent', '--update', \ | ||
878 | '--seconds', '30', \ | ||
879 | '--hitcount', '6']): | ||
880 | diff --git a/tests/bugs/rules/result b/tests/bugs/rules/result | ||
881 | index af2879a..396ff4c 100644 | ||
882 | --- a/tests/bugs/rules/result | ||
883 | +++ b/tests/bugs/rules/result | ||
884 | @@ -28,7 +28,7 @@ WARN: Checks disabled | ||
885 | ### LOGGING ### | ||
886 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
887 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
888 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
889 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
890 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
891 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
892 | ### END LOGGING ### | ||
893 | @@ -73,7 +73,7 @@ WARN: Checks disabled | ||
894 | ### LOGGING ### | ||
895 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
896 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
897 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
898 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
899 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
900 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
901 | ### END LOGGING ### | ||
902 | diff --git a/tests/check-requirements b/tests/check-requirements | ||
903 | index 613a3c8..ffbe9fc 100755 | ||
904 | --- a/tests/check-requirements | ||
905 | +++ b/tests/check-requirements | ||
906 | @@ -172,24 +172,24 @@ for i in "" 6; do | ||
907 | done | ||
908 | |||
909 | echo -n "hashlimit: " | ||
910 | - runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT | ||
911 | + runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT | ||
912 | |||
913 | echo -n "limit: " | ||
914 | runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT | ||
915 | |||
916 | for j in NEW RELATED ESTABLISHED INVALID; do | ||
917 | echo -n "state ($j): " | ||
918 | - runcmd $exe -A $c -m state --state $j | ||
919 | + runcmd $exe -A $c -m conntrack --ctstate $j | ||
920 | done | ||
921 | |||
922 | echo -n "state (new, recent set): " | ||
923 | - runcmd runtime $exe -A $c -m state --state NEW -m recent --set | ||
924 | + runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set | ||
925 | |||
926 | echo -n "state (new, recent update): " | ||
927 | - runcmd runtime $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT | ||
928 | + runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT | ||
929 | |||
930 | echo -n "state (new, limit): " | ||
931 | - runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT | ||
932 | + runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT | ||
933 | |||
934 | echo -n "interface (input): " | ||
935 | runcmd $exe -A $c -i eth0 -j ACCEPT | ||
936 | diff --git a/tests/good/apps/result b/tests/good/apps/result | ||
937 | index c6988b0..8b477c2 100644 | ||
938 | --- a/tests/good/apps/result | ||
939 | +++ b/tests/good/apps/result | ||
940 | @@ -717,7 +717,7 @@ WARN: Checks disabled | ||
941 | ### LOGGING ### | ||
942 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
943 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
944 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
945 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
946 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
947 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
948 | ### END LOGGING ### | ||
949 | @@ -760,7 +760,7 @@ WARN: Checks disabled | ||
950 | ### LOGGING ### | ||
951 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
952 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
953 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
954 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
955 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
956 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
957 | ### END LOGGING ### | ||
958 | @@ -803,7 +803,7 @@ WARN: Checks disabled | ||
959 | ### LOGGING ### | ||
960 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
961 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
962 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
963 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
964 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
965 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
966 | ### END LOGGING ### | ||
967 | @@ -847,7 +847,7 @@ WARN: Checks disabled | ||
968 | ### LOGGING ### | ||
969 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
970 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
971 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
972 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
973 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
974 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
975 | ### END LOGGING ### | ||
976 | @@ -890,7 +890,7 @@ WARN: Checks disabled | ||
977 | ### LOGGING ### | ||
978 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
979 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
980 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
981 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
982 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
983 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
984 | ### END LOGGING ### | ||
985 | @@ -931,7 +931,7 @@ COMMIT | ||
986 | ### LOGGING ### | ||
987 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
988 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
989 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
990 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
991 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
992 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
993 | ### END LOGGING ### | ||
994 | @@ -974,7 +974,7 @@ WARN: Checks disabled | ||
995 | ### LOGGING ### | ||
996 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
997 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
998 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
999 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1000 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1001 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1002 | ### END LOGGING ### | ||
1003 | @@ -1017,7 +1017,7 @@ WARN: Checks disabled | ||
1004 | ### LOGGING ### | ||
1005 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1006 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1007 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1008 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1009 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1010 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1011 | ### END LOGGING ### | ||
1012 | @@ -1060,7 +1060,7 @@ WARN: Checks disabled | ||
1013 | ### LOGGING ### | ||
1014 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1015 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1016 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1017 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1018 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1019 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1020 | ### END LOGGING ### | ||
1021 | @@ -1103,7 +1103,7 @@ WARN: Checks disabled | ||
1022 | ### LOGGING ### | ||
1023 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1024 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1025 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1026 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1027 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1028 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1029 | ### END LOGGING ### | ||
1030 | @@ -1146,7 +1146,7 @@ WARN: Checks disabled | ||
1031 | ### LOGGING ### | ||
1032 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1033 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1034 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1035 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1036 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1037 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1038 | ### END LOGGING ### | ||
1039 | @@ -1189,7 +1189,7 @@ WARN: Checks disabled | ||
1040 | ### LOGGING ### | ||
1041 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1042 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1043 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1044 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1045 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1046 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1047 | ### END LOGGING ### | ||
1048 | @@ -1232,7 +1232,7 @@ WARN: Checks disabled | ||
1049 | ### LOGGING ### | ||
1050 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1051 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1052 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1053 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1054 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1055 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1056 | ### END LOGGING ### | ||
1057 | @@ -1276,7 +1276,7 @@ WARN: Checks disabled | ||
1058 | ### LOGGING ### | ||
1059 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1060 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1061 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1062 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1063 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1064 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1065 | ### END LOGGING ### | ||
1066 | @@ -1319,7 +1319,7 @@ WARN: Checks disabled | ||
1067 | ### LOGGING ### | ||
1068 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1069 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1070 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1071 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1072 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1073 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1074 | ### END LOGGING ### | ||
1075 | @@ -1360,7 +1360,7 @@ COMMIT | ||
1076 | ### LOGGING ### | ||
1077 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1078 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1079 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1080 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1081 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1082 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1083 | ### END LOGGING ### | ||
1084 | @@ -1403,7 +1403,7 @@ WARN: Checks disabled | ||
1085 | ### LOGGING ### | ||
1086 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1087 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1088 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1089 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1090 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1091 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1092 | ### END LOGGING ### | ||
1093 | @@ -1446,7 +1446,7 @@ WARN: Checks disabled | ||
1094 | ### LOGGING ### | ||
1095 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1096 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1097 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1098 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1099 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1100 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1101 | ### END LOGGING ### | ||
1102 | @@ -1489,7 +1489,7 @@ WARN: Checks disabled | ||
1103 | ### LOGGING ### | ||
1104 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1105 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1106 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1107 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1108 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1109 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1110 | ### END LOGGING ### | ||
1111 | @@ -1532,7 +1532,7 @@ WARN: Checks disabled | ||
1112 | ### LOGGING ### | ||
1113 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1114 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1115 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1116 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1117 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1118 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1119 | ### END LOGGING ### | ||
1120 | @@ -1568,8 +1568,8 @@ WARN: Checks disabled | ||
1121 | ### RULES ### | ||
1122 | |||
1123 | ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
1124 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
1125 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
1126 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
1127 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
1128 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
1129 | |||
1130 | ### END RULES ### | ||
1131 | @@ -1577,7 +1577,7 @@ WARN: Checks disabled | ||
1132 | ### LOGGING ### | ||
1133 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1134 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1135 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1136 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1137 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1138 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1139 | ### END LOGGING ### | ||
1140 | @@ -1613,8 +1613,8 @@ WARN: Checks disabled | ||
1141 | ### RULES ### | ||
1142 | |||
1143 | ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in | ||
1144 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
1145 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
1146 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
1147 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
1148 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' | ||
1149 | |||
1150 | ### END RULES ### | ||
1151 | @@ -1622,7 +1622,7 @@ WARN: Checks disabled | ||
1152 | ### LOGGING ### | ||
1153 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1154 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1155 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1156 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1157 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1158 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1159 | ### END LOGGING ### | ||
1160 | @@ -1658,8 +1658,8 @@ WARN: Checks disabled | ||
1161 | ### RULES ### | ||
1162 | |||
1163 | ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in | ||
1164 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
1165 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
1166 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
1167 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
1168 | -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' | ||
1169 | |||
1170 | ### END RULES ### | ||
1171 | @@ -1667,7 +1667,7 @@ WARN: Checks disabled | ||
1172 | ### LOGGING ### | ||
1173 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1174 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1175 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1176 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1177 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1178 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1179 | ### END LOGGING ### | ||
1180 | @@ -1703,11 +1703,11 @@ WARN: Checks disabled | ||
1181 | ### RULES ### | ||
1182 | |||
1183 | ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in | ||
1184 | --A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
1185 | --A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
1186 | +-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
1187 | +-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
1188 | -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
1189 | --A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
1190 | --A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
1191 | +-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
1192 | +-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
1193 | -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
1194 | |||
1195 | ### END RULES ### | ||
1196 | @@ -1715,7 +1715,7 @@ WARN: Checks disabled | ||
1197 | ### LOGGING ### | ||
1198 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1199 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1200 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1201 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1202 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1203 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1204 | ### END LOGGING ### | ||
1205 | @@ -1751,8 +1751,8 @@ WARN: Checks disabled | ||
1206 | ### RULES ### | ||
1207 | |||
1208 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
1209 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1210 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1211 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1212 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1213 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
1214 | |||
1215 | ### END RULES ### | ||
1216 | @@ -1760,7 +1760,7 @@ WARN: Checks disabled | ||
1217 | ### LOGGING ### | ||
1218 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1219 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1220 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1221 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1222 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1223 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1224 | ### END LOGGING ### | ||
1225 | @@ -1791,13 +1791,13 @@ COMMIT | ||
1226 | ### RULES ### | ||
1227 | |||
1228 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
1229 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1230 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1231 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1232 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1233 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
1234 | |||
1235 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
1236 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1237 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1238 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
1239 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
1240 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
1241 | |||
1242 | ### END RULES ### | ||
1243 | @@ -1805,7 +1805,7 @@ COMMIT | ||
1244 | ### LOGGING ### | ||
1245 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1246 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1247 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1248 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1249 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1250 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1251 | ### END LOGGING ### | ||
1252 | @@ -1841,8 +1841,8 @@ WARN: Checks disabled | ||
1253 | ### RULES ### | ||
1254 | |||
1255 | ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in | ||
1256 | --A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
1257 | --A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
1258 | +-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
1259 | +-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
1260 | -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' | ||
1261 | |||
1262 | ### END RULES ### | ||
1263 | @@ -1850,7 +1850,7 @@ WARN: Checks disabled | ||
1264 | ### LOGGING ### | ||
1265 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1266 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1267 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1268 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1269 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1270 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1271 | ### END LOGGING ### | ||
1272 | @@ -1886,8 +1886,8 @@ WARN: Checks disabled | ||
1273 | ### RULES ### | ||
1274 | |||
1275 | ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in | ||
1276 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
1277 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
1278 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
1279 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
1280 | -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' | ||
1281 | |||
1282 | ### END RULES ### | ||
1283 | @@ -1895,7 +1895,7 @@ WARN: Checks disabled | ||
1284 | ### LOGGING ### | ||
1285 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1286 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1287 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1288 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1289 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1290 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1291 | ### END LOGGING ### | ||
1292 | @@ -1931,8 +1931,8 @@ WARN: Checks disabled | ||
1293 | ### RULES ### | ||
1294 | |||
1295 | ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in | ||
1296 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
1297 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
1298 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
1299 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
1300 | -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' | ||
1301 | |||
1302 | ### END RULES ### | ||
1303 | @@ -1940,7 +1940,7 @@ WARN: Checks disabled | ||
1304 | ### LOGGING ### | ||
1305 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1306 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1307 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1308 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1309 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1310 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1311 | ### END LOGGING ### | ||
1312 | @@ -1976,8 +1976,8 @@ WARN: Checks disabled | ||
1313 | ### RULES ### | ||
1314 | |||
1315 | ### tuple ### limit tcp 8080:8089 0.0.0.0/0 any 0.0.0.0/0 Custom%20Web%20App2 - in | ||
1316 | --A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m state --state NEW -m recent --set -m comment --comment 'dapp_Custom%20Web%20App2' | ||
1317 | --A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Custom%20Web%20App2' | ||
1318 | +-A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Custom%20Web%20App2' | ||
1319 | +-A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Custom%20Web%20App2' | ||
1320 | -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -j ufw-user-limit-accept -m comment --comment 'dapp_Custom%20Web%20App2' | ||
1321 | |||
1322 | ### END RULES ### | ||
1323 | @@ -1985,7 +1985,7 @@ WARN: Checks disabled | ||
1324 | ### LOGGING ### | ||
1325 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1326 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1327 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1328 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1329 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1330 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1331 | ### END LOGGING ### | ||
1332 | @@ -2029,7 +2029,7 @@ WARN: Checks disabled | ||
1333 | ### LOGGING ### | ||
1334 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1335 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1336 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1337 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1338 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1339 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1340 | ### END LOGGING ### | ||
1341 | @@ -2072,7 +2072,7 @@ WARN: Checks disabled | ||
1342 | ### LOGGING ### | ||
1343 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1344 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1345 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1346 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1347 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1348 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1349 | ### END LOGGING ### | ||
1350 | @@ -2115,7 +2115,7 @@ WARN: Checks disabled | ||
1351 | ### LOGGING ### | ||
1352 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1353 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1354 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1355 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1356 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1357 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1358 | ### END LOGGING ### | ||
1359 | @@ -2159,7 +2159,7 @@ WARN: Checks disabled | ||
1360 | ### LOGGING ### | ||
1361 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1362 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1363 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1364 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1365 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1366 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1367 | ### END LOGGING ### | ||
1368 | @@ -2202,7 +2202,7 @@ WARN: Checks disabled | ||
1369 | ### LOGGING ### | ||
1370 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1371 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1372 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1373 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1374 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1375 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1376 | ### END LOGGING ### | ||
1377 | @@ -2243,7 +2243,7 @@ COMMIT | ||
1378 | ### LOGGING ### | ||
1379 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1380 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1381 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1382 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1383 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1384 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1385 | ### END LOGGING ### | ||
1386 | @@ -2286,7 +2286,7 @@ WARN: Checks disabled | ||
1387 | ### LOGGING ### | ||
1388 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1389 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1390 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1391 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1392 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1393 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1394 | ### END LOGGING ### | ||
1395 | @@ -2329,7 +2329,7 @@ WARN: Checks disabled | ||
1396 | ### LOGGING ### | ||
1397 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1398 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1399 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1400 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1401 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1402 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1403 | ### END LOGGING ### | ||
1404 | @@ -2372,7 +2372,7 @@ WARN: Checks disabled | ||
1405 | ### LOGGING ### | ||
1406 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1407 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1408 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1409 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1410 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1411 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1412 | ### END LOGGING ### | ||
1413 | @@ -2415,7 +2415,7 @@ WARN: Checks disabled | ||
1414 | ### LOGGING ### | ||
1415 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1416 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1417 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1418 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1419 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1420 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1421 | ### END LOGGING ### | ||
1422 | @@ -2458,7 +2458,7 @@ WARN: Checks disabled | ||
1423 | ### LOGGING ### | ||
1424 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1425 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1426 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1427 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1428 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1429 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1430 | ### END LOGGING ### | ||
1431 | @@ -2501,7 +2501,7 @@ WARN: Checks disabled | ||
1432 | ### LOGGING ### | ||
1433 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1434 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1435 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1436 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1437 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1438 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1439 | ### END LOGGING ### | ||
1440 | @@ -2545,7 +2545,7 @@ WARN: Checks disabled | ||
1441 | ### LOGGING ### | ||
1442 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1443 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1444 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1445 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1446 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1447 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1448 | ### END LOGGING ### | ||
1449 | @@ -2588,7 +2588,7 @@ WARN: Checks disabled | ||
1450 | ### LOGGING ### | ||
1451 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1452 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1453 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1454 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1455 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1456 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1457 | ### END LOGGING ### | ||
1458 | @@ -2629,7 +2629,7 @@ COMMIT | ||
1459 | ### LOGGING ### | ||
1460 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1461 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1462 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1463 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1464 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1465 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1466 | ### END LOGGING ### | ||
1467 | @@ -2672,7 +2672,7 @@ WARN: Checks disabled | ||
1468 | ### LOGGING ### | ||
1469 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1470 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1471 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1472 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1473 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1474 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1475 | ### END LOGGING ### | ||
1476 | @@ -2715,7 +2715,7 @@ WARN: Checks disabled | ||
1477 | ### LOGGING ### | ||
1478 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1479 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1480 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1481 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1482 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1483 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1484 | ### END LOGGING ### | ||
1485 | @@ -2758,7 +2758,7 @@ WARN: Checks disabled | ||
1486 | ### LOGGING ### | ||
1487 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1488 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1489 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1490 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1491 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1492 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1493 | ### END LOGGING ### | ||
1494 | @@ -2801,7 +2801,7 @@ WARN: Checks disabled | ||
1495 | ### LOGGING ### | ||
1496 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1497 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1498 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1499 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1500 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1501 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1502 | ### END LOGGING ### | ||
1503 | @@ -2844,7 +2844,7 @@ WARN: Checks disabled | ||
1504 | ### LOGGING ### | ||
1505 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1506 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1507 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1508 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1509 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1510 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1511 | ### END LOGGING ### | ||
1512 | @@ -2887,7 +2887,7 @@ WARN: Checks disabled | ||
1513 | ### LOGGING ### | ||
1514 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1515 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1516 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1517 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1518 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1519 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1520 | ### END LOGGING ### | ||
1521 | @@ -2931,7 +2931,7 @@ WARN: Checks disabled | ||
1522 | ### LOGGING ### | ||
1523 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1524 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1525 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1526 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1527 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1528 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1529 | ### END LOGGING ### | ||
1530 | @@ -2974,7 +2974,7 @@ WARN: Checks disabled | ||
1531 | ### LOGGING ### | ||
1532 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1533 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1534 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1535 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1536 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1537 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1538 | ### END LOGGING ### | ||
1539 | @@ -3015,7 +3015,7 @@ COMMIT | ||
1540 | ### LOGGING ### | ||
1541 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1542 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1543 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1544 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1545 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1546 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1547 | ### END LOGGING ### | ||
1548 | @@ -3058,7 +3058,7 @@ WARN: Checks disabled | ||
1549 | ### LOGGING ### | ||
1550 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1551 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1552 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1553 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1554 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1555 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1556 | ### END LOGGING ### | ||
1557 | @@ -3101,7 +3101,7 @@ WARN: Checks disabled | ||
1558 | ### LOGGING ### | ||
1559 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1560 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1561 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1562 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1563 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1564 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1565 | ### END LOGGING ### | ||
1566 | @@ -3144,7 +3144,7 @@ WARN: Checks disabled | ||
1567 | ### LOGGING ### | ||
1568 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1569 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1570 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1571 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1572 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1573 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1574 | ### END LOGGING ### | ||
1575 | @@ -3187,7 +3187,7 @@ WARN: Checks disabled | ||
1576 | ### LOGGING ### | ||
1577 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1578 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1579 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1580 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1581 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1582 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1583 | ### END LOGGING ### | ||
1584 | @@ -3230,7 +3230,7 @@ WARN: Checks disabled | ||
1585 | ### LOGGING ### | ||
1586 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1587 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1588 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1589 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1590 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1591 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1592 | ### END LOGGING ### | ||
1593 | @@ -3273,7 +3273,7 @@ WARN: Checks disabled | ||
1594 | ### LOGGING ### | ||
1595 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1596 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1597 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1598 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1599 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1600 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1601 | ### END LOGGING ### | ||
1602 | @@ -3317,7 +3317,7 @@ WARN: Checks disabled | ||
1603 | ### LOGGING ### | ||
1604 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1605 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1606 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1607 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1608 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1609 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1610 | ### END LOGGING ### | ||
1611 | @@ -3360,7 +3360,7 @@ WARN: Checks disabled | ||
1612 | ### LOGGING ### | ||
1613 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1614 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1615 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1616 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1617 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1618 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1619 | ### END LOGGING ### | ||
1620 | @@ -3401,7 +3401,7 @@ COMMIT | ||
1621 | ### LOGGING ### | ||
1622 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1623 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1624 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1625 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1626 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1627 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1628 | ### END LOGGING ### | ||
1629 | @@ -3444,7 +3444,7 @@ WARN: Checks disabled | ||
1630 | ### LOGGING ### | ||
1631 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1632 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1633 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1634 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1635 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1636 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1637 | ### END LOGGING ### | ||
1638 | @@ -3487,7 +3487,7 @@ WARN: Checks disabled | ||
1639 | ### LOGGING ### | ||
1640 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1641 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1642 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1643 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1644 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1645 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1646 | ### END LOGGING ### | ||
1647 | @@ -3530,7 +3530,7 @@ WARN: Checks disabled | ||
1648 | ### LOGGING ### | ||
1649 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1650 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1651 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1652 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1653 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1654 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1655 | ### END LOGGING ### | ||
1656 | @@ -3573,7 +3573,7 @@ WARN: Checks disabled | ||
1657 | ### LOGGING ### | ||
1658 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1659 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1660 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1661 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1662 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1663 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1664 | ### END LOGGING ### | ||
1665 | @@ -3616,7 +3616,7 @@ WARN: Checks disabled | ||
1666 | ### LOGGING ### | ||
1667 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1668 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1669 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1670 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1671 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1672 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1673 | ### END LOGGING ### | ||
1674 | @@ -3659,7 +3659,7 @@ WARN: Checks disabled | ||
1675 | ### LOGGING ### | ||
1676 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1677 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1678 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1679 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1680 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1681 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1682 | ### END LOGGING ### | ||
1683 | @@ -3700,7 +3700,7 @@ COMMIT | ||
1684 | ### LOGGING ### | ||
1685 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1686 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1687 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1688 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1689 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1690 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1691 | ### END LOGGING ### | ||
1692 | @@ -3743,7 +3743,7 @@ WARN: Checks disabled | ||
1693 | ### LOGGING ### | ||
1694 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1695 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1696 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1697 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1698 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1699 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1700 | ### END LOGGING ### | ||
1701 | @@ -3784,7 +3784,7 @@ COMMIT | ||
1702 | ### LOGGING ### | ||
1703 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1704 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1705 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1706 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1707 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1708 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1709 | ### END LOGGING ### | ||
1710 | @@ -3827,7 +3827,7 @@ WARN: Checks disabled | ||
1711 | ### LOGGING ### | ||
1712 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1713 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1714 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1715 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1716 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1717 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1718 | ### END LOGGING ### | ||
1719 | @@ -3870,7 +3870,7 @@ WARN: Checks disabled | ||
1720 | ### LOGGING ### | ||
1721 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1722 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1723 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1724 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1725 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1726 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1727 | ### END LOGGING ### | ||
1728 | @@ -3913,7 +3913,7 @@ WARN: Checks disabled | ||
1729 | ### LOGGING ### | ||
1730 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1731 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1732 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1733 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1734 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1735 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1736 | ### END LOGGING ### | ||
1737 | @@ -3956,7 +3956,7 @@ WARN: Checks disabled | ||
1738 | ### LOGGING ### | ||
1739 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1740 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1741 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1742 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1743 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1744 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1745 | ### END LOGGING ### | ||
1746 | @@ -3997,7 +3997,7 @@ COMMIT | ||
1747 | ### LOGGING ### | ||
1748 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1749 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1750 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1751 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1752 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1753 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1754 | ### END LOGGING ### | ||
1755 | @@ -4040,7 +4040,7 @@ WARN: Checks disabled | ||
1756 | ### LOGGING ### | ||
1757 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1758 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1759 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1760 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1761 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1762 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1763 | ### END LOGGING ### | ||
1764 | @@ -4081,7 +4081,7 @@ COMMIT | ||
1765 | ### LOGGING ### | ||
1766 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1767 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1768 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1769 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1770 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1771 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1772 | ### END LOGGING ### | ||
1773 | @@ -4124,7 +4124,7 @@ WARN: Checks disabled | ||
1774 | ### LOGGING ### | ||
1775 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1776 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1777 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1778 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1779 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1780 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1781 | ### END LOGGING ### | ||
1782 | @@ -4167,7 +4167,7 @@ WARN: Checks disabled | ||
1783 | ### LOGGING ### | ||
1784 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1785 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1786 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1787 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1788 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1789 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1790 | ### END LOGGING ### | ||
1791 | @@ -4208,7 +4208,7 @@ COMMIT | ||
1792 | ### LOGGING ### | ||
1793 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1794 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1795 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1796 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1797 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1798 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1799 | ### END LOGGING ### | ||
1800 | @@ -4251,7 +4251,7 @@ WARN: Checks disabled | ||
1801 | ### LOGGING ### | ||
1802 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1803 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1804 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1805 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1806 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1807 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1808 | ### END LOGGING ### | ||
1809 | @@ -4294,7 +4294,7 @@ WARN: Checks disabled | ||
1810 | ### LOGGING ### | ||
1811 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1812 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1813 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1814 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1815 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1816 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1817 | ### END LOGGING ### | ||
1818 | @@ -4337,7 +4337,7 @@ WARN: Checks disabled | ||
1819 | ### LOGGING ### | ||
1820 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1821 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1822 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1823 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1824 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1825 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1826 | ### END LOGGING ### | ||
1827 | @@ -4378,7 +4378,7 @@ COMMIT | ||
1828 | ### LOGGING ### | ||
1829 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1830 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1831 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1832 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1833 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1834 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1835 | ### END LOGGING ### | ||
1836 | @@ -4421,7 +4421,7 @@ WARN: Checks disabled | ||
1837 | ### LOGGING ### | ||
1838 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1839 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1840 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1841 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1842 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1843 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1844 | ### END LOGGING ### | ||
1845 | @@ -4462,7 +4462,7 @@ COMMIT | ||
1846 | ### LOGGING ### | ||
1847 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1848 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1849 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1850 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1851 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1852 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1853 | ### END LOGGING ### | ||
1854 | @@ -4505,7 +4505,7 @@ WARN: Checks disabled | ||
1855 | ### LOGGING ### | ||
1856 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1857 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1858 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1859 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1860 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1861 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1862 | ### END LOGGING ### | ||
1863 | @@ -4548,7 +4548,7 @@ WARN: Checks disabled | ||
1864 | ### LOGGING ### | ||
1865 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1866 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1867 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1868 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1869 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1870 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1871 | ### END LOGGING ### | ||
1872 | @@ -4591,7 +4591,7 @@ WARN: Checks disabled | ||
1873 | ### LOGGING ### | ||
1874 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1875 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1876 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1877 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1878 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1879 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1880 | ### END LOGGING ### | ||
1881 | @@ -4634,7 +4634,7 @@ WARN: Checks disabled | ||
1882 | ### LOGGING ### | ||
1883 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1884 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1885 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1886 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1887 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1888 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1889 | ### END LOGGING ### | ||
1890 | @@ -4675,7 +4675,7 @@ COMMIT | ||
1891 | ### LOGGING ### | ||
1892 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1893 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1894 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1895 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1896 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1897 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1898 | ### END LOGGING ### | ||
1899 | @@ -4718,7 +4718,7 @@ WARN: Checks disabled | ||
1900 | ### LOGGING ### | ||
1901 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1902 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1903 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1904 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1905 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1906 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1907 | ### END LOGGING ### | ||
1908 | @@ -4759,7 +4759,7 @@ COMMIT | ||
1909 | ### LOGGING ### | ||
1910 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1911 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1912 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1913 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1914 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1915 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1916 | ### END LOGGING ### | ||
1917 | @@ -4802,7 +4802,7 @@ WARN: Checks disabled | ||
1918 | ### LOGGING ### | ||
1919 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1920 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1921 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1922 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1923 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1924 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1925 | ### END LOGGING ### | ||
1926 | @@ -4845,7 +4845,7 @@ WARN: Checks disabled | ||
1927 | ### LOGGING ### | ||
1928 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1929 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1930 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1931 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1932 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1933 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1934 | ### END LOGGING ### | ||
1935 | @@ -4886,7 +4886,7 @@ COMMIT | ||
1936 | ### LOGGING ### | ||
1937 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1938 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1939 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1940 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1941 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1942 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1943 | ### END LOGGING ### | ||
1944 | @@ -4929,7 +4929,7 @@ WARN: Checks disabled | ||
1945 | ### LOGGING ### | ||
1946 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1947 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1948 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1949 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1950 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1951 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1952 | ### END LOGGING ### | ||
1953 | @@ -4972,7 +4972,7 @@ WARN: Checks disabled | ||
1954 | ### LOGGING ### | ||
1955 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1956 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1957 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1958 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1959 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1960 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1961 | ### END LOGGING ### | ||
1962 | @@ -5015,7 +5015,7 @@ WARN: Checks disabled | ||
1963 | ### LOGGING ### | ||
1964 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1965 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1966 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1967 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1968 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1969 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1970 | ### END LOGGING ### | ||
1971 | @@ -5059,7 +5059,7 @@ WARN: Checks disabled | ||
1972 | ### LOGGING ### | ||
1973 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1974 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1975 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1976 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1977 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1978 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1979 | ### END LOGGING ### | ||
1980 | @@ -5102,7 +5102,7 @@ WARN: Checks disabled | ||
1981 | ### LOGGING ### | ||
1982 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1983 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1984 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1985 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1986 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1987 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1988 | ### END LOGGING ### | ||
1989 | @@ -5143,7 +5143,7 @@ COMMIT | ||
1990 | ### LOGGING ### | ||
1991 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1992 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1993 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1994 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
1995 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
1996 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
1997 | ### END LOGGING ### | ||
1998 | @@ -5186,7 +5186,7 @@ WARN: Checks disabled | ||
1999 | ### LOGGING ### | ||
2000 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2001 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2002 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2003 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2004 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2005 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2006 | ### END LOGGING ### | ||
2007 | @@ -5229,7 +5229,7 @@ WARN: Checks disabled | ||
2008 | ### LOGGING ### | ||
2009 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2010 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2011 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2012 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2013 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2014 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2015 | ### END LOGGING ### | ||
2016 | @@ -5272,7 +5272,7 @@ WARN: Checks disabled | ||
2017 | ### LOGGING ### | ||
2018 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2019 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2020 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2021 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2022 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2023 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2024 | ### END LOGGING ### | ||
2025 | @@ -5315,7 +5315,7 @@ WARN: Checks disabled | ||
2026 | ### LOGGING ### | ||
2027 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2028 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2029 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2030 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2031 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2032 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2033 | ### END LOGGING ### | ||
2034 | @@ -5358,7 +5358,7 @@ WARN: Checks disabled | ||
2035 | ### LOGGING ### | ||
2036 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2037 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2038 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2039 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2040 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2041 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2042 | ### END LOGGING ### | ||
2043 | @@ -5401,7 +5401,7 @@ WARN: Checks disabled | ||
2044 | ### LOGGING ### | ||
2045 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2046 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2047 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2048 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2049 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2050 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2051 | ### END LOGGING ### | ||
2052 | @@ -5445,7 +5445,7 @@ WARN: Checks disabled | ||
2053 | ### LOGGING ### | ||
2054 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2055 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2056 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2057 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2058 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2059 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2060 | ### END LOGGING ### | ||
2061 | @@ -5488,7 +5488,7 @@ WARN: Checks disabled | ||
2062 | ### LOGGING ### | ||
2063 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2064 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2065 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2066 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2067 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2068 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2069 | ### END LOGGING ### | ||
2070 | @@ -5529,7 +5529,7 @@ COMMIT | ||
2071 | ### LOGGING ### | ||
2072 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2073 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2074 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2075 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2076 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2077 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2078 | ### END LOGGING ### | ||
2079 | @@ -5572,7 +5572,7 @@ WARN: Checks disabled | ||
2080 | ### LOGGING ### | ||
2081 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2082 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2083 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2084 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2085 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2086 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2087 | ### END LOGGING ### | ||
2088 | @@ -5615,7 +5615,7 @@ WARN: Checks disabled | ||
2089 | ### LOGGING ### | ||
2090 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2091 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2092 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2093 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2094 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2095 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2096 | ### END LOGGING ### | ||
2097 | @@ -5658,7 +5658,7 @@ WARN: Checks disabled | ||
2098 | ### LOGGING ### | ||
2099 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2100 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2101 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2102 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2103 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2104 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2105 | ### END LOGGING ### | ||
2106 | @@ -5701,7 +5701,7 @@ WARN: Checks disabled | ||
2107 | ### LOGGING ### | ||
2108 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2109 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2110 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2111 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2112 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2113 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2114 | ### END LOGGING ### | ||
2115 | @@ -5744,7 +5744,7 @@ WARN: Checks disabled | ||
2116 | ### LOGGING ### | ||
2117 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2118 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2119 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2120 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2121 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2122 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2123 | ### END LOGGING ### | ||
2124 | @@ -5787,7 +5787,7 @@ WARN: Checks disabled | ||
2125 | ### LOGGING ### | ||
2126 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2127 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2128 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2129 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2130 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2131 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2132 | ### END LOGGING ### | ||
2133 | @@ -5831,7 +5831,7 @@ WARN: Checks disabled | ||
2134 | ### LOGGING ### | ||
2135 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2136 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2137 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2138 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2139 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2140 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2141 | ### END LOGGING ### | ||
2142 | @@ -5874,7 +5874,7 @@ WARN: Checks disabled | ||
2143 | ### LOGGING ### | ||
2144 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2145 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2146 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2147 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2148 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2149 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2150 | ### END LOGGING ### | ||
2151 | @@ -5915,7 +5915,7 @@ COMMIT | ||
2152 | ### LOGGING ### | ||
2153 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2154 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2155 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2156 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2157 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2158 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2159 | ### END LOGGING ### | ||
2160 | @@ -5958,7 +5958,7 @@ WARN: Checks disabled | ||
2161 | ### LOGGING ### | ||
2162 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2163 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2164 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2165 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2166 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2167 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2168 | ### END LOGGING ### | ||
2169 | @@ -6001,7 +6001,7 @@ WARN: Checks disabled | ||
2170 | ### LOGGING ### | ||
2171 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2172 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2173 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2174 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2175 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2176 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2177 | ### END LOGGING ### | ||
2178 | @@ -6044,7 +6044,7 @@ WARN: Checks disabled | ||
2179 | ### LOGGING ### | ||
2180 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2181 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2182 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2183 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2184 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2185 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2186 | ### END LOGGING ### | ||
2187 | @@ -6087,7 +6087,7 @@ WARN: Checks disabled | ||
2188 | ### LOGGING ### | ||
2189 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2190 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2191 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2192 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2193 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2194 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2195 | ### END LOGGING ### | ||
2196 | @@ -6130,7 +6130,7 @@ WARN: Checks disabled | ||
2197 | ### LOGGING ### | ||
2198 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2199 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2200 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2201 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2202 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2203 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2204 | ### END LOGGING ### | ||
2205 | @@ -6173,7 +6173,7 @@ WARN: Checks disabled | ||
2206 | ### LOGGING ### | ||
2207 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2208 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2209 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2210 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2211 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2212 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2213 | ### END LOGGING ### | ||
2214 | @@ -6217,7 +6217,7 @@ WARN: Checks disabled | ||
2215 | ### LOGGING ### | ||
2216 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2217 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2218 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2219 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2220 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2221 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2222 | ### END LOGGING ### | ||
2223 | @@ -6260,7 +6260,7 @@ WARN: Checks disabled | ||
2224 | ### LOGGING ### | ||
2225 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2226 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2227 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2228 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2229 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2230 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2231 | ### END LOGGING ### | ||
2232 | @@ -6301,7 +6301,7 @@ COMMIT | ||
2233 | ### LOGGING ### | ||
2234 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2235 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2236 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2237 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2238 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2239 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2240 | ### END LOGGING ### | ||
2241 | @@ -6344,7 +6344,7 @@ WARN: Checks disabled | ||
2242 | ### LOGGING ### | ||
2243 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2244 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2245 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2246 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2247 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2248 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2249 | ### END LOGGING ### | ||
2250 | @@ -6387,7 +6387,7 @@ WARN: Checks disabled | ||
2251 | ### LOGGING ### | ||
2252 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2253 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2254 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2255 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2256 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2257 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2258 | ### END LOGGING ### | ||
2259 | @@ -6430,7 +6430,7 @@ WARN: Checks disabled | ||
2260 | ### LOGGING ### | ||
2261 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2262 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2263 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2264 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2265 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2266 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2267 | ### END LOGGING ### | ||
2268 | @@ -6473,7 +6473,7 @@ WARN: Checks disabled | ||
2269 | ### LOGGING ### | ||
2270 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2271 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2272 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2273 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2274 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2275 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2276 | ### END LOGGING ### | ||
2277 | @@ -6516,7 +6516,7 @@ WARN: Checks disabled | ||
2278 | ### LOGGING ### | ||
2279 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2280 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2281 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2282 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2283 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2284 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2285 | ### END LOGGING ### | ||
2286 | @@ -6559,7 +6559,7 @@ WARN: Checks disabled | ||
2287 | ### LOGGING ### | ||
2288 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2289 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2290 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2291 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2292 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2293 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2294 | ### END LOGGING ### | ||
2295 | @@ -6600,7 +6600,7 @@ COMMIT | ||
2296 | ### LOGGING ### | ||
2297 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2298 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2299 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2300 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2301 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2302 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2303 | ### END LOGGING ### | ||
2304 | @@ -6643,7 +6643,7 @@ WARN: Checks disabled | ||
2305 | ### LOGGING ### | ||
2306 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2307 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2308 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2309 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2310 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2311 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2312 | ### END LOGGING ### | ||
2313 | @@ -6684,7 +6684,7 @@ COMMIT | ||
2314 | ### LOGGING ### | ||
2315 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2316 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2317 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2318 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2319 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2320 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2321 | ### END LOGGING ### | ||
2322 | @@ -6727,7 +6727,7 @@ WARN: Checks disabled | ||
2323 | ### LOGGING ### | ||
2324 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2325 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2326 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2327 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2328 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2329 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2330 | ### END LOGGING ### | ||
2331 | @@ -6770,7 +6770,7 @@ WARN: Checks disabled | ||
2332 | ### LOGGING ### | ||
2333 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2334 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2335 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2336 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2337 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2338 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2339 | ### END LOGGING ### | ||
2340 | @@ -6813,7 +6813,7 @@ WARN: Checks disabled | ||
2341 | ### LOGGING ### | ||
2342 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2343 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2344 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2345 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2346 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2347 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2348 | ### END LOGGING ### | ||
2349 | @@ -6856,7 +6856,7 @@ WARN: Checks disabled | ||
2350 | ### LOGGING ### | ||
2351 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2352 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2353 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2354 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2355 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2356 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2357 | ### END LOGGING ### | ||
2358 | @@ -6897,7 +6897,7 @@ COMMIT | ||
2359 | ### LOGGING ### | ||
2360 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2361 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2362 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2363 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2364 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2365 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2366 | ### END LOGGING ### | ||
2367 | @@ -6940,7 +6940,7 @@ WARN: Checks disabled | ||
2368 | ### LOGGING ### | ||
2369 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2370 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2371 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2372 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2373 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2374 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2375 | ### END LOGGING ### | ||
2376 | @@ -6981,7 +6981,7 @@ COMMIT | ||
2377 | ### LOGGING ### | ||
2378 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2379 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2380 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2381 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2382 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2383 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2384 | ### END LOGGING ### | ||
2385 | @@ -7024,7 +7024,7 @@ WARN: Checks disabled | ||
2386 | ### LOGGING ### | ||
2387 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2388 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2389 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2390 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2391 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2392 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2393 | ### END LOGGING ### | ||
2394 | @@ -7067,7 +7067,7 @@ WARN: Checks disabled | ||
2395 | ### LOGGING ### | ||
2396 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2397 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2398 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2399 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2400 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2401 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2402 | ### END LOGGING ### | ||
2403 | @@ -7108,7 +7108,7 @@ COMMIT | ||
2404 | ### LOGGING ### | ||
2405 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2406 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2407 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2408 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2409 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2410 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2411 | ### END LOGGING ### | ||
2412 | @@ -7151,7 +7151,7 @@ WARN: Checks disabled | ||
2413 | ### LOGGING ### | ||
2414 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2415 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2416 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2417 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2418 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2419 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2420 | ### END LOGGING ### | ||
2421 | @@ -7194,7 +7194,7 @@ WARN: Checks disabled | ||
2422 | ### LOGGING ### | ||
2423 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2424 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2425 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2426 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2427 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2428 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2429 | ### END LOGGING ### | ||
2430 | @@ -7237,7 +7237,7 @@ WARN: Checks disabled | ||
2431 | ### LOGGING ### | ||
2432 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2433 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2434 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2435 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2436 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2437 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2438 | ### END LOGGING ### | ||
2439 | @@ -7278,7 +7278,7 @@ COMMIT | ||
2440 | ### LOGGING ### | ||
2441 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2442 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2443 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2444 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2445 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2446 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2447 | ### END LOGGING ### | ||
2448 | @@ -7321,7 +7321,7 @@ WARN: Checks disabled | ||
2449 | ### LOGGING ### | ||
2450 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2451 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2452 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2453 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2454 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2455 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2456 | ### END LOGGING ### | ||
2457 | @@ -7362,7 +7362,7 @@ COMMIT | ||
2458 | ### LOGGING ### | ||
2459 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2460 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2461 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2462 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2463 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2464 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2465 | ### END LOGGING ### | ||
2466 | @@ -7405,7 +7405,7 @@ WARN: Checks disabled | ||
2467 | ### LOGGING ### | ||
2468 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2469 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2470 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2471 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2472 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2473 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2474 | ### END LOGGING ### | ||
2475 | @@ -7448,7 +7448,7 @@ WARN: Checks disabled | ||
2476 | ### LOGGING ### | ||
2477 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2478 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2479 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2480 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2481 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2482 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2483 | ### END LOGGING ### | ||
2484 | @@ -7491,7 +7491,7 @@ WARN: Checks disabled | ||
2485 | ### LOGGING ### | ||
2486 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2487 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2488 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2489 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2490 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2491 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2492 | ### END LOGGING ### | ||
2493 | @@ -7534,7 +7534,7 @@ WARN: Checks disabled | ||
2494 | ### LOGGING ### | ||
2495 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2496 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2497 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2498 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2499 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2500 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2501 | ### END LOGGING ### | ||
2502 | @@ -7575,7 +7575,7 @@ COMMIT | ||
2503 | ### LOGGING ### | ||
2504 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2505 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2506 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2507 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2508 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2509 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2510 | ### END LOGGING ### | ||
2511 | @@ -7618,7 +7618,7 @@ WARN: Checks disabled | ||
2512 | ### LOGGING ### | ||
2513 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2514 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2515 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2516 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2517 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2518 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2519 | ### END LOGGING ### | ||
2520 | @@ -7659,7 +7659,7 @@ COMMIT | ||
2521 | ### LOGGING ### | ||
2522 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2523 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2524 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2525 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2526 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2527 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2528 | ### END LOGGING ### | ||
2529 | @@ -7702,7 +7702,7 @@ WARN: Checks disabled | ||
2530 | ### LOGGING ### | ||
2531 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2532 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2533 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2534 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2535 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2536 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2537 | ### END LOGGING ### | ||
2538 | @@ -7745,7 +7745,7 @@ WARN: Checks disabled | ||
2539 | ### LOGGING ### | ||
2540 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2541 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2542 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2543 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2544 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2545 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2546 | ### END LOGGING ### | ||
2547 | @@ -7786,7 +7786,7 @@ COMMIT | ||
2548 | ### LOGGING ### | ||
2549 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2550 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2551 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2552 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2553 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2554 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2555 | ### END LOGGING ### | ||
2556 | @@ -7822,8 +7822,8 @@ WARN: Checks disabled | ||
2557 | ### RULES ### | ||
2558 | |||
2559 | ### tuple ### limit tcp 80 192.168.0.0/16 any 0.0.0.0/0 Apache - in | ||
2560 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
2561 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
2562 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
2563 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
2564 | -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
2565 | |||
2566 | ### END RULES ### | ||
2567 | @@ -7831,7 +7831,7 @@ WARN: Checks disabled | ||
2568 | ### LOGGING ### | ||
2569 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2570 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2571 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2572 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2573 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2574 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2575 | ### END LOGGING ### | ||
2576 | @@ -7867,8 +7867,8 @@ WARN: Checks disabled | ||
2577 | ### RULES ### | ||
2578 | |||
2579 | ### tuple ### limit tcp 443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Secure - in | ||
2580 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
2581 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
2582 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
2583 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
2584 | -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' | ||
2585 | |||
2586 | ### END RULES ### | ||
2587 | @@ -7876,7 +7876,7 @@ WARN: Checks disabled | ||
2588 | ### LOGGING ### | ||
2589 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2590 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2591 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2592 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2593 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2594 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2595 | ### END LOGGING ### | ||
2596 | @@ -7912,8 +7912,8 @@ WARN: Checks disabled | ||
2597 | ### RULES ### | ||
2598 | |||
2599 | ### tuple ### limit tcp 80,443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Full - in | ||
2600 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
2601 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
2602 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
2603 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
2604 | -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' | ||
2605 | |||
2606 | ### END RULES ### | ||
2607 | @@ -7921,7 +7921,7 @@ WARN: Checks disabled | ||
2608 | ### LOGGING ### | ||
2609 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2610 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2611 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2612 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2613 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2614 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2615 | ### END LOGGING ### | ||
2616 | @@ -7957,11 +7957,11 @@ WARN: Checks disabled | ||
2617 | ### RULES ### | ||
2618 | |||
2619 | ### tuple ### limit any 53 192.168.0.0/16 any 0.0.0.0/0 Bind9 - in | ||
2620 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2621 | --A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2622 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2623 | +-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2624 | -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
2625 | --A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2626 | --A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2627 | +-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2628 | +-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2629 | -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
2630 | |||
2631 | ### END RULES ### | ||
2632 | @@ -7969,7 +7969,7 @@ WARN: Checks disabled | ||
2633 | ### LOGGING ### | ||
2634 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2635 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2636 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2637 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2638 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2639 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2640 | ### END LOGGING ### | ||
2641 | @@ -8005,8 +8005,8 @@ WARN: Checks disabled | ||
2642 | ### RULES ### | ||
2643 | |||
2644 | ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in | ||
2645 | --A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2646 | --A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2647 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2648 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2649 | -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2650 | |||
2651 | ### END RULES ### | ||
2652 | @@ -8014,7 +8014,7 @@ WARN: Checks disabled | ||
2653 | ### LOGGING ### | ||
2654 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2655 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2656 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2657 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2658 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2659 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2660 | ### END LOGGING ### | ||
2661 | @@ -8045,13 +8045,13 @@ COMMIT | ||
2662 | ### RULES ### | ||
2663 | |||
2664 | ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in | ||
2665 | --A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2666 | --A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2667 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2668 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2669 | -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2670 | |||
2671 | ### tuple ### limit tcp 139,445 192.168.0.0/16 any 0.0.0.0/0 Samba - in | ||
2672 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2673 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2674 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2675 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2676 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2677 | |||
2678 | ### END RULES ### | ||
2679 | @@ -8059,7 +8059,7 @@ COMMIT | ||
2680 | ### LOGGING ### | ||
2681 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2682 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2683 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2684 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2685 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2686 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2687 | ### END LOGGING ### | ||
2688 | @@ -8095,8 +8095,8 @@ WARN: Checks disabled | ||
2689 | ### RULES ### | ||
2690 | |||
2691 | ### tuple ### limit udp 123 192.168.0.0/16 any 0.0.0.0/0 OpenNTPD - in | ||
2692 | --A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
2693 | --A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
2694 | +-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
2695 | +-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
2696 | -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' | ||
2697 | |||
2698 | ### END RULES ### | ||
2699 | @@ -8104,7 +8104,7 @@ WARN: Checks disabled | ||
2700 | ### LOGGING ### | ||
2701 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2702 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2703 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2704 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2705 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2706 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2707 | ### END LOGGING ### | ||
2708 | @@ -8140,8 +8140,8 @@ WARN: Checks disabled | ||
2709 | ### RULES ### | ||
2710 | |||
2711 | ### tuple ### limit tcp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20TCP - in | ||
2712 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
2713 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
2714 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
2715 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
2716 | -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' | ||
2717 | |||
2718 | ### END RULES ### | ||
2719 | @@ -8149,7 +8149,7 @@ WARN: Checks disabled | ||
2720 | ### LOGGING ### | ||
2721 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2722 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2723 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2724 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2725 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2726 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2727 | ### END LOGGING ### | ||
2728 | @@ -8185,8 +8185,8 @@ WARN: Checks disabled | ||
2729 | ### RULES ### | ||
2730 | |||
2731 | ### tuple ### limit udp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20UDP - in | ||
2732 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
2733 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
2734 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
2735 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
2736 | -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' | ||
2737 | |||
2738 | ### END RULES ### | ||
2739 | @@ -8194,7 +8194,7 @@ WARN: Checks disabled | ||
2740 | ### LOGGING ### | ||
2741 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2742 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2743 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2744 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2745 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2746 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2747 | ### END LOGGING ### | ||
2748 | @@ -8230,8 +8230,8 @@ WARN: Checks disabled | ||
2749 | ### RULES ### | ||
2750 | |||
2751 | ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
2752 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
2753 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
2754 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
2755 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
2756 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
2757 | |||
2758 | ### END RULES ### | ||
2759 | @@ -8239,7 +8239,7 @@ WARN: Checks disabled | ||
2760 | ### LOGGING ### | ||
2761 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2762 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2763 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2764 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2765 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2766 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2767 | ### END LOGGING ### | ||
2768 | @@ -8275,8 +8275,8 @@ WARN: Checks disabled | ||
2769 | ### RULES ### | ||
2770 | |||
2771 | ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in | ||
2772 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
2773 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
2774 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' | ||
2775 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' | ||
2776 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' | ||
2777 | |||
2778 | ### END RULES ### | ||
2779 | @@ -8284,7 +8284,7 @@ WARN: Checks disabled | ||
2780 | ### LOGGING ### | ||
2781 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2782 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2783 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2784 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2785 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2786 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2787 | ### END LOGGING ### | ||
2788 | @@ -8320,8 +8320,8 @@ WARN: Checks disabled | ||
2789 | ### RULES ### | ||
2790 | |||
2791 | ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in | ||
2792 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
2793 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
2794 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' | ||
2795 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' | ||
2796 | -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' | ||
2797 | |||
2798 | ### END RULES ### | ||
2799 | @@ -8329,7 +8329,7 @@ WARN: Checks disabled | ||
2800 | ### LOGGING ### | ||
2801 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2802 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2803 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2804 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2805 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2806 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2807 | ### END LOGGING ### | ||
2808 | @@ -8365,11 +8365,11 @@ WARN: Checks disabled | ||
2809 | ### RULES ### | ||
2810 | |||
2811 | ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in | ||
2812 | --A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2813 | --A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2814 | +-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2815 | +-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2816 | -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
2817 | --A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2818 | --A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2819 | +-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' | ||
2820 | +-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' | ||
2821 | -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' | ||
2822 | |||
2823 | ### END RULES ### | ||
2824 | @@ -8377,7 +8377,7 @@ WARN: Checks disabled | ||
2825 | ### LOGGING ### | ||
2826 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2827 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2828 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2829 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2830 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2831 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2832 | ### END LOGGING ### | ||
2833 | @@ -8413,8 +8413,8 @@ WARN: Checks disabled | ||
2834 | ### RULES ### | ||
2835 | |||
2836 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
2837 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2838 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2839 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2840 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2841 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2842 | |||
2843 | ### END RULES ### | ||
2844 | @@ -8422,7 +8422,7 @@ WARN: Checks disabled | ||
2845 | ### LOGGING ### | ||
2846 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2847 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2848 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2849 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2850 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2851 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2852 | ### END LOGGING ### | ||
2853 | @@ -8453,13 +8453,13 @@ COMMIT | ||
2854 | ### RULES ### | ||
2855 | |||
2856 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
2857 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2858 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2859 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2860 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2861 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2862 | |||
2863 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
2864 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2865 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2866 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
2867 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
2868 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
2869 | |||
2870 | ### END RULES ### | ||
2871 | @@ -8467,7 +8467,7 @@ COMMIT | ||
2872 | ### LOGGING ### | ||
2873 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2874 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2875 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2876 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2877 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2878 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2879 | ### END LOGGING ### | ||
2880 | @@ -8503,8 +8503,8 @@ WARN: Checks disabled | ||
2881 | ### RULES ### | ||
2882 | |||
2883 | ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in | ||
2884 | --A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
2885 | --A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
2886 | +-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
2887 | +-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
2888 | -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' | ||
2889 | |||
2890 | ### END RULES ### | ||
2891 | @@ -8512,7 +8512,7 @@ WARN: Checks disabled | ||
2892 | ### LOGGING ### | ||
2893 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2894 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2895 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2896 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2897 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2898 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2899 | ### END LOGGING ### | ||
2900 | @@ -8548,8 +8548,8 @@ WARN: Checks disabled | ||
2901 | ### RULES ### | ||
2902 | |||
2903 | ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in | ||
2904 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
2905 | --A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
2906 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' | ||
2907 | +-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' | ||
2908 | -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' | ||
2909 | |||
2910 | ### END RULES ### | ||
2911 | @@ -8557,7 +8557,7 @@ WARN: Checks disabled | ||
2912 | ### LOGGING ### | ||
2913 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2914 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2915 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2916 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2917 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2918 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2919 | ### END LOGGING ### | ||
2920 | @@ -8593,8 +8593,8 @@ WARN: Checks disabled | ||
2921 | ### RULES ### | ||
2922 | |||
2923 | ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in | ||
2924 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
2925 | --A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
2926 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' | ||
2927 | +-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' | ||
2928 | -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' | ||
2929 | |||
2930 | ### END RULES ### | ||
2931 | @@ -8602,7 +8602,7 @@ WARN: Checks disabled | ||
2932 | ### LOGGING ### | ||
2933 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2934 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2935 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2936 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2937 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2938 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2939 | ### END LOGGING ### | ||
2940 | @@ -8638,8 +8638,8 @@ WARN: Checks disabled | ||
2941 | ### RULES ### | ||
2942 | |||
2943 | ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.0/16 - Apache in | ||
2944 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
2945 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
2946 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
2947 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
2948 | -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' | ||
2949 | |||
2950 | ### END RULES ### | ||
2951 | @@ -8647,7 +8647,7 @@ WARN: Checks disabled | ||
2952 | ### LOGGING ### | ||
2953 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2954 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2955 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2956 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2957 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2958 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2959 | ### END LOGGING ### | ||
2960 | @@ -8683,8 +8683,8 @@ WARN: Checks disabled | ||
2961 | ### RULES ### | ||
2962 | |||
2963 | ### tuple ### limit tcp any 0.0.0.0/0 443 192.168.0.0/16 - Apache%20Secure in | ||
2964 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' | ||
2965 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' | ||
2966 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' | ||
2967 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' | ||
2968 | -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure' | ||
2969 | |||
2970 | ### END RULES ### | ||
2971 | @@ -8692,7 +8692,7 @@ WARN: Checks disabled | ||
2972 | ### LOGGING ### | ||
2973 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2974 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2975 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2976 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2977 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2978 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2979 | ### END LOGGING ### | ||
2980 | @@ -8728,8 +8728,8 @@ WARN: Checks disabled | ||
2981 | ### RULES ### | ||
2982 | |||
2983 | ### tuple ### limit tcp any 0.0.0.0/0 80,443 192.168.0.0/16 - Apache%20Full in | ||
2984 | --A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' | ||
2985 | --A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' | ||
2986 | +-A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' | ||
2987 | +-A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' | ||
2988 | -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full' | ||
2989 | |||
2990 | ### END RULES ### | ||
2991 | @@ -8737,7 +8737,7 @@ WARN: Checks disabled | ||
2992 | ### LOGGING ### | ||
2993 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2994 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2995 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2996 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
2997 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
2998 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
2999 | ### END LOGGING ### | ||
3000 | @@ -8773,11 +8773,11 @@ WARN: Checks disabled | ||
3001 | ### RULES ### | ||
3002 | |||
3003 | ### tuple ### limit any any 0.0.0.0/0 53 192.168.0.0/16 - Bind9 in | ||
3004 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3005 | --A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3006 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3007 | +-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3008 | -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' | ||
3009 | --A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3010 | --A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3011 | +-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3012 | +-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3013 | -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' | ||
3014 | |||
3015 | ### END RULES ### | ||
3016 | @@ -8785,7 +8785,7 @@ WARN: Checks disabled | ||
3017 | ### LOGGING ### | ||
3018 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3019 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3020 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3021 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3022 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3023 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3024 | ### END LOGGING ### | ||
3025 | @@ -8821,8 +8821,8 @@ WARN: Checks disabled | ||
3026 | ### RULES ### | ||
3027 | |||
3028 | ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in | ||
3029 | --A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3030 | --A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3031 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3032 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3033 | -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3034 | |||
3035 | ### END RULES ### | ||
3036 | @@ -8830,7 +8830,7 @@ WARN: Checks disabled | ||
3037 | ### LOGGING ### | ||
3038 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3039 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3040 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3041 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3042 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3043 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3044 | ### END LOGGING ### | ||
3045 | @@ -8861,13 +8861,13 @@ COMMIT | ||
3046 | ### RULES ### | ||
3047 | |||
3048 | ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in | ||
3049 | --A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3050 | --A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3051 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3052 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3053 | -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3054 | |||
3055 | ### tuple ### limit tcp any 0.0.0.0/0 139,445 192.168.0.0/16 - Samba in | ||
3056 | --A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3057 | --A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3058 | +-A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3059 | +-A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3060 | -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3061 | |||
3062 | ### END RULES ### | ||
3063 | @@ -8875,7 +8875,7 @@ COMMIT | ||
3064 | ### LOGGING ### | ||
3065 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3066 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3067 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3068 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3069 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3070 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3071 | ### END LOGGING ### | ||
3072 | @@ -8911,8 +8911,8 @@ WARN: Checks disabled | ||
3073 | ### RULES ### | ||
3074 | |||
3075 | ### tuple ### limit udp any 0.0.0.0/0 123 192.168.0.0/16 - OpenNTPD in | ||
3076 | --A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3077 | --A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3078 | +-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3079 | +-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3080 | -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' | ||
3081 | |||
3082 | ### END RULES ### | ||
3083 | @@ -8920,7 +8920,7 @@ WARN: Checks disabled | ||
3084 | ### LOGGING ### | ||
3085 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3086 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3087 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3088 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3089 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3090 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3091 | ### END LOGGING ### | ||
3092 | @@ -8956,8 +8956,8 @@ WARN: Checks disabled | ||
3093 | ### RULES ### | ||
3094 | |||
3095 | ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20TCP in | ||
3096 | --A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' | ||
3097 | --A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' | ||
3098 | +-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' | ||
3099 | +-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' | ||
3100 | -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP' | ||
3101 | |||
3102 | ### END RULES ### | ||
3103 | @@ -8965,7 +8965,7 @@ WARN: Checks disabled | ||
3104 | ### LOGGING ### | ||
3105 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3106 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3107 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3108 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3109 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3110 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3111 | ### END LOGGING ### | ||
3112 | @@ -9001,8 +9001,8 @@ WARN: Checks disabled | ||
3113 | ### RULES ### | ||
3114 | |||
3115 | ### tuple ### limit udp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20UDP in | ||
3116 | --A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' | ||
3117 | --A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' | ||
3118 | +-A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' | ||
3119 | +-A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' | ||
3120 | -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP' | ||
3121 | |||
3122 | ### END RULES ### | ||
3123 | @@ -9010,7 +9010,7 @@ WARN: Checks disabled | ||
3124 | ### LOGGING ### | ||
3125 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3126 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3127 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3128 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3129 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3130 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3131 | ### END LOGGING ### | ||
3132 | @@ -9046,8 +9046,8 @@ WARN: Checks disabled | ||
3133 | ### RULES ### | ||
3134 | |||
3135 | ### tuple ### limit tcp any 0.0.0.0/0 80 0.0.0.0/0 - Apache in | ||
3136 | --A ufw-user-input -p tcp --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3137 | --A ufw-user-input -p tcp --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3138 | +-A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3139 | +-A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3140 | -A ufw-user-input -p tcp --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' | ||
3141 | |||
3142 | ### END RULES ### | ||
3143 | @@ -9055,7 +9055,7 @@ WARN: Checks disabled | ||
3144 | ### LOGGING ### | ||
3145 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3146 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3147 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3148 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3149 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3150 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3151 | ### END LOGGING ### | ||
3152 | @@ -9091,8 +9091,8 @@ WARN: Checks disabled | ||
3153 | ### RULES ### | ||
3154 | |||
3155 | ### tuple ### limit tcp any 0.0.0.0/0 443 0.0.0.0/0 - Apache%20Secure in | ||
3156 | --A ufw-user-input -p tcp --sport 443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' | ||
3157 | --A ufw-user-input -p tcp --sport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' | ||
3158 | +-A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' | ||
3159 | +-A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' | ||
3160 | -A ufw-user-input -p tcp --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure' | ||
3161 | |||
3162 | ### END RULES ### | ||
3163 | @@ -9100,7 +9100,7 @@ WARN: Checks disabled | ||
3164 | ### LOGGING ### | ||
3165 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3166 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3167 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3168 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3169 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3170 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3171 | ### END LOGGING ### | ||
3172 | @@ -9136,8 +9136,8 @@ WARN: Checks disabled | ||
3173 | ### RULES ### | ||
3174 | |||
3175 | ### tuple ### limit tcp any 0.0.0.0/0 80,443 0.0.0.0/0 - Apache%20Full in | ||
3176 | --A ufw-user-input -p tcp -m multiport --sports 80,443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' | ||
3177 | --A ufw-user-input -p tcp -m multiport --sports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' | ||
3178 | +-A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' | ||
3179 | +-A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' | ||
3180 | -A ufw-user-input -p tcp -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full' | ||
3181 | |||
3182 | ### END RULES ### | ||
3183 | @@ -9145,7 +9145,7 @@ WARN: Checks disabled | ||
3184 | ### LOGGING ### | ||
3185 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3186 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3187 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3188 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3189 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3190 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3191 | ### END LOGGING ### | ||
3192 | @@ -9181,11 +9181,11 @@ WARN: Checks disabled | ||
3193 | ### RULES ### | ||
3194 | |||
3195 | ### tuple ### limit any any 0.0.0.0/0 53 0.0.0.0/0 - Bind9 in | ||
3196 | --A ufw-user-input -p tcp --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3197 | --A ufw-user-input -p tcp --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3198 | +-A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3199 | +-A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3200 | -A ufw-user-input -p tcp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' | ||
3201 | --A ufw-user-input -p udp --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3202 | --A ufw-user-input -p udp --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3203 | +-A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' | ||
3204 | +-A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' | ||
3205 | -A ufw-user-input -p udp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' | ||
3206 | |||
3207 | ### END RULES ### | ||
3208 | @@ -9193,7 +9193,7 @@ WARN: Checks disabled | ||
3209 | ### LOGGING ### | ||
3210 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3211 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3212 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3213 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3214 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3215 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3216 | ### END LOGGING ### | ||
3217 | @@ -9229,8 +9229,8 @@ WARN: Checks disabled | ||
3218 | ### RULES ### | ||
3219 | |||
3220 | ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
3221 | --A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3222 | --A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3223 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3224 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3225 | -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3226 | |||
3227 | ### END RULES ### | ||
3228 | @@ -9238,7 +9238,7 @@ WARN: Checks disabled | ||
3229 | ### LOGGING ### | ||
3230 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3231 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3232 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3233 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3234 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3235 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3236 | ### END LOGGING ### | ||
3237 | @@ -9269,13 +9269,13 @@ COMMIT | ||
3238 | ### RULES ### | ||
3239 | |||
3240 | ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
3241 | --A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3242 | --A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3243 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3244 | +-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3245 | -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3246 | |||
3247 | ### tuple ### limit tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in | ||
3248 | --A ufw-user-input -p tcp -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3249 | --A ufw-user-input -p tcp -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3250 | +-A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3251 | +-A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3252 | -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3253 | |||
3254 | ### END RULES ### | ||
3255 | @@ -9283,7 +9283,7 @@ COMMIT | ||
3256 | ### LOGGING ### | ||
3257 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3258 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3259 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3260 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3261 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3262 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3263 | ### END LOGGING ### | ||
3264 | @@ -9319,8 +9319,8 @@ WARN: Checks disabled | ||
3265 | ### RULES ### | ||
3266 | |||
3267 | ### tuple ### limit udp any 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in | ||
3268 | --A ufw-user-input -p udp --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3269 | --A ufw-user-input -p udp --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3270 | +-A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3271 | +-A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3272 | -A ufw-user-input -p udp --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' | ||
3273 | |||
3274 | ### END RULES ### | ||
3275 | @@ -9328,7 +9328,7 @@ WARN: Checks disabled | ||
3276 | ### LOGGING ### | ||
3277 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3278 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3279 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3280 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3281 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3282 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3283 | ### END LOGGING ### | ||
3284 | @@ -9364,8 +9364,8 @@ WARN: Checks disabled | ||
3285 | ### RULES ### | ||
3286 | |||
3287 | ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20TCP in | ||
3288 | --A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' | ||
3289 | --A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' | ||
3290 | +-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' | ||
3291 | +-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' | ||
3292 | -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP' | ||
3293 | |||
3294 | ### END RULES ### | ||
3295 | @@ -9373,7 +9373,7 @@ WARN: Checks disabled | ||
3296 | ### LOGGING ### | ||
3297 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3298 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3299 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3300 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3301 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3302 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3303 | ### END LOGGING ### | ||
3304 | @@ -9409,8 +9409,8 @@ WARN: Checks disabled | ||
3305 | ### RULES ### | ||
3306 | |||
3307 | ### tuple ### limit udp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20UDP in | ||
3308 | --A ufw-user-input -p udp -m multiport --sports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' | ||
3309 | --A ufw-user-input -p udp -m multiport --sports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' | ||
3310 | +-A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' | ||
3311 | +-A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' | ||
3312 | -A ufw-user-input -p udp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP' | ||
3313 | |||
3314 | ### END RULES ### | ||
3315 | @@ -9418,7 +9418,7 @@ WARN: Checks disabled | ||
3316 | ### LOGGING ### | ||
3317 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3318 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3319 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3320 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3321 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3322 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3323 | ### END LOGGING ### | ||
3324 | @@ -9454,8 +9454,8 @@ WARN: Checks disabled | ||
3325 | ### RULES ### | ||
3326 | |||
3327 | ### tuple ### limit tcp 8080 192.168.0.2 80 192.168.0.1 - Apache in | ||
3328 | --A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3329 | --A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3330 | +-A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3331 | +-A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3332 | -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' | ||
3333 | |||
3334 | ### END RULES ### | ||
3335 | @@ -9463,7 +9463,7 @@ WARN: Checks disabled | ||
3336 | ### LOGGING ### | ||
3337 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3338 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3339 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3340 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3341 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3342 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3343 | ### END LOGGING ### | ||
3344 | @@ -9499,8 +9499,8 @@ WARN: Checks disabled | ||
3345 | ### RULES ### | ||
3346 | |||
3347 | ### tuple ### limit udp 10123 192.168.0.2 123 192.168.0.1 - OpenNTPD in | ||
3348 | --A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3349 | --A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3350 | +-A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3351 | +-A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3352 | -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' | ||
3353 | |||
3354 | ### END RULES ### | ||
3355 | @@ -9508,7 +9508,7 @@ WARN: Checks disabled | ||
3356 | ### LOGGING ### | ||
3357 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3358 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3359 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3360 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3361 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3362 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3363 | ### END LOGGING ### | ||
3364 | @@ -9544,8 +9544,8 @@ WARN: Checks disabled | ||
3365 | ### RULES ### | ||
3366 | |||
3367 | ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in | ||
3368 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3369 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3370 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3371 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3372 | -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3373 | |||
3374 | ### END RULES ### | ||
3375 | @@ -9553,7 +9553,7 @@ WARN: Checks disabled | ||
3376 | ### LOGGING ### | ||
3377 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3378 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3379 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3380 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3381 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3382 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3383 | ### END LOGGING ### | ||
3384 | @@ -9584,13 +9584,13 @@ COMMIT | ||
3385 | ### RULES ### | ||
3386 | |||
3387 | ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in | ||
3388 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3389 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3390 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3391 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3392 | -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3393 | |||
3394 | ### tuple ### limit tcp 53 192.168.0.2 139,445 192.168.0.1 Bind9 Samba in | ||
3395 | --A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3396 | --A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3397 | +-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3398 | +-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3399 | -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3400 | |||
3401 | ### END RULES ### | ||
3402 | @@ -9598,7 +9598,7 @@ COMMIT | ||
3403 | ### LOGGING ### | ||
3404 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3405 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3406 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3407 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3408 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3409 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3410 | ### END LOGGING ### | ||
3411 | @@ -9634,8 +9634,8 @@ WARN: Checks disabled | ||
3412 | ### RULES ### | ||
3413 | |||
3414 | ### tuple ### limit udp 22 192.168.0.2 137,138 192.168.0.1 - Samba in | ||
3415 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3416 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3417 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3418 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3419 | -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3420 | |||
3421 | ### END RULES ### | ||
3422 | @@ -9643,7 +9643,7 @@ WARN: Checks disabled | ||
3423 | ### LOGGING ### | ||
3424 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3425 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3426 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3427 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3428 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3429 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3430 | ### END LOGGING ### | ||
3431 | @@ -9674,13 +9674,13 @@ COMMIT | ||
3432 | ### RULES ### | ||
3433 | |||
3434 | ### tuple ### limit udp 22 192.168.0.2 137,138 192.168.0.1 - Samba in | ||
3435 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3436 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3437 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3438 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3439 | -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3440 | |||
3441 | ### tuple ### limit tcp 22 192.168.0.2 139,445 192.168.0.1 - Samba in | ||
3442 | --A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3443 | --A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3444 | +-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3445 | +-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3446 | -A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3447 | |||
3448 | ### END RULES ### | ||
3449 | @@ -9688,7 +9688,7 @@ COMMIT | ||
3450 | ### LOGGING ### | ||
3451 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3452 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3453 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3454 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3455 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3456 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3457 | ### END LOGGING ### | ||
3458 | @@ -9724,8 +9724,8 @@ WARN: Checks disabled | ||
3459 | ### RULES ### | ||
3460 | |||
3461 | ### tuple ### limit tcp 80,443 192.168.0.2 80 192.168.0.1 Apache%20Full Apache in | ||
3462 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3463 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3464 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3465 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3466 | -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3467 | |||
3468 | ### END RULES ### | ||
3469 | @@ -9733,7 +9733,7 @@ WARN: Checks disabled | ||
3470 | ### LOGGING ### | ||
3471 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3472 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3473 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3474 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3475 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3476 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3477 | ### END LOGGING ### | ||
3478 | @@ -9769,8 +9769,8 @@ WARN: Checks disabled | ||
3479 | ### RULES ### | ||
3480 | |||
3481 | ### tuple ### limit tcp 80 192.168.0.1 8080 192.168.0.2 Apache - in | ||
3482 | --A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
3483 | --A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
3484 | +-A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
3485 | +-A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
3486 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
3487 | |||
3488 | ### END RULES ### | ||
3489 | @@ -9778,7 +9778,7 @@ WARN: Checks disabled | ||
3490 | ### LOGGING ### | ||
3491 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3492 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3493 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3494 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3495 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3496 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3497 | ### END LOGGING ### | ||
3498 | @@ -9814,8 +9814,8 @@ WARN: Checks disabled | ||
3499 | ### RULES ### | ||
3500 | |||
3501 | ### tuple ### limit udp 123 192.168.0.1 10123 192.168.0.2 OpenNTPD - in | ||
3502 | --A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
3503 | --A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
3504 | +-A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
3505 | +-A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
3506 | -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' | ||
3507 | |||
3508 | ### END RULES ### | ||
3509 | @@ -9823,7 +9823,7 @@ WARN: Checks disabled | ||
3510 | ### LOGGING ### | ||
3511 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3512 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3513 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3514 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3515 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3516 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3517 | ### END LOGGING ### | ||
3518 | @@ -9859,8 +9859,8 @@ WARN: Checks disabled | ||
3519 | ### RULES ### | ||
3520 | |||
3521 | ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in | ||
3522 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3523 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3524 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3525 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3526 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3527 | |||
3528 | ### END RULES ### | ||
3529 | @@ -9868,7 +9868,7 @@ WARN: Checks disabled | ||
3530 | ### LOGGING ### | ||
3531 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3532 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3533 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3534 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3535 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3536 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3537 | ### END LOGGING ### | ||
3538 | @@ -9899,13 +9899,13 @@ COMMIT | ||
3539 | ### RULES ### | ||
3540 | |||
3541 | ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in | ||
3542 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3543 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3544 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3545 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3546 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3547 | |||
3548 | ### tuple ### limit tcp 139,445 192.168.0.1 53 192.168.0.2 Samba Bind9 in | ||
3549 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3550 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3551 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3552 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3553 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3554 | |||
3555 | ### END RULES ### | ||
3556 | @@ -9913,7 +9913,7 @@ COMMIT | ||
3557 | ### LOGGING ### | ||
3558 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3559 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3560 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3561 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3562 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3563 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3564 | ### END LOGGING ### | ||
3565 | @@ -9949,8 +9949,8 @@ WARN: Checks disabled | ||
3566 | ### RULES ### | ||
3567 | |||
3568 | ### tuple ### limit udp 137,138 192.168.0.1 22 192.168.0.2 Samba - in | ||
3569 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3570 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3571 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3572 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3573 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3574 | |||
3575 | ### END RULES ### | ||
3576 | @@ -9958,7 +9958,7 @@ WARN: Checks disabled | ||
3577 | ### LOGGING ### | ||
3578 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3579 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3580 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3581 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3582 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3583 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3584 | ### END LOGGING ### | ||
3585 | @@ -9989,13 +9989,13 @@ COMMIT | ||
3586 | ### RULES ### | ||
3587 | |||
3588 | ### tuple ### limit udp 137,138 192.168.0.1 22 192.168.0.2 Samba - in | ||
3589 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3590 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3591 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3592 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3593 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3594 | |||
3595 | ### tuple ### limit tcp 139,445 192.168.0.1 22 192.168.0.2 Samba - in | ||
3596 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3597 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3598 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3599 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3600 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3601 | |||
3602 | ### END RULES ### | ||
3603 | @@ -10003,7 +10003,7 @@ COMMIT | ||
3604 | ### LOGGING ### | ||
3605 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3606 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3607 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3608 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3609 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3610 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3611 | ### END LOGGING ### | ||
3612 | @@ -10039,8 +10039,8 @@ WARN: Checks disabled | ||
3613 | ### RULES ### | ||
3614 | |||
3615 | ### tuple ### limit tcp 80 192.168.0.1 80,443 192.168.0.2 Apache Apache%20Full in | ||
3616 | --A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3617 | --A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3618 | +-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3619 | +-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3620 | -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3621 | |||
3622 | ### END RULES ### | ||
3623 | @@ -10048,7 +10048,7 @@ WARN: Checks disabled | ||
3624 | ### LOGGING ### | ||
3625 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3626 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3627 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3628 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3629 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3630 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3631 | ### END LOGGING ### | ||
3632 | @@ -10084,8 +10084,8 @@ WARN: Checks disabled | ||
3633 | ### RULES ### | ||
3634 | |||
3635 | ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in | ||
3636 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3637 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3638 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3639 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3640 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3641 | |||
3642 | ### END RULES ### | ||
3643 | @@ -10093,7 +10093,7 @@ WARN: Checks disabled | ||
3644 | ### LOGGING ### | ||
3645 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3646 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3647 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3648 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3649 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3650 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3651 | ### END LOGGING ### | ||
3652 | @@ -10124,13 +10124,13 @@ COMMIT | ||
3653 | ### RULES ### | ||
3654 | |||
3655 | ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in | ||
3656 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3657 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3658 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3659 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3660 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3661 | |||
3662 | ### tuple ### limit tcp 139,445 192.168.0.1 139,445 192.168.0.1 Samba Samba in | ||
3663 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3664 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3665 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3666 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3667 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3668 | |||
3669 | ### END RULES ### | ||
3670 | @@ -10138,7 +10138,7 @@ COMMIT | ||
3671 | ### LOGGING ### | ||
3672 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3673 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3674 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3675 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3676 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3677 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3678 | ### END LOGGING ### | ||
3679 | @@ -10174,8 +10174,8 @@ WARN: Checks disabled | ||
3680 | ### RULES ### | ||
3681 | |||
3682 | ### tuple ### limit tcp 8080 0.0.0.0/0 80 0.0.0.0/0 - Apache in | ||
3683 | --A ufw-user-input -p tcp --dport 8080 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3684 | --A ufw-user-input -p tcp --dport 8080 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3685 | +-A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' | ||
3686 | +-A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' | ||
3687 | -A ufw-user-input -p tcp --dport 8080 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' | ||
3688 | |||
3689 | ### END RULES ### | ||
3690 | @@ -10183,7 +10183,7 @@ WARN: Checks disabled | ||
3691 | ### LOGGING ### | ||
3692 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3693 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3694 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3695 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3696 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3697 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3698 | ### END LOGGING ### | ||
3699 | @@ -10219,8 +10219,8 @@ WARN: Checks disabled | ||
3700 | ### RULES ### | ||
3701 | |||
3702 | ### tuple ### limit udp 10123 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in | ||
3703 | --A ufw-user-input -p udp --dport 10123 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3704 | --A ufw-user-input -p udp --dport 10123 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3705 | +-A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' | ||
3706 | +-A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' | ||
3707 | -A ufw-user-input -p udp --dport 10123 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' | ||
3708 | |||
3709 | ### END RULES ### | ||
3710 | @@ -10228,7 +10228,7 @@ WARN: Checks disabled | ||
3711 | ### LOGGING ### | ||
3712 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3713 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3714 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3715 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3716 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3717 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3718 | ### END LOGGING ### | ||
3719 | @@ -10264,8 +10264,8 @@ WARN: Checks disabled | ||
3720 | ### RULES ### | ||
3721 | |||
3722 | ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in | ||
3723 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3724 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3725 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3726 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3727 | -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3728 | |||
3729 | ### END RULES ### | ||
3730 | @@ -10273,7 +10273,7 @@ WARN: Checks disabled | ||
3731 | ### LOGGING ### | ||
3732 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3733 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3734 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3735 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3736 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3737 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3738 | ### END LOGGING ### | ||
3739 | @@ -10304,13 +10304,13 @@ COMMIT | ||
3740 | ### RULES ### | ||
3741 | |||
3742 | ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in | ||
3743 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3744 | --A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3745 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3746 | +-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3747 | -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3748 | |||
3749 | ### tuple ### limit tcp 53 0.0.0.0/0 139,445 0.0.0.0/0 Bind9 Samba in | ||
3750 | --A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3751 | --A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3752 | +-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3753 | +-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3754 | -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' | ||
3755 | |||
3756 | ### END RULES ### | ||
3757 | @@ -10318,7 +10318,7 @@ COMMIT | ||
3758 | ### LOGGING ### | ||
3759 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3760 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3761 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3762 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3763 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3764 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3765 | ### END LOGGING ### | ||
3766 | @@ -10354,8 +10354,8 @@ WARN: Checks disabled | ||
3767 | ### RULES ### | ||
3768 | |||
3769 | ### tuple ### limit udp 22 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
3770 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3771 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3772 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3773 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3774 | -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3775 | |||
3776 | ### END RULES ### | ||
3777 | @@ -10363,7 +10363,7 @@ WARN: Checks disabled | ||
3778 | ### LOGGING ### | ||
3779 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3780 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3781 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3782 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3783 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3784 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3785 | ### END LOGGING ### | ||
3786 | @@ -10394,13 +10394,13 @@ COMMIT | ||
3787 | ### RULES ### | ||
3788 | |||
3789 | ### tuple ### limit udp 22 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
3790 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3791 | --A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3792 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3793 | +-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3794 | -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3795 | |||
3796 | ### tuple ### limit tcp 22 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in | ||
3797 | --A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3798 | --A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3799 | +-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
3800 | +-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
3801 | -A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
3802 | |||
3803 | ### END RULES ### | ||
3804 | @@ -10408,7 +10408,7 @@ COMMIT | ||
3805 | ### LOGGING ### | ||
3806 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3807 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3808 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3809 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3810 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3811 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3812 | ### END LOGGING ### | ||
3813 | @@ -10444,8 +10444,8 @@ WARN: Checks disabled | ||
3814 | ### RULES ### | ||
3815 | |||
3816 | ### tuple ### limit tcp 80,443 0.0.0.0/0 80 0.0.0.0/0 Apache%20Full Apache in | ||
3817 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3818 | --A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3819 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3820 | +-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3821 | -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache' | ||
3822 | |||
3823 | ### END RULES ### | ||
3824 | @@ -10453,7 +10453,7 @@ WARN: Checks disabled | ||
3825 | ### LOGGING ### | ||
3826 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3827 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3828 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3829 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3830 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3831 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3832 | ### END LOGGING ### | ||
3833 | @@ -10489,8 +10489,8 @@ WARN: Checks disabled | ||
3834 | ### RULES ### | ||
3835 | |||
3836 | ### tuple ### limit tcp 80 0.0.0.0/0 8080 0.0.0.0/0 Apache - in | ||
3837 | --A ufw-user-input -p tcp --dport 80 --sport 8080 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
3838 | --A ufw-user-input -p tcp --dport 80 --sport 8080 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
3839 | +-A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
3840 | +-A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
3841 | -A ufw-user-input -p tcp --dport 80 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
3842 | |||
3843 | ### END RULES ### | ||
3844 | @@ -10498,7 +10498,7 @@ WARN: Checks disabled | ||
3845 | ### LOGGING ### | ||
3846 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3847 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3848 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3849 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3850 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3851 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3852 | ### END LOGGING ### | ||
3853 | @@ -10534,8 +10534,8 @@ WARN: Checks disabled | ||
3854 | ### RULES ### | ||
3855 | |||
3856 | ### tuple ### limit udp 123 0.0.0.0/0 10123 0.0.0.0/0 OpenNTPD - in | ||
3857 | --A ufw-user-input -p udp --dport 123 --sport 10123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
3858 | --A ufw-user-input -p udp --dport 123 --sport 10123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
3859 | +-A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' | ||
3860 | +-A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' | ||
3861 | -A ufw-user-input -p udp --dport 123 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' | ||
3862 | |||
3863 | ### END RULES ### | ||
3864 | @@ -10543,7 +10543,7 @@ WARN: Checks disabled | ||
3865 | ### LOGGING ### | ||
3866 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3867 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3868 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3869 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3870 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3871 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3872 | ### END LOGGING ### | ||
3873 | @@ -10579,8 +10579,8 @@ WARN: Checks disabled | ||
3874 | ### RULES ### | ||
3875 | |||
3876 | ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in | ||
3877 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3878 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3879 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3880 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3881 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3882 | |||
3883 | ### END RULES ### | ||
3884 | @@ -10588,7 +10588,7 @@ WARN: Checks disabled | ||
3885 | ### LOGGING ### | ||
3886 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3887 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3888 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3889 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3890 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3891 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3892 | ### END LOGGING ### | ||
3893 | @@ -10619,13 +10619,13 @@ COMMIT | ||
3894 | ### RULES ### | ||
3895 | |||
3896 | ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in | ||
3897 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3898 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3899 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3900 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3901 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3902 | |||
3903 | ### tuple ### limit tcp 139,445 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in | ||
3904 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3905 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3906 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3907 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3908 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' | ||
3909 | |||
3910 | ### END RULES ### | ||
3911 | @@ -10633,7 +10633,7 @@ COMMIT | ||
3912 | ### LOGGING ### | ||
3913 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3914 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3915 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3916 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3917 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3918 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3919 | ### END LOGGING ### | ||
3920 | @@ -10669,8 +10669,8 @@ WARN: Checks disabled | ||
3921 | ### RULES ### | ||
3922 | |||
3923 | ### tuple ### limit udp 137,138 0.0.0.0/0 22 0.0.0.0/0 Samba - in | ||
3924 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3925 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3926 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3927 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3928 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3929 | |||
3930 | ### END RULES ### | ||
3931 | @@ -10678,7 +10678,7 @@ WARN: Checks disabled | ||
3932 | ### LOGGING ### | ||
3933 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3934 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3935 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3936 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3937 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3938 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3939 | ### END LOGGING ### | ||
3940 | @@ -10709,13 +10709,13 @@ COMMIT | ||
3941 | ### RULES ### | ||
3942 | |||
3943 | ### tuple ### limit udp 137,138 0.0.0.0/0 22 0.0.0.0/0 Samba - in | ||
3944 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3945 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3946 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3947 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3948 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3949 | |||
3950 | ### tuple ### limit tcp 139,445 0.0.0.0/0 22 0.0.0.0/0 Samba - in | ||
3951 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3952 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3953 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
3954 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
3955 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
3956 | |||
3957 | ### END RULES ### | ||
3958 | @@ -10723,7 +10723,7 @@ COMMIT | ||
3959 | ### LOGGING ### | ||
3960 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3961 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3962 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3963 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3964 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3965 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3966 | ### END LOGGING ### | ||
3967 | @@ -10759,8 +10759,8 @@ WARN: Checks disabled | ||
3968 | ### RULES ### | ||
3969 | |||
3970 | ### tuple ### limit tcp 80 0.0.0.0/0 80,443 0.0.0.0/0 Apache Apache%20Full in | ||
3971 | --A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3972 | --A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3973 | +-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3974 | +-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3975 | -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full' | ||
3976 | |||
3977 | ### END RULES ### | ||
3978 | @@ -10768,7 +10768,7 @@ WARN: Checks disabled | ||
3979 | ### LOGGING ### | ||
3980 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3981 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3982 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3983 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
3984 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
3985 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
3986 | ### END LOGGING ### | ||
3987 | @@ -10804,8 +10804,8 @@ WARN: Checks disabled | ||
3988 | ### RULES ### | ||
3989 | |||
3990 | ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in | ||
3991 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3992 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3993 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3994 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3995 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
3996 | |||
3997 | ### END RULES ### | ||
3998 | @@ -10813,7 +10813,7 @@ WARN: Checks disabled | ||
3999 | ### LOGGING ### | ||
4000 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4001 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4002 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4003 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4004 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4005 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4006 | ### END LOGGING ### | ||
4007 | @@ -10844,13 +10844,13 @@ COMMIT | ||
4008 | ### RULES ### | ||
4009 | |||
4010 | ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in | ||
4011 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4012 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4013 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4014 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4015 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4016 | |||
4017 | ### tuple ### limit tcp 139,445 0.0.0.0/0 139,445 0.0.0.0/0 Samba Samba in | ||
4018 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4019 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4020 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4021 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4022 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4023 | |||
4024 | ### END RULES ### | ||
4025 | @@ -10858,7 +10858,7 @@ COMMIT | ||
4026 | ### LOGGING ### | ||
4027 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4028 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4029 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4030 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4031 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4032 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4033 | ### END LOGGING ### | ||
4034 | @@ -10902,7 +10902,7 @@ WARN: Checks disabled | ||
4035 | ### LOGGING ### | ||
4036 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4037 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4038 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4039 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4040 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4041 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4042 | ### END LOGGING ### | ||
4043 | @@ -10945,7 +10945,7 @@ WARN: Checks disabled | ||
4044 | ### LOGGING ### | ||
4045 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4046 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4047 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4048 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4049 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4050 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4051 | ### END LOGGING ### | ||
4052 | @@ -10994,7 +10994,7 @@ WARN: Checks disabled | ||
4053 | ### LOGGING ### | ||
4054 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4055 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4056 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4057 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4058 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4059 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4060 | ### END LOGGING ### | ||
4061 | @@ -11042,7 +11042,7 @@ WARN: Checks disabled | ||
4062 | ### LOGGING ### | ||
4063 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4064 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4065 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4066 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4067 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4068 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4069 | ### END LOGGING ### | ||
4070 | @@ -11083,7 +11083,7 @@ COMMIT | ||
4071 | ### LOGGING ### | ||
4072 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4073 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4074 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4075 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4076 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4077 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4078 | ### END LOGGING ### | ||
4079 | @@ -11140,7 +11140,7 @@ WARN: Checks disabled | ||
4080 | ### LOGGING ### | ||
4081 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4082 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4083 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4084 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4085 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4086 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4087 | ### END LOGGING ### | ||
4088 | @@ -11181,7 +11181,7 @@ COMMIT | ||
4089 | ### LOGGING ### | ||
4090 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4091 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4092 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4093 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4094 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4095 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4096 | ### END LOGGING ### | ||
4097 | @@ -11252,7 +11252,7 @@ TESTING INSERT | ||
4098 | ### LOGGING ### | ||
4099 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4100 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4101 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4102 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4103 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4104 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4105 | ### END LOGGING ### | ||
4106 | @@ -11299,7 +11299,7 @@ COMMIT | ||
4107 | ### LOGGING ### | ||
4108 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4109 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4110 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4111 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4112 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4113 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4114 | ### END LOGGING ### | ||
4115 | @@ -11389,7 +11389,7 @@ COMMIT | ||
4116 | ### LOGGING ### | ||
4117 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4118 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4119 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4120 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4121 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4122 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4123 | ### END LOGGING ### | ||
4124 | @@ -11445,7 +11445,7 @@ COMMIT | ||
4125 | ### LOGGING ### | ||
4126 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4127 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4128 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4129 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4130 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4131 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4132 | ### END LOGGING ### | ||
4133 | @@ -11508,7 +11508,7 @@ TESTING APPLICATION INTEGRATION (interfaces) | ||
4134 | ### LOGGING ### | ||
4135 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4136 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4137 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4138 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4139 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4140 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4141 | ### END LOGGING ### | ||
4142 | @@ -11552,7 +11552,7 @@ COMMIT | ||
4143 | ### LOGGING ### | ||
4144 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4145 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4146 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4147 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4148 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4149 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4150 | ### END LOGGING ### | ||
4151 | @@ -11614,7 +11614,7 @@ COMMIT | ||
4152 | ### LOGGING ### | ||
4153 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4154 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4155 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4156 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4157 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4158 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4159 | ### END LOGGING ### | ||
4160 | @@ -11658,7 +11658,7 @@ COMMIT | ||
4161 | ### LOGGING ### | ||
4162 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4163 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4164 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4165 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4166 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4167 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4168 | ### END LOGGING ### | ||
4169 | @@ -11698,33 +11698,33 @@ COMMIT | ||
4170 | ### RULES ### | ||
4171 | |||
4172 | ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 | ||
4173 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4174 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4175 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4176 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4177 | -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4178 | |||
4179 | ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 | ||
4180 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4181 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4182 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4183 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4184 | -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4185 | |||
4186 | ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0 | ||
4187 | --A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4188 | --A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4189 | +-A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4190 | +-A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4191 | -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
4192 | |||
4193 | ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0 | ||
4194 | --A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4195 | --A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4196 | +-A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4197 | +-A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4198 | -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
4199 | |||
4200 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 | ||
4201 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4202 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4203 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4204 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4205 | -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4206 | |||
4207 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 | ||
4208 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4209 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4210 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4211 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4212 | -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4213 | |||
4214 | ### END RULES ### | ||
4215 | @@ -11732,7 +11732,7 @@ COMMIT | ||
4216 | ### LOGGING ### | ||
4217 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4218 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4219 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4220 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4221 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4222 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4223 | ### END LOGGING ### | ||
4224 | @@ -11776,7 +11776,7 @@ COMMIT | ||
4225 | ### LOGGING ### | ||
4226 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4227 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4228 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4229 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4230 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4231 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4232 | ### END LOGGING ### | ||
4233 | @@ -11838,7 +11838,7 @@ COMMIT | ||
4234 | ### LOGGING ### | ||
4235 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4236 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4237 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4238 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4239 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4240 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4241 | ### END LOGGING ### | ||
4242 | @@ -11882,7 +11882,7 @@ COMMIT | ||
4243 | ### LOGGING ### | ||
4244 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4245 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4246 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4247 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4248 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4249 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4250 | ### END LOGGING ### | ||
4251 | @@ -11942,7 +11942,7 @@ COMMIT | ||
4252 | ### LOGGING ### | ||
4253 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4254 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4255 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4256 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4257 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4258 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4259 | ### END LOGGING ### | ||
4260 | @@ -11986,7 +11986,7 @@ COMMIT | ||
4261 | ### LOGGING ### | ||
4262 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4263 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4264 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4265 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4266 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4267 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4268 | ### END LOGGING ### | ||
4269 | @@ -12048,7 +12048,7 @@ COMMIT | ||
4270 | ### LOGGING ### | ||
4271 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4272 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4273 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4274 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4275 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4276 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4277 | ### END LOGGING ### | ||
4278 | @@ -12092,7 +12092,7 @@ COMMIT | ||
4279 | ### LOGGING ### | ||
4280 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4281 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4282 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4283 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4284 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4285 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4286 | ### END LOGGING ### | ||
4287 | @@ -12154,7 +12154,7 @@ COMMIT | ||
4288 | ### LOGGING ### | ||
4289 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4290 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4291 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4292 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4293 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4294 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4295 | ### END LOGGING ### | ||
4296 | @@ -12198,7 +12198,7 @@ COMMIT | ||
4297 | ### LOGGING ### | ||
4298 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4299 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4300 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4301 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4302 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4303 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4304 | ### END LOGGING ### | ||
4305 | @@ -12238,33 +12238,33 @@ COMMIT | ||
4306 | ### RULES ### | ||
4307 | |||
4308 | ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 | ||
4309 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4310 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4311 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4312 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4313 | -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4314 | |||
4315 | ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 | ||
4316 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4317 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4318 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4319 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4320 | -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4321 | |||
4322 | ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0 | ||
4323 | --A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4324 | --A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4325 | +-A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4326 | +-A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4327 | -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
4328 | |||
4329 | ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0 | ||
4330 | --A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4331 | --A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4332 | +-A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' | ||
4333 | +-A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' | ||
4334 | -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' | ||
4335 | |||
4336 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 | ||
4337 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4338 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4339 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4340 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4341 | -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4342 | |||
4343 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 | ||
4344 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4345 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4346 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4347 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4348 | -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4349 | |||
4350 | ### END RULES ### | ||
4351 | @@ -12272,7 +12272,7 @@ COMMIT | ||
4352 | ### LOGGING ### | ||
4353 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4354 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4355 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4356 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4357 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4358 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4359 | ### END LOGGING ### | ||
4360 | @@ -12316,7 +12316,7 @@ COMMIT | ||
4361 | ### LOGGING ### | ||
4362 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4363 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4364 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4365 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4366 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4367 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4368 | ### END LOGGING ### | ||
4369 | @@ -12378,7 +12378,7 @@ COMMIT | ||
4370 | ### LOGGING ### | ||
4371 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4372 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4373 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4374 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4375 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4376 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4377 | ### END LOGGING ### | ||
4378 | @@ -12422,7 +12422,7 @@ COMMIT | ||
4379 | ### LOGGING ### | ||
4380 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4381 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4382 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4383 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4384 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4385 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4386 | ### END LOGGING ### | ||
4387 | @@ -12482,7 +12482,7 @@ COMMIT | ||
4388 | ### LOGGING ### | ||
4389 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4390 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4391 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4392 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4393 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4394 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4395 | ### END LOGGING ### | ||
4396 | @@ -12526,7 +12526,7 @@ COMMIT | ||
4397 | ### LOGGING ### | ||
4398 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4399 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4400 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4401 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
4402 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4403 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4404 | ### END LOGGING ### | ||
4405 | diff --git a/tests/good/logging/result b/tests/good/logging/result | ||
4406 | index 6714e12..4b23f9a 100644 | ||
4407 | --- a/tests/good/logging/result | ||
4408 | +++ b/tests/good/logging/result | ||
4409 | @@ -102,69 +102,69 @@ contents of user*.rules: | ||
4410 | ### RULES ### | ||
4411 | |||
4412 | ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
4413 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4414 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4415 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
4416 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
4417 | -A ufw-user-input -p tcp --dport 23 -j ACCEPT | ||
4418 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4419 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4420 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
4421 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
4422 | -A ufw-user-input -p udp --dport 23 -j ACCEPT | ||
4423 | |||
4424 | ### tuple ### allow_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in | ||
4425 | --A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4426 | +-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4427 | -A ufw-user-logging-input -p tcp --dport 25 -j RETURN | ||
4428 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input | ||
4429 | -A ufw-user-input -p tcp --dport 25 -j ACCEPT | ||
4430 | |||
4431 | ### tuple ### allow_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in | ||
4432 | --A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4433 | +-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4434 | -A ufw-user-logging-input -p udp --dport 69 -j RETURN | ||
4435 | -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input | ||
4436 | -A ufw-user-input -p udp --dport 69 -j ACCEPT | ||
4437 | |||
4438 | ### tuple ### allow_log any 443 0.0.0.0/0 any 0.0.0.0/0 in | ||
4439 | --A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4440 | +-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4441 | -A ufw-user-logging-input -p tcp --dport 443 -j RETURN | ||
4442 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input | ||
4443 | -A ufw-user-input -p tcp --dport 443 -j ACCEPT | ||
4444 | --A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4445 | +-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4446 | -A ufw-user-logging-input -p udp --dport 443 -j RETURN | ||
4447 | -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input | ||
4448 | -A ufw-user-input -p udp --dport 443 -j ACCEPT | ||
4449 | |||
4450 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4451 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4452 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4453 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
4454 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
4455 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
4456 | |||
4457 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4458 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4459 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4460 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
4461 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
4462 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
4463 | |||
4464 | ### tuple ### allow_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
4465 | --A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4466 | +-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4467 | -A ufw-user-logging-input -p tcp --dport 80 -j RETURN | ||
4468 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input | ||
4469 | -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' | ||
4470 | |||
4471 | ### tuple ### allow_log tcp 25 10.0.0.1 25 192.168.0.1 in | ||
4472 | --A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4473 | +-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4474 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN | ||
4475 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input | ||
4476 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT | ||
4477 | |||
4478 | ### tuple ### allow_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in | ||
4479 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4480 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4481 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4482 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4483 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4484 | |||
4485 | ### tuple ### allow_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in | ||
4486 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4487 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
4488 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4489 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4490 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4491 | @@ -175,12 +175,12 @@ contents of user*.rules: | ||
4492 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4493 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4494 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4495 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4496 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4497 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4498 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4499 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4500 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4501 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4502 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4503 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4504 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4505 | ### END LOGGING ### | ||
4506 | |||
4507 | ### RATE LIMITING ### | ||
4508 | @@ -245,12 +245,12 @@ contents of user*.rules: | ||
4509 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4510 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4511 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4512 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4513 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4514 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4515 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4516 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4517 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4518 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4519 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4520 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4521 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4522 | ### END LOGGING ### | ||
4523 | |||
4524 | ### RATE LIMITING ### | ||
4525 | @@ -383,12 +383,12 @@ contents of user*.rules: | ||
4526 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4527 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4528 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4529 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4530 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4531 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4532 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4533 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4534 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4535 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4536 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4537 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4538 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4539 | ### END LOGGING ### | ||
4540 | |||
4541 | ### RATE LIMITING ### | ||
4542 | @@ -453,12 +453,12 @@ contents of user*.rules: | ||
4543 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4544 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4545 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4546 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4547 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4548 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4549 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4550 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4551 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4552 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4553 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4554 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4555 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4556 | ### END LOGGING ### | ||
4557 | |||
4558 | ### RATE LIMITING ### | ||
4559 | @@ -518,69 +518,69 @@ contents of user*.rules: | ||
4560 | ### RULES ### | ||
4561 | |||
4562 | ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
4563 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4564 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4565 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
4566 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
4567 | -A ufw-user-input -p tcp --dport 23 -j DROP | ||
4568 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4569 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4570 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
4571 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
4572 | -A ufw-user-input -p udp --dport 23 -j DROP | ||
4573 | |||
4574 | ### tuple ### deny_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in | ||
4575 | --A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4576 | +-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4577 | -A ufw-user-logging-input -p tcp --dport 25 -j RETURN | ||
4578 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input | ||
4579 | -A ufw-user-input -p tcp --dport 25 -j DROP | ||
4580 | |||
4581 | ### tuple ### deny_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in | ||
4582 | --A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4583 | +-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4584 | -A ufw-user-logging-input -p udp --dport 69 -j RETURN | ||
4585 | -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input | ||
4586 | -A ufw-user-input -p udp --dport 69 -j DROP | ||
4587 | |||
4588 | ### tuple ### deny_log any 443 0.0.0.0/0 any 0.0.0.0/0 in | ||
4589 | --A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4590 | +-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4591 | -A ufw-user-logging-input -p tcp --dport 443 -j RETURN | ||
4592 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input | ||
4593 | -A ufw-user-input -p tcp --dport 443 -j DROP | ||
4594 | --A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4595 | +-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4596 | -A ufw-user-logging-input -p udp --dport 443 -j RETURN | ||
4597 | -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input | ||
4598 | -A ufw-user-input -p udp --dport 443 -j DROP | ||
4599 | |||
4600 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4601 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4602 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4603 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
4604 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
4605 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
4606 | |||
4607 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4608 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4609 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4610 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
4611 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
4612 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
4613 | |||
4614 | ### tuple ### deny_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
4615 | --A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4616 | +-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4617 | -A ufw-user-logging-input -p tcp --dport 80 -j RETURN | ||
4618 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input | ||
4619 | -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache' | ||
4620 | |||
4621 | ### tuple ### deny_log tcp 25 10.0.0.1 25 192.168.0.1 in | ||
4622 | --A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4623 | +-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4624 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN | ||
4625 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input | ||
4626 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP | ||
4627 | |||
4628 | ### tuple ### deny_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in | ||
4629 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4630 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4631 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4632 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4633 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4634 | |||
4635 | ### tuple ### deny_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in | ||
4636 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4637 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
4638 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4639 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4640 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4641 | @@ -591,12 +591,12 @@ contents of user*.rules: | ||
4642 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4643 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4644 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4645 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4646 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4647 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4648 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4649 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4650 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4651 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4652 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4653 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4654 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4655 | ### END LOGGING ### | ||
4656 | |||
4657 | ### RATE LIMITING ### | ||
4658 | @@ -661,12 +661,12 @@ contents of user*.rules: | ||
4659 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4660 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4661 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4662 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4663 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4664 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4665 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4666 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4667 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4668 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4669 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4670 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4671 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4672 | ### END LOGGING ### | ||
4673 | |||
4674 | ### RATE LIMITING ### | ||
4675 | @@ -799,12 +799,12 @@ contents of user*.rules: | ||
4676 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4677 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4678 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4679 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4680 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4681 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4682 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4683 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4684 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4685 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4686 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4687 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4688 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4689 | ### END LOGGING ### | ||
4690 | |||
4691 | ### RATE LIMITING ### | ||
4692 | @@ -869,12 +869,12 @@ contents of user*.rules: | ||
4693 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4694 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4695 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4696 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4697 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4698 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4699 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4700 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4701 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4702 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4703 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4704 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4705 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4706 | ### END LOGGING ### | ||
4707 | |||
4708 | ### RATE LIMITING ### | ||
4709 | @@ -934,95 +934,95 @@ contents of user*.rules: | ||
4710 | ### RULES ### | ||
4711 | |||
4712 | ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
4713 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4714 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4715 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
4716 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
4717 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
4718 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4719 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
4720 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4721 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
4722 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4723 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4724 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
4725 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
4726 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
4727 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4728 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
4729 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4730 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
4731 | |||
4732 | ### tuple ### limit_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in | ||
4733 | --A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4734 | +-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4735 | -A ufw-user-logging-input -p tcp --dport 25 -j RETURN | ||
4736 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input | ||
4737 | --A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --set | ||
4738 | --A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4739 | +-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
4740 | +-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4741 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept | ||
4742 | |||
4743 | ### tuple ### limit_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in | ||
4744 | --A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4745 | +-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4746 | -A ufw-user-logging-input -p udp --dport 69 -j RETURN | ||
4747 | -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input | ||
4748 | --A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --set | ||
4749 | --A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4750 | +-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set | ||
4751 | +-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4752 | -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept | ||
4753 | |||
4754 | ### tuple ### limit_log any 443 0.0.0.0/0 any 0.0.0.0/0 in | ||
4755 | --A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4756 | +-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4757 | -A ufw-user-logging-input -p tcp --dport 443 -j RETURN | ||
4758 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input | ||
4759 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set | ||
4760 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4761 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set | ||
4762 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4763 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept | ||
4764 | --A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4765 | +-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4766 | -A ufw-user-logging-input -p udp --dport 443 -j RETURN | ||
4767 | -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input | ||
4768 | --A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --set | ||
4769 | --A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4770 | +-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --set | ||
4771 | +-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4772 | -A ufw-user-input -p udp --dport 443 -j ufw-user-limit-accept | ||
4773 | |||
4774 | ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4775 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4776 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4777 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
4778 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
4779 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4780 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4781 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4782 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4783 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4784 | |||
4785 | ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4786 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4787 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4788 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
4789 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
4790 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4791 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4792 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4793 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4794 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4795 | |||
4796 | ### tuple ### limit_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
4797 | --A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4798 | +-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4799 | -A ufw-user-logging-input -p tcp --dport 80 -j RETURN | ||
4800 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input | ||
4801 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
4802 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
4803 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
4804 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
4805 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
4806 | |||
4807 | ### tuple ### limit_log tcp 25 10.0.0.1 25 192.168.0.1 in | ||
4808 | --A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4809 | +-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4810 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN | ||
4811 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input | ||
4812 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --set | ||
4813 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4814 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set | ||
4815 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4816 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept | ||
4817 | |||
4818 | ### tuple ### limit_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in | ||
4819 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4820 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4821 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4822 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4823 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4824 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4825 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4826 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4827 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4828 | |||
4829 | ### tuple ### limit_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in | ||
4830 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4831 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4832 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4833 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4834 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4835 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4836 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4837 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4838 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4839 | |||
4840 | ### END RULES ### | ||
4841 | @@ -1031,12 +1031,12 @@ contents of user*.rules: | ||
4842 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4843 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4844 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4845 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4846 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4847 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4848 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4849 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4850 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4851 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4852 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4853 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4854 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4855 | ### END LOGGING ### | ||
4856 | |||
4857 | ### RATE LIMITING ### | ||
4858 | @@ -1101,12 +1101,12 @@ contents of user*.rules: | ||
4859 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4860 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4861 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4862 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4863 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4864 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4865 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4866 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4867 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4868 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
4869 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4870 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4871 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
4872 | ### END LOGGING ### | ||
4873 | |||
4874 | ### RATE LIMITING ### | ||
4875 | @@ -1169,92 +1169,92 @@ contents of user*.rules: | ||
4876 | -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4877 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
4878 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
4879 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
4880 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4881 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
4882 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4883 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
4884 | -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4885 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
4886 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
4887 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
4888 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4889 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
4890 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4891 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
4892 | |||
4893 | ### tuple ### limit_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in | ||
4894 | -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4895 | -A ufw-user-logging-input -p tcp --dport 25 -j RETURN | ||
4896 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input | ||
4897 | --A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --set | ||
4898 | --A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4899 | +-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
4900 | +-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4901 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept | ||
4902 | |||
4903 | ### tuple ### limit_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in | ||
4904 | -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4905 | -A ufw-user-logging-input -p udp --dport 69 -j RETURN | ||
4906 | -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input | ||
4907 | --A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --set | ||
4908 | --A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4909 | +-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set | ||
4910 | +-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4911 | -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept | ||
4912 | |||
4913 | ### tuple ### limit_log-all any 443 0.0.0.0/0 any 0.0.0.0/0 in | ||
4914 | -A ufw-user-logging-input -p tcp --dport 443 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4915 | -A ufw-user-logging-input -p tcp --dport 443 -j RETURN | ||
4916 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input | ||
4917 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set | ||
4918 | --A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4919 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set | ||
4920 | +-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4921 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept | ||
4922 | -A ufw-user-logging-input -p udp --dport 443 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4923 | -A ufw-user-logging-input -p udp --dport 443 -j RETURN | ||
4924 | -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input | ||
4925 | --A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --set | ||
4926 | --A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4927 | +-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --set | ||
4928 | +-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4929 | -A ufw-user-input -p udp --dport 443 -j ufw-user-limit-accept | ||
4930 | |||
4931 | ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4932 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4933 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
4934 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
4935 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4936 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4937 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4938 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4939 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4940 | |||
4941 | ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
4942 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4943 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
4944 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
4945 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4946 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4947 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
4948 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
4949 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
4950 | |||
4951 | ### tuple ### limit_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
4952 | -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4953 | -A ufw-user-logging-input -p tcp --dport 80 -j RETURN | ||
4954 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input | ||
4955 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
4956 | --A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
4957 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' | ||
4958 | +-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' | ||
4959 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' | ||
4960 | |||
4961 | ### tuple ### limit_log-all tcp 25 10.0.0.1 25 192.168.0.1 in | ||
4962 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4963 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN | ||
4964 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input | ||
4965 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --set | ||
4966 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4967 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set | ||
4968 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
4969 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept | ||
4970 | |||
4971 | ### tuple ### limit_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in | ||
4972 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4973 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4974 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4975 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4976 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4977 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4978 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4979 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4980 | |||
4981 | ### tuple ### limit_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in | ||
4982 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
4983 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
4984 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
4985 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4986 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4987 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4988 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4989 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' | ||
4990 | |||
4991 | ### END RULES ### | ||
4992 | @@ -1263,12 +1263,12 @@ contents of user*.rules: | ||
4993 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4994 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
4995 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4996 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4997 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
4998 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
4999 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5000 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5001 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5002 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5003 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5004 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5005 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5006 | ### END LOGGING ### | ||
5007 | |||
5008 | ### RATE LIMITING ### | ||
5009 | @@ -1333,12 +1333,12 @@ contents of user*.rules: | ||
5010 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5011 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5012 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5013 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5014 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5015 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5016 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5017 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5018 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5019 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5020 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5021 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5022 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5023 | ### END LOGGING ### | ||
5024 | |||
5025 | ### RATE LIMITING ### | ||
5026 | @@ -1398,69 +1398,69 @@ contents of user*.rules: | ||
5027 | ### RULES ### | ||
5028 | |||
5029 | ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
5030 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5031 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5032 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
5033 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
5034 | -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
5035 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5036 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5037 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
5038 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
5039 | -A ufw-user-input -p udp --dport 23 -j REJECT | ||
5040 | |||
5041 | ### tuple ### reject_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in | ||
5042 | --A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5043 | +-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5044 | -A ufw-user-logging-input -p tcp --dport 25 -j RETURN | ||
5045 | -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input | ||
5046 | -A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset | ||
5047 | |||
5048 | ### tuple ### reject_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in | ||
5049 | --A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5050 | +-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5051 | -A ufw-user-logging-input -p udp --dport 69 -j RETURN | ||
5052 | -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input | ||
5053 | -A ufw-user-input -p udp --dport 69 -j REJECT | ||
5054 | |||
5055 | ### tuple ### reject_log any 443 0.0.0.0/0 any 0.0.0.0/0 in | ||
5056 | --A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5057 | +-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5058 | -A ufw-user-logging-input -p tcp --dport 443 -j RETURN | ||
5059 | -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input | ||
5060 | -A ufw-user-input -p tcp --dport 443 -j REJECT --reject-with tcp-reset | ||
5061 | --A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5062 | +-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5063 | -A ufw-user-logging-input -p udp --dport 443 -j RETURN | ||
5064 | -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input | ||
5065 | -A ufw-user-input -p udp --dport 443 -j REJECT | ||
5066 | |||
5067 | ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5068 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5069 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5070 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
5071 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
5072 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
5073 | |||
5074 | ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5075 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5076 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5077 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
5078 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
5079 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
5080 | |||
5081 | ### tuple ### reject_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in | ||
5082 | --A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5083 | +-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5084 | -A ufw-user-logging-input -p tcp --dport 80 -j RETURN | ||
5085 | -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input | ||
5086 | -A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache' | ||
5087 | |||
5088 | ### tuple ### reject_log tcp 25 10.0.0.1 25 192.168.0.1 in | ||
5089 | --A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5090 | +-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5091 | -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN | ||
5092 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input | ||
5093 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset | ||
5094 | |||
5095 | ### tuple ### reject_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in | ||
5096 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5097 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5098 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
5099 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
5100 | -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba' | ||
5101 | |||
5102 | ### tuple ### reject_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in | ||
5103 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5104 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
5105 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN | ||
5106 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input | ||
5107 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba' | ||
5108 | @@ -1471,12 +1471,12 @@ contents of user*.rules: | ||
5109 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5110 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5111 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5112 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5113 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5114 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5115 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5116 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5117 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5118 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5119 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5120 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5121 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5122 | ### END LOGGING ### | ||
5123 | |||
5124 | ### RATE LIMITING ### | ||
5125 | @@ -1541,12 +1541,12 @@ contents of user*.rules: | ||
5126 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5127 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5128 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5129 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5130 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5131 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5132 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5133 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5134 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5135 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5136 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5137 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5138 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5139 | ### END LOGGING ### | ||
5140 | |||
5141 | ### RATE LIMITING ### | ||
5142 | @@ -1679,12 +1679,12 @@ contents of user*.rules: | ||
5143 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5144 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5145 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5146 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5147 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5148 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5149 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5150 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5151 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5152 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5153 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5154 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5155 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5156 | ### END LOGGING ### | ||
5157 | |||
5158 | ### RATE LIMITING ### | ||
5159 | @@ -1749,12 +1749,12 @@ contents of user*.rules: | ||
5160 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5161 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5162 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5163 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5164 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5165 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5166 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5167 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5168 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5169 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5170 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5171 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5172 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5173 | ### END LOGGING ### | ||
5174 | |||
5175 | ### RATE LIMITING ### | ||
5176 | @@ -1797,13 +1797,13 @@ contents of user*.rules: | ||
5177 | ### RULES ### | ||
5178 | |||
5179 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5180 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5181 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5182 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
5183 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
5184 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
5185 | |||
5186 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5187 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5188 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5189 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
5190 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
5191 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
5192 | @@ -1820,12 +1820,12 @@ contents of user*.rules: | ||
5193 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5194 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5195 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5196 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5197 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5198 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5199 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5200 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5201 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5202 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5203 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5204 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5205 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5206 | ### END LOGGING ### | ||
5207 | |||
5208 | ### RATE LIMITING ### | ||
5209 | @@ -1867,19 +1867,19 @@ contents of user*.rules: | ||
5210 | ### RULES ### | ||
5211 | |||
5212 | ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5213 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
5214 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
5215 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
5216 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
5217 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
5218 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
5219 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
5220 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
5221 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
5222 | |||
5223 | ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
5224 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
5225 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
5226 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
5227 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
5228 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
5229 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
5230 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
5231 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
5232 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
5233 | |||
5234 | ### tuple ### reject_log-all tcp 23 10.0.0.1 any 192.168.0.1 in | ||
5235 | @@ -1894,12 +1894,12 @@ contents of user*.rules: | ||
5236 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5237 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5238 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5239 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5240 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5241 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5242 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5243 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5244 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5245 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5246 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5247 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5248 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5249 | ### END LOGGING ### | ||
5250 | |||
5251 | ### RATE LIMITING ### | ||
5252 | @@ -1946,12 +1946,12 @@ contents of user*.rules: | ||
5253 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5254 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5255 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5256 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5257 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5258 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5259 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5260 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5261 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5262 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5263 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5264 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5265 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5266 | ### END LOGGING ### | ||
5267 | |||
5268 | ### RATE LIMITING ### | ||
5269 | @@ -2006,13 +2006,13 @@ contents of user*.rules: | ||
5270 | ### RULES ### | ||
5271 | |||
5272 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
5273 | --A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5274 | +-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5275 | -A ufw-user-logging-input -i eth0 -j RETURN | ||
5276 | -A ufw-user-input -i eth0 -j ufw-user-logging-input | ||
5277 | -A ufw-user-input -i eth0 -j ACCEPT | ||
5278 | |||
5279 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 | ||
5280 | --A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5281 | +-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5282 | -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
5283 | -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-input | ||
5284 | -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT | ||
5285 | @@ -2024,13 +2024,13 @@ contents of user*.rules: | ||
5286 | -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP | ||
5287 | |||
5288 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
5289 | --A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5290 | +-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5291 | -A ufw-user-logging-output -o eth0 -j RETURN | ||
5292 | -A ufw-user-output -o eth0 -j ufw-user-logging-output | ||
5293 | -A ufw-user-output -o eth0 -j ACCEPT | ||
5294 | |||
5295 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 | ||
5296 | --A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5297 | +-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
5298 | -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
5299 | -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-output | ||
5300 | -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT | ||
5301 | @@ -2047,12 +2047,12 @@ contents of user*.rules: | ||
5302 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5303 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5304 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5305 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5306 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5307 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5308 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5309 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5310 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5311 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5312 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5313 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5314 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5315 | ### END LOGGING ### | ||
5316 | |||
5317 | ### RATE LIMITING ### | ||
5318 | @@ -2163,7 +2163,7 @@ WARN: Checks disabled | ||
5319 | ### LOGGING ### | ||
5320 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5321 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5322 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5323 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5324 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5325 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5326 | ### END LOGGING ### | ||
5327 | @@ -2211,12 +2211,12 @@ WARN: Checks disabled | ||
5328 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5329 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5330 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5331 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5332 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 | ||
5333 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5334 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5335 | --I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5336 | --I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5337 | --I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10 | ||
5338 | +-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5339 | +-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5340 | +-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 | ||
5341 | ### END LOGGING ### | ||
5342 | |||
5343 | ### RATE LIMITING ### | ||
5344 | @@ -2262,7 +2262,7 @@ WARN: Checks disabled | ||
5345 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " | ||
5346 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " | ||
5347 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " | ||
5348 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5349 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5350 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " | ||
5351 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " | ||
5352 | -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m limit --limit 3/min --limit-burst 10 | ||
5353 | @@ -2313,7 +2313,7 @@ WARN: Checks disabled | ||
5354 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " | ||
5355 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " | ||
5356 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " | ||
5357 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5358 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5359 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " | ||
5360 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " | ||
5361 | -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " | ||
5362 | @@ -2364,7 +2364,7 @@ WARN: Checks disabled | ||
5363 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " | ||
5364 | -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " | ||
5365 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " | ||
5366 | --A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5367 | +-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " | ||
5368 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " | ||
5369 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " | ||
5370 | -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " | ||
5371 | diff --git a/tests/good/rules/result b/tests/good/rules/result | ||
5372 | index 7c1570a..e4b918c 100644 | ||
5373 | --- a/tests/good/rules/result | ||
5374 | +++ b/tests/good/rules/result | ||
5375 | @@ -29,7 +29,7 @@ WARN: Checks disabled | ||
5376 | ### LOGGING ### | ||
5377 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5378 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5379 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5380 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5381 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5382 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5383 | ### END LOGGING ### | ||
5384 | @@ -72,7 +72,7 @@ WARN: Checks disabled | ||
5385 | ### LOGGING ### | ||
5386 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5387 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5388 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5389 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5390 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5391 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5392 | ### END LOGGING ### | ||
5393 | @@ -115,7 +115,7 @@ WARN: Checks disabled | ||
5394 | ### LOGGING ### | ||
5395 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5396 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5397 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5398 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5399 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5400 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5401 | ### END LOGGING ### | ||
5402 | @@ -158,7 +158,7 @@ WARN: Checks disabled | ||
5403 | ### LOGGING ### | ||
5404 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5405 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5406 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5407 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5408 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5409 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5410 | ### END LOGGING ### | ||
5411 | @@ -201,7 +201,7 @@ WARN: Checks disabled | ||
5412 | ### LOGGING ### | ||
5413 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5414 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5415 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5416 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5417 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5418 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5419 | ### END LOGGING ### | ||
5420 | @@ -244,7 +244,7 @@ WARN: Checks disabled | ||
5421 | ### LOGGING ### | ||
5422 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5423 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5424 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5425 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5426 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5427 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5428 | ### END LOGGING ### | ||
5429 | @@ -284,7 +284,7 @@ WARN: Checks disabled | ||
5430 | ### LOGGING ### | ||
5431 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5432 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5433 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5434 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5435 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5436 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5437 | ### END LOGGING ### | ||
5438 | @@ -320,8 +320,8 @@ WARN: Checks disabled | ||
5439 | ### RULES ### | ||
5440 | |||
5441 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
5442 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
5443 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
5444 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
5445 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
5446 | -A ufw-user-input -p tcp --dport 22 -j ufw-user-limit-accept | ||
5447 | |||
5448 | ### END RULES ### | ||
5449 | @@ -329,7 +329,7 @@ WARN: Checks disabled | ||
5450 | ### LOGGING ### | ||
5451 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5452 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5453 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5454 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5455 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5456 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5457 | ### END LOGGING ### | ||
5458 | @@ -373,7 +373,7 @@ WARN: Checks disabled | ||
5459 | ### LOGGING ### | ||
5460 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5461 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5462 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5463 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5464 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5465 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5466 | ### END LOGGING ### | ||
5467 | @@ -416,7 +416,7 @@ WARN: Checks disabled | ||
5468 | ### LOGGING ### | ||
5469 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5470 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5471 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5472 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5473 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5474 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5475 | ### END LOGGING ### | ||
5476 | @@ -459,7 +459,7 @@ WARN: Checks disabled | ||
5477 | ### LOGGING ### | ||
5478 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5479 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5480 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5481 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5482 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5483 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5484 | ### END LOGGING ### | ||
5485 | @@ -502,7 +502,7 @@ WARN: Checks disabled | ||
5486 | ### LOGGING ### | ||
5487 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5488 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5489 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5490 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5491 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5492 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5493 | ### END LOGGING ### | ||
5494 | @@ -545,7 +545,7 @@ WARN: Checks disabled | ||
5495 | ### LOGGING ### | ||
5496 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5497 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5498 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5499 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5500 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5501 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5502 | ### END LOGGING ### | ||
5503 | @@ -588,7 +588,7 @@ WARN: Checks disabled | ||
5504 | ### LOGGING ### | ||
5505 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5506 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5507 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5508 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5509 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5510 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5511 | ### END LOGGING ### | ||
5512 | @@ -631,7 +631,7 @@ WARN: Checks disabled | ||
5513 | ### LOGGING ### | ||
5514 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5515 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5516 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5517 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5518 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5519 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5520 | ### END LOGGING ### | ||
5521 | @@ -676,7 +676,7 @@ WARN: Checks disabled | ||
5522 | ### LOGGING ### | ||
5523 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5524 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5525 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5526 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5527 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5528 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5529 | ### END LOGGING ### | ||
5530 | @@ -719,7 +719,7 @@ WARN: Checks disabled | ||
5531 | ### LOGGING ### | ||
5532 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5533 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5534 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5535 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5536 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5537 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5538 | ### END LOGGING ### | ||
5539 | @@ -763,7 +763,7 @@ WARN: Checks disabled | ||
5540 | ### LOGGING ### | ||
5541 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5542 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5543 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5544 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5545 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5546 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5547 | ### END LOGGING ### | ||
5548 | @@ -806,7 +806,7 @@ WARN: Checks disabled | ||
5549 | ### LOGGING ### | ||
5550 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5551 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5552 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5553 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5554 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5555 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5556 | ### END LOGGING ### | ||
5557 | @@ -849,7 +849,7 @@ WARN: Checks disabled | ||
5558 | ### LOGGING ### | ||
5559 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5560 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5561 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5562 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5563 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5564 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5565 | ### END LOGGING ### | ||
5566 | @@ -889,7 +889,7 @@ WARN: Checks disabled | ||
5567 | ### LOGGING ### | ||
5568 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5569 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5570 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5571 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5572 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5573 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5574 | ### END LOGGING ### | ||
5575 | @@ -929,7 +929,7 @@ WARN: Checks disabled | ||
5576 | ### LOGGING ### | ||
5577 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5578 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5579 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5580 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5581 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5582 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5583 | ### END LOGGING ### | ||
5584 | @@ -969,7 +969,7 @@ WARN: Checks disabled | ||
5585 | ### LOGGING ### | ||
5586 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5587 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5588 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5589 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5590 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5591 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5592 | ### END LOGGING ### | ||
5593 | @@ -1012,7 +1012,7 @@ WARN: Checks disabled | ||
5594 | ### LOGGING ### | ||
5595 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5596 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5597 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5598 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5599 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5600 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5601 | ### END LOGGING ### | ||
5602 | @@ -1052,7 +1052,7 @@ WARN: Checks disabled | ||
5603 | ### LOGGING ### | ||
5604 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5605 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5606 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5607 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5608 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5609 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5610 | ### END LOGGING ### | ||
5611 | @@ -1095,7 +1095,7 @@ WARN: Checks disabled | ||
5612 | ### LOGGING ### | ||
5613 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5614 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5615 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5616 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5617 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5618 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5619 | ### END LOGGING ### | ||
5620 | @@ -1135,7 +1135,7 @@ WARN: Checks disabled | ||
5621 | ### LOGGING ### | ||
5622 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5623 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5624 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5625 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5626 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5627 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5628 | ### END LOGGING ### | ||
5629 | @@ -1178,7 +1178,7 @@ WARN: Checks disabled | ||
5630 | ### LOGGING ### | ||
5631 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5632 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5633 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5634 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5635 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5636 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5637 | ### END LOGGING ### | ||
5638 | @@ -1218,7 +1218,7 @@ WARN: Checks disabled | ||
5639 | ### LOGGING ### | ||
5640 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5641 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5642 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5643 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5644 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5645 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5646 | ### END LOGGING ### | ||
5647 | @@ -1261,7 +1261,7 @@ WARN: Checks disabled | ||
5648 | ### LOGGING ### | ||
5649 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5650 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5651 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5652 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5653 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5654 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5655 | ### END LOGGING ### | ||
5656 | @@ -1301,7 +1301,7 @@ WARN: Checks disabled | ||
5657 | ### LOGGING ### | ||
5658 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5659 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5660 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5661 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5662 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5663 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5664 | ### END LOGGING ### | ||
5665 | @@ -1345,7 +1345,7 @@ WARN: Checks disabled | ||
5666 | ### LOGGING ### | ||
5667 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5668 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5669 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5670 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5671 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5672 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5673 | ### END LOGGING ### | ||
5674 | @@ -1385,7 +1385,7 @@ WARN: Checks disabled | ||
5675 | ### LOGGING ### | ||
5676 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5677 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5678 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5679 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5680 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5681 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5682 | ### END LOGGING ### | ||
5683 | @@ -1428,7 +1428,7 @@ WARN: Checks disabled | ||
5684 | ### LOGGING ### | ||
5685 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5686 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5687 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5688 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5689 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5690 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5691 | ### END LOGGING ### | ||
5692 | @@ -1468,7 +1468,7 @@ WARN: Checks disabled | ||
5693 | ### LOGGING ### | ||
5694 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5695 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5696 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5697 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5698 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5699 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5700 | ### END LOGGING ### | ||
5701 | @@ -1511,7 +1511,7 @@ WARN: Checks disabled | ||
5702 | ### LOGGING ### | ||
5703 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5704 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5705 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5706 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5707 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5708 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5709 | ### END LOGGING ### | ||
5710 | @@ -1551,7 +1551,7 @@ WARN: Checks disabled | ||
5711 | ### LOGGING ### | ||
5712 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5713 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5714 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5715 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5716 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5717 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5718 | ### END LOGGING ### | ||
5719 | @@ -1595,7 +1595,7 @@ WARN: Checks disabled | ||
5720 | ### LOGGING ### | ||
5721 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5722 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5723 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5724 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5725 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5726 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5727 | ### END LOGGING ### | ||
5728 | @@ -1635,7 +1635,7 @@ WARN: Checks disabled | ||
5729 | ### LOGGING ### | ||
5730 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5731 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5732 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5733 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5734 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5735 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5736 | ### END LOGGING ### | ||
5737 | @@ -1678,7 +1678,7 @@ WARN: Checks disabled | ||
5738 | ### LOGGING ### | ||
5739 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5740 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5741 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5742 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5743 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5744 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5745 | ### END LOGGING ### | ||
5746 | @@ -1718,7 +1718,7 @@ WARN: Checks disabled | ||
5747 | ### LOGGING ### | ||
5748 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5749 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5750 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5751 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5752 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5753 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5754 | ### END LOGGING ### | ||
5755 | @@ -1761,7 +1761,7 @@ WARN: Checks disabled | ||
5756 | ### LOGGING ### | ||
5757 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5758 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5759 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5760 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5761 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5762 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5763 | ### END LOGGING ### | ||
5764 | @@ -1801,7 +1801,7 @@ WARN: Checks disabled | ||
5765 | ### LOGGING ### | ||
5766 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5767 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5768 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5769 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5770 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5771 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5772 | ### END LOGGING ### | ||
5773 | @@ -1845,7 +1845,7 @@ WARN: Checks disabled | ||
5774 | ### LOGGING ### | ||
5775 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5776 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5777 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5778 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5779 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5780 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5781 | ### END LOGGING ### | ||
5782 | @@ -1885,7 +1885,7 @@ WARN: Checks disabled | ||
5783 | ### LOGGING ### | ||
5784 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5785 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5786 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5787 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5788 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5789 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5790 | ### END LOGGING ### | ||
5791 | @@ -1929,7 +1929,7 @@ WARN: Checks disabled | ||
5792 | ### LOGGING ### | ||
5793 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5794 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5795 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5796 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5797 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5798 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5799 | ### END LOGGING ### | ||
5800 | @@ -1969,7 +1969,7 @@ WARN: Checks disabled | ||
5801 | ### LOGGING ### | ||
5802 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5803 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5804 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5805 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5806 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5807 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5808 | ### END LOGGING ### | ||
5809 | @@ -2013,7 +2013,7 @@ WARN: Checks disabled | ||
5810 | ### LOGGING ### | ||
5811 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5812 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5813 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5814 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5815 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5816 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5817 | ### END LOGGING ### | ||
5818 | @@ -2053,7 +2053,7 @@ WARN: Checks disabled | ||
5819 | ### LOGGING ### | ||
5820 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5821 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5822 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5823 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5824 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5825 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5826 | ### END LOGGING ### | ||
5827 | @@ -2097,7 +2097,7 @@ WARN: Checks disabled | ||
5828 | ### LOGGING ### | ||
5829 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5830 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5831 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5832 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5833 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5834 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5835 | ### END LOGGING ### | ||
5836 | @@ -2137,7 +2137,7 @@ WARN: Checks disabled | ||
5837 | ### LOGGING ### | ||
5838 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5839 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5840 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5841 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5842 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5843 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5844 | ### END LOGGING ### | ||
5845 | @@ -2181,7 +2181,7 @@ WARN: Checks disabled | ||
5846 | ### LOGGING ### | ||
5847 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5848 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5849 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5850 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5851 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5852 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5853 | ### END LOGGING ### | ||
5854 | @@ -2221,7 +2221,7 @@ WARN: Checks disabled | ||
5855 | ### LOGGING ### | ||
5856 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5857 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5858 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5859 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5860 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5861 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5862 | ### END LOGGING ### | ||
5863 | @@ -2264,7 +2264,7 @@ WARN: Checks disabled | ||
5864 | ### LOGGING ### | ||
5865 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5866 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5867 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5868 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5869 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5870 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5871 | ### END LOGGING ### | ||
5872 | @@ -2304,7 +2304,7 @@ WARN: Checks disabled | ||
5873 | ### LOGGING ### | ||
5874 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5875 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5876 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5877 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5878 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5879 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5880 | ### END LOGGING ### | ||
5881 | @@ -2347,7 +2347,7 @@ WARN: Checks disabled | ||
5882 | ### LOGGING ### | ||
5883 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5884 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5885 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5886 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5887 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5888 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5889 | ### END LOGGING ### | ||
5890 | @@ -2387,7 +2387,7 @@ WARN: Checks disabled | ||
5891 | ### LOGGING ### | ||
5892 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5893 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5894 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5895 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5896 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5897 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5898 | ### END LOGGING ### | ||
5899 | @@ -2430,7 +2430,7 @@ WARN: Checks disabled | ||
5900 | ### LOGGING ### | ||
5901 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5902 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5903 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5904 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5905 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5906 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5907 | ### END LOGGING ### | ||
5908 | @@ -2470,7 +2470,7 @@ WARN: Checks disabled | ||
5909 | ### LOGGING ### | ||
5910 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5911 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5912 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5913 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5914 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5915 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5916 | ### END LOGGING ### | ||
5917 | @@ -2513,7 +2513,7 @@ WARN: Checks disabled | ||
5918 | ### LOGGING ### | ||
5919 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5920 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5921 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5922 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5923 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5924 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5925 | ### END LOGGING ### | ||
5926 | @@ -2553,7 +2553,7 @@ WARN: Checks disabled | ||
5927 | ### LOGGING ### | ||
5928 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5929 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5930 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5931 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5932 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5933 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5934 | ### END LOGGING ### | ||
5935 | @@ -2596,7 +2596,7 @@ WARN: Checks disabled | ||
5936 | ### LOGGING ### | ||
5937 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5938 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5939 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5940 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5941 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5942 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5943 | ### END LOGGING ### | ||
5944 | @@ -2636,7 +2636,7 @@ WARN: Checks disabled | ||
5945 | ### LOGGING ### | ||
5946 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5947 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5948 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5949 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5950 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5951 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5952 | ### END LOGGING ### | ||
5953 | @@ -2679,7 +2679,7 @@ WARN: Checks disabled | ||
5954 | ### LOGGING ### | ||
5955 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5956 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5957 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5958 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5959 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5960 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5961 | ### END LOGGING ### | ||
5962 | @@ -2719,7 +2719,7 @@ WARN: Checks disabled | ||
5963 | ### LOGGING ### | ||
5964 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5965 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5966 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5967 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5968 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5969 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5970 | ### END LOGGING ### | ||
5971 | @@ -2762,7 +2762,7 @@ WARN: Checks disabled | ||
5972 | ### LOGGING ### | ||
5973 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5974 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5975 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5976 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5977 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5978 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5979 | ### END LOGGING ### | ||
5980 | @@ -2802,7 +2802,7 @@ WARN: Checks disabled | ||
5981 | ### LOGGING ### | ||
5982 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5983 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5984 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5985 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5986 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5987 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5988 | ### END LOGGING ### | ||
5989 | @@ -2845,7 +2845,7 @@ WARN: Checks disabled | ||
5990 | ### LOGGING ### | ||
5991 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5992 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5993 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5994 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
5995 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
5996 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
5997 | ### END LOGGING ### | ||
5998 | @@ -2885,7 +2885,7 @@ WARN: Checks disabled | ||
5999 | ### LOGGING ### | ||
6000 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6001 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6002 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6003 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6004 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6005 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6006 | ### END LOGGING ### | ||
6007 | @@ -2928,7 +2928,7 @@ WARN: Checks disabled | ||
6008 | ### LOGGING ### | ||
6009 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6010 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6011 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6012 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6013 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6014 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6015 | ### END LOGGING ### | ||
6016 | @@ -2968,7 +2968,7 @@ WARN: Checks disabled | ||
6017 | ### LOGGING ### | ||
6018 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6019 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6020 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6021 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6022 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6023 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6024 | ### END LOGGING ### | ||
6025 | @@ -3011,7 +3011,7 @@ WARN: Checks disabled | ||
6026 | ### LOGGING ### | ||
6027 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6028 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6029 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6030 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6031 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6032 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6033 | ### END LOGGING ### | ||
6034 | @@ -3051,7 +3051,7 @@ WARN: Checks disabled | ||
6035 | ### LOGGING ### | ||
6036 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6037 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6038 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6039 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6040 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6041 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6042 | ### END LOGGING ### | ||
6043 | @@ -3094,7 +3094,7 @@ WARN: Checks disabled | ||
6044 | ### LOGGING ### | ||
6045 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6046 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6047 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6048 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6049 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6050 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6051 | ### END LOGGING ### | ||
6052 | @@ -3134,7 +3134,7 @@ WARN: Checks disabled | ||
6053 | ### LOGGING ### | ||
6054 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6055 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6056 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6057 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6058 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6059 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6060 | ### END LOGGING ### | ||
6061 | @@ -3177,7 +3177,7 @@ WARN: Checks disabled | ||
6062 | ### LOGGING ### | ||
6063 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6064 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6065 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6066 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6067 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6068 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6069 | ### END LOGGING ### | ||
6070 | @@ -3217,7 +3217,7 @@ WARN: Checks disabled | ||
6071 | ### LOGGING ### | ||
6072 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6073 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6074 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6075 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6076 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6077 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6078 | ### END LOGGING ### | ||
6079 | @@ -3260,7 +3260,7 @@ WARN: Checks disabled | ||
6080 | ### LOGGING ### | ||
6081 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6082 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6083 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6084 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6085 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6086 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6087 | ### END LOGGING ### | ||
6088 | @@ -3300,7 +3300,7 @@ WARN: Checks disabled | ||
6089 | ### LOGGING ### | ||
6090 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6091 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6092 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6093 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6094 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6095 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6096 | ### END LOGGING ### | ||
6097 | @@ -3344,7 +3344,7 @@ WARN: Checks disabled | ||
6098 | ### LOGGING ### | ||
6099 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6100 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6101 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6102 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6103 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6104 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6105 | ### END LOGGING ### | ||
6106 | @@ -3384,7 +3384,7 @@ WARN: Checks disabled | ||
6107 | ### LOGGING ### | ||
6108 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6109 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6110 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6111 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6112 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6113 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6114 | ### END LOGGING ### | ||
6115 | @@ -3428,7 +3428,7 @@ WARN: Checks disabled | ||
6116 | ### LOGGING ### | ||
6117 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6118 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6119 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6120 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6121 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6122 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6123 | ### END LOGGING ### | ||
6124 | @@ -3468,7 +3468,7 @@ WARN: Checks disabled | ||
6125 | ### LOGGING ### | ||
6126 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6127 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6128 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6129 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6130 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6131 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6132 | ### END LOGGING ### | ||
6133 | @@ -3512,7 +3512,7 @@ WARN: Checks disabled | ||
6134 | ### LOGGING ### | ||
6135 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6136 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6137 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6138 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6139 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6140 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6141 | ### END LOGGING ### | ||
6142 | @@ -3552,7 +3552,7 @@ WARN: Checks disabled | ||
6143 | ### LOGGING ### | ||
6144 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6145 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6146 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6147 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6148 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6149 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6150 | ### END LOGGING ### | ||
6151 | @@ -3596,7 +3596,7 @@ WARN: Checks disabled | ||
6152 | ### LOGGING ### | ||
6153 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6154 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6155 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6156 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6157 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6158 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6159 | ### END LOGGING ### | ||
6160 | @@ -3636,7 +3636,7 @@ WARN: Checks disabled | ||
6161 | ### LOGGING ### | ||
6162 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6163 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6164 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6165 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6166 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6167 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6168 | ### END LOGGING ### | ||
6169 | @@ -3680,7 +3680,7 @@ WARN: Checks disabled | ||
6170 | ### LOGGING ### | ||
6171 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6172 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6173 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6174 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6175 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6176 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6177 | ### END LOGGING ### | ||
6178 | @@ -3720,7 +3720,7 @@ WARN: Checks disabled | ||
6179 | ### LOGGING ### | ||
6180 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6181 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6182 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6183 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6184 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6185 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6186 | ### END LOGGING ### | ||
6187 | @@ -3763,7 +3763,7 @@ WARN: Checks disabled | ||
6188 | ### LOGGING ### | ||
6189 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6190 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6191 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6192 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6193 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6194 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6195 | ### END LOGGING ### | ||
6196 | @@ -3803,7 +3803,7 @@ WARN: Checks disabled | ||
6197 | ### LOGGING ### | ||
6198 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6199 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6200 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6201 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6202 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6203 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6204 | ### END LOGGING ### | ||
6205 | @@ -3846,7 +3846,7 @@ WARN: Checks disabled | ||
6206 | ### LOGGING ### | ||
6207 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6208 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6209 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6210 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6211 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6212 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6213 | ### END LOGGING ### | ||
6214 | @@ -3886,7 +3886,7 @@ WARN: Checks disabled | ||
6215 | ### LOGGING ### | ||
6216 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6217 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6218 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6219 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6220 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6221 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6222 | ### END LOGGING ### | ||
6223 | @@ -3929,7 +3929,7 @@ WARN: Checks disabled | ||
6224 | ### LOGGING ### | ||
6225 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6226 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6227 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6228 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6229 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6230 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6231 | ### END LOGGING ### | ||
6232 | @@ -3969,7 +3969,7 @@ WARN: Checks disabled | ||
6233 | ### LOGGING ### | ||
6234 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6235 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6236 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6237 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6238 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6239 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6240 | ### END LOGGING ### | ||
6241 | @@ -4012,7 +4012,7 @@ WARN: Checks disabled | ||
6242 | ### LOGGING ### | ||
6243 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6244 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6245 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6246 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6247 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6248 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6249 | ### END LOGGING ### | ||
6250 | @@ -4052,7 +4052,7 @@ WARN: Checks disabled | ||
6251 | ### LOGGING ### | ||
6252 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6253 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6254 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6255 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6256 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6257 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6258 | ### END LOGGING ### | ||
6259 | @@ -4095,7 +4095,7 @@ WARN: Checks disabled | ||
6260 | ### LOGGING ### | ||
6261 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6262 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6263 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6264 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6265 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6266 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6267 | ### END LOGGING ### | ||
6268 | @@ -4135,7 +4135,7 @@ WARN: Checks disabled | ||
6269 | ### LOGGING ### | ||
6270 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6271 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6272 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6273 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6274 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6275 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6276 | ### END LOGGING ### | ||
6277 | @@ -4178,7 +4178,7 @@ WARN: Checks disabled | ||
6278 | ### LOGGING ### | ||
6279 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6280 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6281 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6282 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6283 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6284 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6285 | ### END LOGGING ### | ||
6286 | @@ -4218,7 +4218,7 @@ WARN: Checks disabled | ||
6287 | ### LOGGING ### | ||
6288 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6289 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6290 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6291 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6292 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6293 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6294 | ### END LOGGING ### | ||
6295 | @@ -4261,7 +4261,7 @@ WARN: Checks disabled | ||
6296 | ### LOGGING ### | ||
6297 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6298 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6299 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6300 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6301 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6302 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6303 | ### END LOGGING ### | ||
6304 | @@ -4301,7 +4301,7 @@ WARN: Checks disabled | ||
6305 | ### LOGGING ### | ||
6306 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6307 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6308 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6309 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6310 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6311 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6312 | ### END LOGGING ### | ||
6313 | @@ -4344,7 +4344,7 @@ WARN: Checks disabled | ||
6314 | ### LOGGING ### | ||
6315 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6316 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6317 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6318 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6319 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6320 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6321 | ### END LOGGING ### | ||
6322 | @@ -4384,7 +4384,7 @@ WARN: Checks disabled | ||
6323 | ### LOGGING ### | ||
6324 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6325 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6326 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6327 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6328 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6329 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6330 | ### END LOGGING ### | ||
6331 | @@ -4427,7 +4427,7 @@ WARN: Checks disabled | ||
6332 | ### LOGGING ### | ||
6333 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6334 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6335 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6336 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6337 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6338 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6339 | ### END LOGGING ### | ||
6340 | @@ -4467,7 +4467,7 @@ WARN: Checks disabled | ||
6341 | ### LOGGING ### | ||
6342 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6343 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6344 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6345 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6346 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6347 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6348 | ### END LOGGING ### | ||
6349 | @@ -4510,7 +4510,7 @@ WARN: Checks disabled | ||
6350 | ### LOGGING ### | ||
6351 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6352 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6353 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6354 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6355 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6356 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6357 | ### END LOGGING ### | ||
6358 | @@ -4550,7 +4550,7 @@ WARN: Checks disabled | ||
6359 | ### LOGGING ### | ||
6360 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6361 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6362 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6363 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6364 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6365 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6366 | ### END LOGGING ### | ||
6367 | @@ -4586,8 +4586,8 @@ WARN: Checks disabled | ||
6368 | ### RULES ### | ||
6369 | |||
6370 | ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in | ||
6371 | --A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6372 | --A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6373 | +-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6374 | +-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6375 | -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept | ||
6376 | |||
6377 | ### END RULES ### | ||
6378 | @@ -4595,7 +4595,7 @@ WARN: Checks disabled | ||
6379 | ### LOGGING ### | ||
6380 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6381 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6382 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6383 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6384 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6385 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6386 | ### END LOGGING ### | ||
6387 | @@ -4635,7 +4635,7 @@ WARN: Checks disabled | ||
6388 | ### LOGGING ### | ||
6389 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6390 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6391 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6392 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6393 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6394 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6395 | ### END LOGGING ### | ||
6396 | @@ -4671,8 +4671,8 @@ WARN: Checks disabled | ||
6397 | ### RULES ### | ||
6398 | |||
6399 | ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in | ||
6400 | --A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --set | ||
6401 | --A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6402 | +-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6403 | +-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6404 | -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept | ||
6405 | |||
6406 | ### END RULES ### | ||
6407 | @@ -4680,7 +4680,7 @@ WARN: Checks disabled | ||
6408 | ### LOGGING ### | ||
6409 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6410 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6411 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6412 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6413 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6414 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6415 | ### END LOGGING ### | ||
6416 | @@ -4720,7 +4720,7 @@ WARN: Checks disabled | ||
6417 | ### LOGGING ### | ||
6418 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6419 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6420 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6421 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6422 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6423 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6424 | ### END LOGGING ### | ||
6425 | @@ -4756,8 +4756,8 @@ WARN: Checks disabled | ||
6426 | ### RULES ### | ||
6427 | |||
6428 | ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in | ||
6429 | --A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6430 | --A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6431 | +-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6432 | +-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6433 | -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept | ||
6434 | |||
6435 | ### END RULES ### | ||
6436 | @@ -4765,7 +4765,7 @@ WARN: Checks disabled | ||
6437 | ### LOGGING ### | ||
6438 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6439 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6440 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6441 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6442 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6443 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6444 | ### END LOGGING ### | ||
6445 | @@ -4805,7 +4805,7 @@ WARN: Checks disabled | ||
6446 | ### LOGGING ### | ||
6447 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6448 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6449 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6450 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6451 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6452 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6453 | ### END LOGGING ### | ||
6454 | @@ -4841,11 +4841,11 @@ WARN: Checks disabled | ||
6455 | ### RULES ### | ||
6456 | |||
6457 | ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in | ||
6458 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6459 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6460 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6461 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6462 | -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6463 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6464 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6465 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6466 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6467 | -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6468 | |||
6469 | ### END RULES ### | ||
6470 | @@ -4853,7 +4853,7 @@ WARN: Checks disabled | ||
6471 | ### LOGGING ### | ||
6472 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6473 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6474 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6475 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6476 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6477 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6478 | ### END LOGGING ### | ||
6479 | @@ -4893,7 +4893,7 @@ WARN: Checks disabled | ||
6480 | ### LOGGING ### | ||
6481 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6482 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6483 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6484 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6485 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6486 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6487 | ### END LOGGING ### | ||
6488 | @@ -4929,11 +4929,11 @@ WARN: Checks disabled | ||
6489 | ### RULES ### | ||
6490 | |||
6491 | ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in | ||
6492 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
6493 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6494 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
6495 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6496 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept | ||
6497 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
6498 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6499 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
6500 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6501 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept | ||
6502 | |||
6503 | ### END RULES ### | ||
6504 | @@ -4941,7 +4941,7 @@ WARN: Checks disabled | ||
6505 | ### LOGGING ### | ||
6506 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6507 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6508 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6509 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6510 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6511 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6512 | ### END LOGGING ### | ||
6513 | @@ -4981,7 +4981,7 @@ WARN: Checks disabled | ||
6514 | ### LOGGING ### | ||
6515 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6516 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6517 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6518 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6519 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6520 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6521 | ### END LOGGING ### | ||
6522 | @@ -5017,11 +5017,11 @@ WARN: Checks disabled | ||
6523 | ### RULES ### | ||
6524 | |||
6525 | ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in | ||
6526 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6527 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6528 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6529 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6530 | -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6531 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6532 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6533 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6534 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6535 | -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6536 | |||
6537 | ### END RULES ### | ||
6538 | @@ -5029,7 +5029,7 @@ WARN: Checks disabled | ||
6539 | ### LOGGING ### | ||
6540 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6541 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6542 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6543 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6544 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6545 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6546 | ### END LOGGING ### | ||
6547 | @@ -5069,7 +5069,7 @@ WARN: Checks disabled | ||
6548 | ### LOGGING ### | ||
6549 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6550 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6551 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6552 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6553 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6554 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6555 | ### END LOGGING ### | ||
6556 | @@ -5105,11 +5105,11 @@ WARN: Checks disabled | ||
6557 | ### RULES ### | ||
6558 | |||
6559 | ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in | ||
6560 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6561 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6562 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6563 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6564 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept | ||
6565 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6566 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6567 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6568 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6569 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept | ||
6570 | |||
6571 | ### END RULES ### | ||
6572 | @@ -5117,7 +5117,7 @@ WARN: Checks disabled | ||
6573 | ### LOGGING ### | ||
6574 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6575 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6576 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6577 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6578 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6579 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6580 | ### END LOGGING ### | ||
6581 | @@ -5157,7 +5157,7 @@ WARN: Checks disabled | ||
6582 | ### LOGGING ### | ||
6583 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6584 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6585 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6586 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6587 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6588 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6589 | ### END LOGGING ### | ||
6590 | @@ -5193,11 +5193,11 @@ WARN: Checks disabled | ||
6591 | ### RULES ### | ||
6592 | |||
6593 | ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in | ||
6594 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6595 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6596 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6597 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6598 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6599 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6600 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6601 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6602 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6603 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6604 | |||
6605 | ### END RULES ### | ||
6606 | @@ -5205,7 +5205,7 @@ WARN: Checks disabled | ||
6607 | ### LOGGING ### | ||
6608 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6609 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6610 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6611 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6612 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6613 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6614 | ### END LOGGING ### | ||
6615 | @@ -5245,7 +5245,7 @@ WARN: Checks disabled | ||
6616 | ### LOGGING ### | ||
6617 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6618 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6619 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6620 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6621 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6622 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6623 | ### END LOGGING ### | ||
6624 | @@ -5281,8 +5281,8 @@ WARN: Checks disabled | ||
6625 | ### RULES ### | ||
6626 | |||
6627 | ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in | ||
6628 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6629 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6630 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6631 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6632 | -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6633 | |||
6634 | ### END RULES ### | ||
6635 | @@ -5290,7 +5290,7 @@ WARN: Checks disabled | ||
6636 | ### LOGGING ### | ||
6637 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6638 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6639 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6640 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6641 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6642 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6643 | ### END LOGGING ### | ||
6644 | @@ -5330,7 +5330,7 @@ WARN: Checks disabled | ||
6645 | ### LOGGING ### | ||
6646 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6647 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6648 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6649 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6650 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6651 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6652 | ### END LOGGING ### | ||
6653 | @@ -5366,8 +5366,8 @@ WARN: Checks disabled | ||
6654 | ### RULES ### | ||
6655 | |||
6656 | ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in | ||
6657 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
6658 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6659 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
6660 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6661 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept | ||
6662 | |||
6663 | ### END RULES ### | ||
6664 | @@ -5375,7 +5375,7 @@ WARN: Checks disabled | ||
6665 | ### LOGGING ### | ||
6666 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6667 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6668 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6669 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6670 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6671 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6672 | ### END LOGGING ### | ||
6673 | @@ -5415,7 +5415,7 @@ WARN: Checks disabled | ||
6674 | ### LOGGING ### | ||
6675 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6676 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6677 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6678 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6679 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6680 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6681 | ### END LOGGING ### | ||
6682 | @@ -5451,8 +5451,8 @@ WARN: Checks disabled | ||
6683 | ### RULES ### | ||
6684 | |||
6685 | ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in | ||
6686 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6687 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6688 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6689 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6690 | -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6691 | |||
6692 | ### END RULES ### | ||
6693 | @@ -5460,7 +5460,7 @@ WARN: Checks disabled | ||
6694 | ### LOGGING ### | ||
6695 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6696 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6697 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6698 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6699 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6700 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6701 | ### END LOGGING ### | ||
6702 | @@ -5500,7 +5500,7 @@ WARN: Checks disabled | ||
6703 | ### LOGGING ### | ||
6704 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6705 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6706 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6707 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6708 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6709 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6710 | ### END LOGGING ### | ||
6711 | @@ -5536,8 +5536,8 @@ WARN: Checks disabled | ||
6712 | ### RULES ### | ||
6713 | |||
6714 | ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in | ||
6715 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6716 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6717 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6718 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6719 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept | ||
6720 | |||
6721 | ### END RULES ### | ||
6722 | @@ -5545,7 +5545,7 @@ WARN: Checks disabled | ||
6723 | ### LOGGING ### | ||
6724 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6725 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6726 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6727 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6728 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6729 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6730 | ### END LOGGING ### | ||
6731 | @@ -5585,7 +5585,7 @@ WARN: Checks disabled | ||
6732 | ### LOGGING ### | ||
6733 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6734 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6735 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6736 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6737 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6738 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6739 | ### END LOGGING ### | ||
6740 | @@ -5621,8 +5621,8 @@ WARN: Checks disabled | ||
6741 | ### RULES ### | ||
6742 | |||
6743 | ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in | ||
6744 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6745 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6746 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6747 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6748 | -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6749 | |||
6750 | ### END RULES ### | ||
6751 | @@ -5630,7 +5630,7 @@ WARN: Checks disabled | ||
6752 | ### LOGGING ### | ||
6753 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6754 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6755 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6756 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6757 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6758 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6759 | ### END LOGGING ### | ||
6760 | @@ -5670,7 +5670,7 @@ WARN: Checks disabled | ||
6761 | ### LOGGING ### | ||
6762 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6763 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6764 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6765 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6766 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6767 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6768 | ### END LOGGING ### | ||
6769 | @@ -5706,8 +5706,8 @@ WARN: Checks disabled | ||
6770 | ### RULES ### | ||
6771 | |||
6772 | ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in | ||
6773 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6774 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6775 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6776 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6777 | -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6778 | |||
6779 | ### END RULES ### | ||
6780 | @@ -5715,7 +5715,7 @@ WARN: Checks disabled | ||
6781 | ### LOGGING ### | ||
6782 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6783 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6784 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6785 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6786 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6787 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6788 | ### END LOGGING ### | ||
6789 | @@ -5755,7 +5755,7 @@ WARN: Checks disabled | ||
6790 | ### LOGGING ### | ||
6791 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6792 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6793 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6794 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6795 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6796 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6797 | ### END LOGGING ### | ||
6798 | @@ -5791,8 +5791,8 @@ WARN: Checks disabled | ||
6799 | ### RULES ### | ||
6800 | |||
6801 | ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in | ||
6802 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
6803 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6804 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
6805 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6806 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept | ||
6807 | |||
6808 | ### END RULES ### | ||
6809 | @@ -5800,7 +5800,7 @@ WARN: Checks disabled | ||
6810 | ### LOGGING ### | ||
6811 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6812 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6813 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6814 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6815 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6816 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6817 | ### END LOGGING ### | ||
6818 | @@ -5840,7 +5840,7 @@ WARN: Checks disabled | ||
6819 | ### LOGGING ### | ||
6820 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6821 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6822 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6823 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6824 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6825 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6826 | ### END LOGGING ### | ||
6827 | @@ -5876,8 +5876,8 @@ WARN: Checks disabled | ||
6828 | ### RULES ### | ||
6829 | |||
6830 | ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in | ||
6831 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6832 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6833 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6834 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6835 | -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6836 | |||
6837 | ### END RULES ### | ||
6838 | @@ -5885,7 +5885,7 @@ WARN: Checks disabled | ||
6839 | ### LOGGING ### | ||
6840 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6841 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6842 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6843 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6844 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6845 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6846 | ### END LOGGING ### | ||
6847 | @@ -5925,7 +5925,7 @@ WARN: Checks disabled | ||
6848 | ### LOGGING ### | ||
6849 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6850 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6851 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6852 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6853 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6854 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6855 | ### END LOGGING ### | ||
6856 | @@ -5961,8 +5961,8 @@ WARN: Checks disabled | ||
6857 | ### RULES ### | ||
6858 | |||
6859 | ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in | ||
6860 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
6861 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6862 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
6863 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6864 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept | ||
6865 | |||
6866 | ### END RULES ### | ||
6867 | @@ -5970,7 +5970,7 @@ WARN: Checks disabled | ||
6868 | ### LOGGING ### | ||
6869 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6870 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6871 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6872 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6873 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6874 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6875 | ### END LOGGING ### | ||
6876 | @@ -6010,7 +6010,7 @@ WARN: Checks disabled | ||
6877 | ### LOGGING ### | ||
6878 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6879 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6880 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6881 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6882 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6883 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6884 | ### END LOGGING ### | ||
6885 | @@ -6046,8 +6046,8 @@ WARN: Checks disabled | ||
6886 | ### RULES ### | ||
6887 | |||
6888 | ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in | ||
6889 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
6890 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6891 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
6892 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
6893 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
6894 | |||
6895 | ### END RULES ### | ||
6896 | @@ -6055,7 +6055,7 @@ WARN: Checks disabled | ||
6897 | ### LOGGING ### | ||
6898 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6899 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6900 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6901 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6902 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6903 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6904 | ### END LOGGING ### | ||
6905 | @@ -6095,7 +6095,7 @@ WARN: Checks disabled | ||
6906 | ### LOGGING ### | ||
6907 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6908 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6909 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6910 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6911 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6912 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6913 | ### END LOGGING ### | ||
6914 | @@ -6139,7 +6139,7 @@ WARN: Checks disabled | ||
6915 | ### LOGGING ### | ||
6916 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6917 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6918 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6919 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6920 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6921 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6922 | ### END LOGGING ### | ||
6923 | @@ -6179,7 +6179,7 @@ WARN: Checks disabled | ||
6924 | ### LOGGING ### | ||
6925 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6926 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6927 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6928 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6929 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6930 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6931 | ### END LOGGING ### | ||
6932 | @@ -6222,7 +6222,7 @@ WARN: Checks disabled | ||
6933 | ### LOGGING ### | ||
6934 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6935 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6936 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6937 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6938 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6939 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6940 | ### END LOGGING ### | ||
6941 | @@ -6262,7 +6262,7 @@ WARN: Checks disabled | ||
6942 | ### LOGGING ### | ||
6943 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6944 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6945 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6946 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6947 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6948 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6949 | ### END LOGGING ### | ||
6950 | @@ -6305,7 +6305,7 @@ WARN: Checks disabled | ||
6951 | ### LOGGING ### | ||
6952 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6953 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6954 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6955 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6956 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6957 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6958 | ### END LOGGING ### | ||
6959 | @@ -6345,7 +6345,7 @@ WARN: Checks disabled | ||
6960 | ### LOGGING ### | ||
6961 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6962 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6963 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6964 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6965 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6966 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6967 | ### END LOGGING ### | ||
6968 | @@ -6388,7 +6388,7 @@ WARN: Checks disabled | ||
6969 | ### LOGGING ### | ||
6970 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6971 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6972 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6973 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6974 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6975 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6976 | ### END LOGGING ### | ||
6977 | @@ -6428,7 +6428,7 @@ WARN: Checks disabled | ||
6978 | ### LOGGING ### | ||
6979 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6980 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6981 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6982 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6983 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6984 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6985 | ### END LOGGING ### | ||
6986 | @@ -6471,7 +6471,7 @@ WARN: Checks disabled | ||
6987 | ### LOGGING ### | ||
6988 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6989 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6990 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6991 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
6992 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6993 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
6994 | ### END LOGGING ### | ||
6995 | @@ -6511,7 +6511,7 @@ WARN: Checks disabled | ||
6996 | ### LOGGING ### | ||
6997 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6998 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
6999 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7000 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7001 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7002 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7003 | ### END LOGGING ### | ||
7004 | @@ -6554,7 +6554,7 @@ WARN: Checks disabled | ||
7005 | ### LOGGING ### | ||
7006 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7007 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7008 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7009 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7010 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7011 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7012 | ### END LOGGING ### | ||
7013 | @@ -6594,7 +6594,7 @@ WARN: Checks disabled | ||
7014 | ### LOGGING ### | ||
7015 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7016 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7017 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7018 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7019 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7020 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7021 | ### END LOGGING ### | ||
7022 | @@ -6637,7 +6637,7 @@ WARN: Checks disabled | ||
7023 | ### LOGGING ### | ||
7024 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7025 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7026 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7027 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7028 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7029 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7030 | ### END LOGGING ### | ||
7031 | @@ -6677,7 +6677,7 @@ WARN: Checks disabled | ||
7032 | ### LOGGING ### | ||
7033 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7034 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7035 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7036 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7037 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7038 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7039 | ### END LOGGING ### | ||
7040 | @@ -6720,7 +6720,7 @@ WARN: Checks disabled | ||
7041 | ### LOGGING ### | ||
7042 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7043 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7044 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7045 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7046 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7047 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7048 | ### END LOGGING ### | ||
7049 | @@ -6760,7 +6760,7 @@ WARN: Checks disabled | ||
7050 | ### LOGGING ### | ||
7051 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7052 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7053 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7054 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7055 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7056 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7057 | ### END LOGGING ### | ||
7058 | @@ -6803,7 +6803,7 @@ WARN: Checks disabled | ||
7059 | ### LOGGING ### | ||
7060 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7061 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7062 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7063 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7064 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7065 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7066 | ### END LOGGING ### | ||
7067 | @@ -6843,7 +6843,7 @@ WARN: Checks disabled | ||
7068 | ### LOGGING ### | ||
7069 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7070 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7071 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7072 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7073 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7074 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7075 | ### END LOGGING ### | ||
7076 | @@ -6886,7 +6886,7 @@ WARN: Checks disabled | ||
7077 | ### LOGGING ### | ||
7078 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7079 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7080 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7081 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7082 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7083 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7084 | ### END LOGGING ### | ||
7085 | @@ -6926,7 +6926,7 @@ WARN: Checks disabled | ||
7086 | ### LOGGING ### | ||
7087 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7088 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7089 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7090 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7091 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7092 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7093 | ### END LOGGING ### | ||
7094 | @@ -6970,7 +6970,7 @@ WARN: Checks disabled | ||
7095 | ### LOGGING ### | ||
7096 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7097 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7098 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7099 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7100 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7101 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7102 | ### END LOGGING ### | ||
7103 | @@ -7010,7 +7010,7 @@ WARN: Checks disabled | ||
7104 | ### LOGGING ### | ||
7105 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7106 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7107 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7108 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7109 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7110 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7111 | ### END LOGGING ### | ||
7112 | @@ -7054,7 +7054,7 @@ WARN: Checks disabled | ||
7113 | ### LOGGING ### | ||
7114 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7115 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7116 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7117 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7118 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7119 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7120 | ### END LOGGING ### | ||
7121 | @@ -7094,7 +7094,7 @@ WARN: Checks disabled | ||
7122 | ### LOGGING ### | ||
7123 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7124 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7125 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7126 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7127 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7128 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7129 | ### END LOGGING ### | ||
7130 | @@ -7138,7 +7138,7 @@ WARN: Checks disabled | ||
7131 | ### LOGGING ### | ||
7132 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7133 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7134 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7135 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7136 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7137 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7138 | ### END LOGGING ### | ||
7139 | @@ -7178,7 +7178,7 @@ WARN: Checks disabled | ||
7140 | ### LOGGING ### | ||
7141 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7142 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7143 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7144 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7145 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7146 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7147 | ### END LOGGING ### | ||
7148 | @@ -7221,7 +7221,7 @@ WARN: Checks disabled | ||
7149 | ### LOGGING ### | ||
7150 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7151 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7152 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7153 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7154 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7155 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7156 | ### END LOGGING ### | ||
7157 | @@ -7261,7 +7261,7 @@ WARN: Checks disabled | ||
7158 | ### LOGGING ### | ||
7159 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7160 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7161 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7162 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7163 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7164 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7165 | ### END LOGGING ### | ||
7166 | @@ -7304,7 +7304,7 @@ WARN: Checks disabled | ||
7167 | ### LOGGING ### | ||
7168 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7169 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7170 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7171 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7172 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7173 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7174 | ### END LOGGING ### | ||
7175 | @@ -7344,7 +7344,7 @@ WARN: Checks disabled | ||
7176 | ### LOGGING ### | ||
7177 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7178 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7179 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7180 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7181 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7182 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7183 | ### END LOGGING ### | ||
7184 | @@ -7387,7 +7387,7 @@ WARN: Checks disabled | ||
7185 | ### LOGGING ### | ||
7186 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7187 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7188 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7189 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7190 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7191 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7192 | ### END LOGGING ### | ||
7193 | @@ -7427,7 +7427,7 @@ WARN: Checks disabled | ||
7194 | ### LOGGING ### | ||
7195 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7196 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7197 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7198 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7199 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7200 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7201 | ### END LOGGING ### | ||
7202 | @@ -7470,7 +7470,7 @@ WARN: Checks disabled | ||
7203 | ### LOGGING ### | ||
7204 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7205 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7206 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7207 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7208 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7209 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7210 | ### END LOGGING ### | ||
7211 | @@ -7510,7 +7510,7 @@ WARN: Checks disabled | ||
7212 | ### LOGGING ### | ||
7213 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7214 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7215 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7216 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7217 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7218 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7219 | ### END LOGGING ### | ||
7220 | @@ -7553,7 +7553,7 @@ WARN: Checks disabled | ||
7221 | ### LOGGING ### | ||
7222 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7223 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7224 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7225 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7226 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7227 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7228 | ### END LOGGING ### | ||
7229 | @@ -7593,7 +7593,7 @@ WARN: Checks disabled | ||
7230 | ### LOGGING ### | ||
7231 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7232 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7233 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7234 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7235 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7236 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7237 | ### END LOGGING ### | ||
7238 | @@ -7636,7 +7636,7 @@ WARN: Checks disabled | ||
7239 | ### LOGGING ### | ||
7240 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7241 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7242 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7243 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7244 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7245 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7246 | ### END LOGGING ### | ||
7247 | @@ -7676,7 +7676,7 @@ WARN: Checks disabled | ||
7248 | ### LOGGING ### | ||
7249 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7250 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7251 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7252 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7253 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7254 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7255 | ### END LOGGING ### | ||
7256 | @@ -7719,7 +7719,7 @@ WARN: Checks disabled | ||
7257 | ### LOGGING ### | ||
7258 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7259 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7260 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7261 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7262 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7263 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7264 | ### END LOGGING ### | ||
7265 | @@ -7759,7 +7759,7 @@ WARN: Checks disabled | ||
7266 | ### LOGGING ### | ||
7267 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7268 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7269 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7270 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7271 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7272 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7273 | ### END LOGGING ### | ||
7274 | @@ -7802,7 +7802,7 @@ WARN: Checks disabled | ||
7275 | ### LOGGING ### | ||
7276 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7277 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7278 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7279 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7280 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7281 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7282 | ### END LOGGING ### | ||
7283 | @@ -7842,7 +7842,7 @@ WARN: Checks disabled | ||
7284 | ### LOGGING ### | ||
7285 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7286 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7287 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7288 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7289 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7290 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7291 | ### END LOGGING ### | ||
7292 | @@ -7885,7 +7885,7 @@ WARN: Checks disabled | ||
7293 | ### LOGGING ### | ||
7294 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7295 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7296 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7297 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7298 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7299 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7300 | ### END LOGGING ### | ||
7301 | @@ -7925,7 +7925,7 @@ WARN: Checks disabled | ||
7302 | ### LOGGING ### | ||
7303 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7304 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7305 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7306 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7307 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7308 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7309 | ### END LOGGING ### | ||
7310 | @@ -7968,7 +7968,7 @@ WARN: Checks disabled | ||
7311 | ### LOGGING ### | ||
7312 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7313 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7314 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7315 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7316 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7317 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7318 | ### END LOGGING ### | ||
7319 | @@ -8008,7 +8008,7 @@ WARN: Checks disabled | ||
7320 | ### LOGGING ### | ||
7321 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7322 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7323 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7324 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7325 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7326 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7327 | ### END LOGGING ### | ||
7328 | @@ -8051,7 +8051,7 @@ WARN: Checks disabled | ||
7329 | ### LOGGING ### | ||
7330 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7331 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7332 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7333 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7334 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7335 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7336 | ### END LOGGING ### | ||
7337 | @@ -8091,7 +8091,7 @@ WARN: Checks disabled | ||
7338 | ### LOGGING ### | ||
7339 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7340 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7341 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7342 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7343 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7344 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7345 | ### END LOGGING ### | ||
7346 | @@ -8134,7 +8134,7 @@ WARN: Checks disabled | ||
7347 | ### LOGGING ### | ||
7348 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7349 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7350 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7351 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7352 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7353 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7354 | ### END LOGGING ### | ||
7355 | @@ -8174,7 +8174,7 @@ WARN: Checks disabled | ||
7356 | ### LOGGING ### | ||
7357 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7358 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7359 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7360 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7361 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7362 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7363 | ### END LOGGING ### | ||
7364 | @@ -8217,7 +8217,7 @@ WARN: Checks disabled | ||
7365 | ### LOGGING ### | ||
7366 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7367 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7368 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7369 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7370 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7371 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7372 | ### END LOGGING ### | ||
7373 | @@ -8257,7 +8257,7 @@ WARN: Checks disabled | ||
7374 | ### LOGGING ### | ||
7375 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7376 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7377 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7378 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7379 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7380 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7381 | ### END LOGGING ### | ||
7382 | @@ -8300,7 +8300,7 @@ WARN: Checks disabled | ||
7383 | ### LOGGING ### | ||
7384 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7385 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7386 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7387 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7388 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7389 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7390 | ### END LOGGING ### | ||
7391 | @@ -8340,7 +8340,7 @@ WARN: Checks disabled | ||
7392 | ### LOGGING ### | ||
7393 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7394 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7395 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7396 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7397 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7398 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7399 | ### END LOGGING ### | ||
7400 | @@ -8383,7 +8383,7 @@ WARN: Checks disabled | ||
7401 | ### LOGGING ### | ||
7402 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7403 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7404 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7405 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7406 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7407 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7408 | ### END LOGGING ### | ||
7409 | @@ -8423,7 +8423,7 @@ WARN: Checks disabled | ||
7410 | ### LOGGING ### | ||
7411 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7412 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7413 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7414 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7415 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7416 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7417 | ### END LOGGING ### | ||
7418 | @@ -8466,7 +8466,7 @@ WARN: Checks disabled | ||
7419 | ### LOGGING ### | ||
7420 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7421 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7422 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7423 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7424 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7425 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7426 | ### END LOGGING ### | ||
7427 | @@ -8506,7 +8506,7 @@ WARN: Checks disabled | ||
7428 | ### LOGGING ### | ||
7429 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7430 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7431 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7432 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7433 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7434 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7435 | ### END LOGGING ### | ||
7436 | @@ -8550,7 +8550,7 @@ WARN: Checks disabled | ||
7437 | ### LOGGING ### | ||
7438 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7439 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7440 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7441 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7442 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7443 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7444 | ### END LOGGING ### | ||
7445 | @@ -8594,7 +8594,7 @@ WARN: Checks disabled | ||
7446 | ### LOGGING ### | ||
7447 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7448 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7449 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7450 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7451 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7452 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7453 | ### END LOGGING ### | ||
7454 | @@ -8637,7 +8637,7 @@ WARN: Checks disabled | ||
7455 | ### LOGGING ### | ||
7456 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7457 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7458 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7459 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7460 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7461 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7462 | ### END LOGGING ### | ||
7463 | @@ -8680,7 +8680,7 @@ WARN: Checks disabled | ||
7464 | ### LOGGING ### | ||
7465 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7466 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7467 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7468 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7469 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7470 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7471 | ### END LOGGING ### | ||
7472 | @@ -8724,7 +8724,7 @@ WARN: Checks disabled | ||
7473 | ### LOGGING ### | ||
7474 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7475 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7476 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7477 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7478 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7479 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7480 | ### END LOGGING ### | ||
7481 | @@ -8767,7 +8767,7 @@ WARN: Checks disabled | ||
7482 | ### LOGGING ### | ||
7483 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7484 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7485 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7486 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7487 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7488 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7489 | ### END LOGGING ### | ||
7490 | @@ -8810,7 +8810,7 @@ WARN: Checks disabled | ||
7491 | ### LOGGING ### | ||
7492 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7493 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7494 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7495 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7496 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7497 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7498 | ### END LOGGING ### | ||
7499 | @@ -8854,7 +8854,7 @@ WARN: Checks disabled | ||
7500 | ### LOGGING ### | ||
7501 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7502 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7503 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7504 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7505 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7506 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7507 | ### END LOGGING ### | ||
7508 | @@ -8898,7 +8898,7 @@ WARN: Checks disabled | ||
7509 | ### LOGGING ### | ||
7510 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7511 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7512 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7513 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7514 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7515 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7516 | ### END LOGGING ### | ||
7517 | @@ -8941,7 +8941,7 @@ WARN: Checks disabled | ||
7518 | ### LOGGING ### | ||
7519 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7520 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7521 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7522 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7523 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7524 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7525 | ### END LOGGING ### | ||
7526 | @@ -8984,7 +8984,7 @@ WARN: Checks disabled | ||
7527 | ### LOGGING ### | ||
7528 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7529 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7530 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7531 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7532 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7533 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7534 | ### END LOGGING ### | ||
7535 | @@ -9027,7 +9027,7 @@ WARN: Checks disabled | ||
7536 | ### LOGGING ### | ||
7537 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7538 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7539 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7540 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7541 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7542 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7543 | ### END LOGGING ### | ||
7544 | @@ -9070,7 +9070,7 @@ WARN: Checks disabled | ||
7545 | ### LOGGING ### | ||
7546 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7547 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7548 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7549 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7550 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7551 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7552 | ### END LOGGING ### | ||
7553 | @@ -9113,7 +9113,7 @@ WARN: Checks disabled | ||
7554 | ### LOGGING ### | ||
7555 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7556 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7557 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7558 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7559 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7560 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7561 | ### END LOGGING ### | ||
7562 | @@ -9156,7 +9156,7 @@ WARN: Checks disabled | ||
7563 | ### LOGGING ### | ||
7564 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7565 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7566 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7567 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7568 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7569 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7570 | ### END LOGGING ### | ||
7571 | @@ -9199,7 +9199,7 @@ WARN: Checks disabled | ||
7572 | ### LOGGING ### | ||
7573 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7574 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7575 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7576 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7577 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7578 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7579 | ### END LOGGING ### | ||
7580 | @@ -9242,7 +9242,7 @@ WARN: Checks disabled | ||
7581 | ### LOGGING ### | ||
7582 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7583 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7584 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7585 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7586 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7587 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7588 | ### END LOGGING ### | ||
7589 | @@ -9285,7 +9285,7 @@ WARN: Checks disabled | ||
7590 | ### LOGGING ### | ||
7591 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7592 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7593 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7594 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7595 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7596 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7597 | ### END LOGGING ### | ||
7598 | @@ -9328,7 +9328,7 @@ WARN: Checks disabled | ||
7599 | ### LOGGING ### | ||
7600 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7601 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7602 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7603 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7604 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7605 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7606 | ### END LOGGING ### | ||
7607 | @@ -9371,7 +9371,7 @@ WARN: Checks disabled | ||
7608 | ### LOGGING ### | ||
7609 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7610 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7611 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7612 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7613 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7614 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7615 | ### END LOGGING ### | ||
7616 | @@ -9414,7 +9414,7 @@ WARN: Checks disabled | ||
7617 | ### LOGGING ### | ||
7618 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7619 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7620 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7621 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7622 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7623 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7624 | ### END LOGGING ### | ||
7625 | @@ -9457,7 +9457,7 @@ WARN: Checks disabled | ||
7626 | ### LOGGING ### | ||
7627 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7628 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7629 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7630 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7631 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7632 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7633 | ### END LOGGING ### | ||
7634 | @@ -9500,7 +9500,7 @@ WARN: Checks disabled | ||
7635 | ### LOGGING ### | ||
7636 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7637 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7638 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7639 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7640 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7641 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7642 | ### END LOGGING ### | ||
7643 | @@ -9543,7 +9543,7 @@ WARN: Checks disabled | ||
7644 | ### LOGGING ### | ||
7645 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7646 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7647 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7648 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7649 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7650 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7651 | ### END LOGGING ### | ||
7652 | @@ -9586,7 +9586,7 @@ WARN: Checks disabled | ||
7653 | ### LOGGING ### | ||
7654 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7655 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7656 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7657 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7658 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7659 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7660 | ### END LOGGING ### | ||
7661 | @@ -9629,7 +9629,7 @@ WARN: Checks disabled | ||
7662 | ### LOGGING ### | ||
7663 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7664 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7665 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7666 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7667 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7668 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7669 | ### END LOGGING ### | ||
7670 | @@ -9672,7 +9672,7 @@ WARN: Checks disabled | ||
7671 | ### LOGGING ### | ||
7672 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7673 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7674 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7675 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7676 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7677 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7678 | ### END LOGGING ### | ||
7679 | @@ -9715,7 +9715,7 @@ WARN: Checks disabled | ||
7680 | ### LOGGING ### | ||
7681 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7682 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7683 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7684 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7685 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7686 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7687 | ### END LOGGING ### | ||
7688 | @@ -9758,7 +9758,7 @@ WARN: Checks disabled | ||
7689 | ### LOGGING ### | ||
7690 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7691 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7692 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7693 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7694 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7695 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7696 | ### END LOGGING ### | ||
7697 | @@ -9801,7 +9801,7 @@ WARN: Checks disabled | ||
7698 | ### LOGGING ### | ||
7699 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7700 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7701 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7702 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7703 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7704 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7705 | ### END LOGGING ### | ||
7706 | @@ -9844,7 +9844,7 @@ WARN: Checks disabled | ||
7707 | ### LOGGING ### | ||
7708 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7709 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7710 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7711 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7712 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7713 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7714 | ### END LOGGING ### | ||
7715 | @@ -9887,7 +9887,7 @@ WARN: Checks disabled | ||
7716 | ### LOGGING ### | ||
7717 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7718 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7719 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7720 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7721 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7722 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7723 | ### END LOGGING ### | ||
7724 | @@ -9930,7 +9930,7 @@ WARN: Checks disabled | ||
7725 | ### LOGGING ### | ||
7726 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7727 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7728 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7729 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7730 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7731 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7732 | ### END LOGGING ### | ||
7733 | @@ -9973,7 +9973,7 @@ WARN: Checks disabled | ||
7734 | ### LOGGING ### | ||
7735 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7736 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7737 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7738 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7739 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7740 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7741 | ### END LOGGING ### | ||
7742 | @@ -10016,7 +10016,7 @@ WARN: Checks disabled | ||
7743 | ### LOGGING ### | ||
7744 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7745 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7746 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7747 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7748 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7749 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7750 | ### END LOGGING ### | ||
7751 | @@ -10059,7 +10059,7 @@ WARN: Checks disabled | ||
7752 | ### LOGGING ### | ||
7753 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7754 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7755 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7756 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7757 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7758 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7759 | ### END LOGGING ### | ||
7760 | @@ -10102,7 +10102,7 @@ WARN: Checks disabled | ||
7761 | ### LOGGING ### | ||
7762 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7763 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7764 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7765 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7766 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7767 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7768 | ### END LOGGING ### | ||
7769 | @@ -10145,7 +10145,7 @@ WARN: Checks disabled | ||
7770 | ### LOGGING ### | ||
7771 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7772 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7773 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7774 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7775 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7776 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7777 | ### END LOGGING ### | ||
7778 | @@ -10188,7 +10188,7 @@ WARN: Checks disabled | ||
7779 | ### LOGGING ### | ||
7780 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7781 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7782 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7783 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7784 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7785 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7786 | ### END LOGGING ### | ||
7787 | @@ -10231,7 +10231,7 @@ WARN: Checks disabled | ||
7788 | ### LOGGING ### | ||
7789 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7790 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7791 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7792 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7793 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7794 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7795 | ### END LOGGING ### | ||
7796 | @@ -10274,7 +10274,7 @@ WARN: Checks disabled | ||
7797 | ### LOGGING ### | ||
7798 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7799 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7800 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7801 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7802 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7803 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7804 | ### END LOGGING ### | ||
7805 | @@ -10317,7 +10317,7 @@ WARN: Checks disabled | ||
7806 | ### LOGGING ### | ||
7807 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7808 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7809 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7810 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7811 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7812 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7813 | ### END LOGGING ### | ||
7814 | @@ -10360,7 +10360,7 @@ WARN: Checks disabled | ||
7815 | ### LOGGING ### | ||
7816 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7817 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7818 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7819 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7820 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7821 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7822 | ### END LOGGING ### | ||
7823 | @@ -10403,7 +10403,7 @@ WARN: Checks disabled | ||
7824 | ### LOGGING ### | ||
7825 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7826 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7827 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7828 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7829 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7830 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7831 | ### END LOGGING ### | ||
7832 | @@ -10446,7 +10446,7 @@ WARN: Checks disabled | ||
7833 | ### LOGGING ### | ||
7834 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7835 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7836 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7837 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7838 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7839 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7840 | ### END LOGGING ### | ||
7841 | @@ -10489,7 +10489,7 @@ WARN: Checks disabled | ||
7842 | ### LOGGING ### | ||
7843 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7844 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7845 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7846 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7847 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7848 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7849 | ### END LOGGING ### | ||
7850 | @@ -10532,7 +10532,7 @@ WARN: Checks disabled | ||
7851 | ### LOGGING ### | ||
7852 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7853 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7854 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7855 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7856 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7857 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7858 | ### END LOGGING ### | ||
7859 | @@ -10575,7 +10575,7 @@ WARN: Checks disabled | ||
7860 | ### LOGGING ### | ||
7861 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7862 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7863 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7864 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7865 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7866 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7867 | ### END LOGGING ### | ||
7868 | @@ -10618,7 +10618,7 @@ WARN: Checks disabled | ||
7869 | ### LOGGING ### | ||
7870 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7871 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7872 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7873 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7874 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7875 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7876 | ### END LOGGING ### | ||
7877 | @@ -10661,7 +10661,7 @@ WARN: Checks disabled | ||
7878 | ### LOGGING ### | ||
7879 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7880 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7881 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7882 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7883 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7884 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7885 | ### END LOGGING ### | ||
7886 | @@ -10704,7 +10704,7 @@ WARN: Checks disabled | ||
7887 | ### LOGGING ### | ||
7888 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7889 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7890 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7891 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7892 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7893 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7894 | ### END LOGGING ### | ||
7895 | @@ -10747,7 +10747,7 @@ WARN: Checks disabled | ||
7896 | ### LOGGING ### | ||
7897 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7898 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7899 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7900 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7901 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7902 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7903 | ### END LOGGING ### | ||
7904 | @@ -10790,7 +10790,7 @@ WARN: Checks disabled | ||
7905 | ### LOGGING ### | ||
7906 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7907 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7908 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7909 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7910 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7911 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7912 | ### END LOGGING ### | ||
7913 | @@ -10833,7 +10833,7 @@ WARN: Checks disabled | ||
7914 | ### LOGGING ### | ||
7915 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7916 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7917 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7918 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7919 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7920 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7921 | ### END LOGGING ### | ||
7922 | @@ -10876,7 +10876,7 @@ WARN: Checks disabled | ||
7923 | ### LOGGING ### | ||
7924 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7925 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7926 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7927 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7928 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7929 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7930 | ### END LOGGING ### | ||
7931 | @@ -10919,7 +10919,7 @@ WARN: Checks disabled | ||
7932 | ### LOGGING ### | ||
7933 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7934 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7935 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7936 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7937 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7938 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7939 | ### END LOGGING ### | ||
7940 | @@ -10962,7 +10962,7 @@ WARN: Checks disabled | ||
7941 | ### LOGGING ### | ||
7942 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7943 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7944 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7945 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7946 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7947 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7948 | ### END LOGGING ### | ||
7949 | @@ -11005,7 +11005,7 @@ WARN: Checks disabled | ||
7950 | ### LOGGING ### | ||
7951 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7952 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7953 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7954 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7955 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7956 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7957 | ### END LOGGING ### | ||
7958 | @@ -11048,7 +11048,7 @@ WARN: Checks disabled | ||
7959 | ### LOGGING ### | ||
7960 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7961 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7962 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7963 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7964 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7965 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7966 | ### END LOGGING ### | ||
7967 | @@ -11091,7 +11091,7 @@ WARN: Checks disabled | ||
7968 | ### LOGGING ### | ||
7969 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7970 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7971 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7972 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7973 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7974 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7975 | ### END LOGGING ### | ||
7976 | @@ -11134,7 +11134,7 @@ WARN: Checks disabled | ||
7977 | ### LOGGING ### | ||
7978 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7979 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7980 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7981 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7982 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7983 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7984 | ### END LOGGING ### | ||
7985 | @@ -11177,7 +11177,7 @@ WARN: Checks disabled | ||
7986 | ### LOGGING ### | ||
7987 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7988 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7989 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7990 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7991 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7992 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
7993 | ### END LOGGING ### | ||
7994 | @@ -11220,7 +11220,7 @@ WARN: Checks disabled | ||
7995 | ### LOGGING ### | ||
7996 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7997 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
7998 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
7999 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8000 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8001 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8002 | ### END LOGGING ### | ||
8003 | @@ -11263,7 +11263,7 @@ WARN: Checks disabled | ||
8004 | ### LOGGING ### | ||
8005 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8006 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8007 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8008 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8009 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8010 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8011 | ### END LOGGING ### | ||
8012 | @@ -11306,7 +11306,7 @@ WARN: Checks disabled | ||
8013 | ### LOGGING ### | ||
8014 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8015 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8016 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8017 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8018 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8019 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8020 | ### END LOGGING ### | ||
8021 | @@ -11349,7 +11349,7 @@ WARN: Checks disabled | ||
8022 | ### LOGGING ### | ||
8023 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8024 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8025 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8026 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8027 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8028 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8029 | ### END LOGGING ### | ||
8030 | @@ -11392,7 +11392,7 @@ WARN: Checks disabled | ||
8031 | ### LOGGING ### | ||
8032 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8033 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8034 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8035 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8036 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8037 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8038 | ### END LOGGING ### | ||
8039 | @@ -11435,7 +11435,7 @@ WARN: Checks disabled | ||
8040 | ### LOGGING ### | ||
8041 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8042 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8043 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8044 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8045 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8046 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8047 | ### END LOGGING ### | ||
8048 | @@ -11478,7 +11478,7 @@ WARN: Checks disabled | ||
8049 | ### LOGGING ### | ||
8050 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8051 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8052 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8053 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8054 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8055 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8056 | ### END LOGGING ### | ||
8057 | @@ -11521,7 +11521,7 @@ WARN: Checks disabled | ||
8058 | ### LOGGING ### | ||
8059 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8060 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8061 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8062 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8063 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8064 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8065 | ### END LOGGING ### | ||
8066 | @@ -11564,7 +11564,7 @@ WARN: Checks disabled | ||
8067 | ### LOGGING ### | ||
8068 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8069 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8070 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8071 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8072 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8073 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8074 | ### END LOGGING ### | ||
8075 | @@ -11607,7 +11607,7 @@ WARN: Checks disabled | ||
8076 | ### LOGGING ### | ||
8077 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8078 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8079 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8080 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8081 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8082 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8083 | ### END LOGGING ### | ||
8084 | @@ -11650,7 +11650,7 @@ WARN: Checks disabled | ||
8085 | ### LOGGING ### | ||
8086 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8087 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8088 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8089 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8090 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8091 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8092 | ### END LOGGING ### | ||
8093 | @@ -11693,7 +11693,7 @@ WARN: Checks disabled | ||
8094 | ### LOGGING ### | ||
8095 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8096 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8097 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8098 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8099 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8100 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8101 | ### END LOGGING ### | ||
8102 | @@ -11736,7 +11736,7 @@ WARN: Checks disabled | ||
8103 | ### LOGGING ### | ||
8104 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8105 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8106 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8107 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8108 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8109 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8110 | ### END LOGGING ### | ||
8111 | @@ -11779,7 +11779,7 @@ WARN: Checks disabled | ||
8112 | ### LOGGING ### | ||
8113 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8114 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8115 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8116 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8117 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8118 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8119 | ### END LOGGING ### | ||
8120 | @@ -11815,8 +11815,8 @@ WARN: Checks disabled | ||
8121 | ### RULES ### | ||
8122 | |||
8123 | ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in | ||
8124 | --A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --set | ||
8125 | --A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8126 | +-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set | ||
8127 | +-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8128 | -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept | ||
8129 | |||
8130 | ### END RULES ### | ||
8131 | @@ -11824,7 +11824,7 @@ WARN: Checks disabled | ||
8132 | ### LOGGING ### | ||
8133 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8134 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8135 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8136 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8137 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8138 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8139 | ### END LOGGING ### | ||
8140 | @@ -11860,8 +11860,8 @@ WARN: Checks disabled | ||
8141 | ### RULES ### | ||
8142 | |||
8143 | ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
8144 | --A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set | ||
8145 | --A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8146 | +-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set | ||
8147 | +-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8148 | -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept | ||
8149 | |||
8150 | ### END RULES ### | ||
8151 | @@ -11869,7 +11869,7 @@ WARN: Checks disabled | ||
8152 | ### LOGGING ### | ||
8153 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8154 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8155 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8156 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8157 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8158 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8159 | ### END LOGGING ### | ||
8160 | @@ -11905,8 +11905,8 @@ WARN: Checks disabled | ||
8161 | ### RULES ### | ||
8162 | |||
8163 | ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
8164 | --A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --set | ||
8165 | --A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8166 | +-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set | ||
8167 | +-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8168 | -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept | ||
8169 | |||
8170 | ### END RULES ### | ||
8171 | @@ -11914,7 +11914,7 @@ WARN: Checks disabled | ||
8172 | ### LOGGING ### | ||
8173 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8174 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8175 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8176 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8177 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8178 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8179 | ### END LOGGING ### | ||
8180 | @@ -11950,8 +11950,8 @@ WARN: Checks disabled | ||
8181 | ### RULES ### | ||
8182 | |||
8183 | ### tuple ### limit tcp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
8184 | --A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set | ||
8185 | --A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8186 | +-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set | ||
8187 | +-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8188 | -A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept | ||
8189 | |||
8190 | ### END RULES ### | ||
8191 | @@ -11959,7 +11959,7 @@ WARN: Checks disabled | ||
8192 | ### LOGGING ### | ||
8193 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8194 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8195 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8196 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8197 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8198 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8199 | ### END LOGGING ### | ||
8200 | @@ -11995,8 +11995,8 @@ WARN: Checks disabled | ||
8201 | ### RULES ### | ||
8202 | |||
8203 | ### tuple ### limit tcp 1,9 0.0.0.0/0 any 0.0.0.0/0 in | ||
8204 | --A ufw-user-input -p tcp -m multiport --dports 1,9 -m state --state NEW -m recent --set | ||
8205 | --A ufw-user-input -p tcp -m multiport --dports 1,9 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8206 | +-A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set | ||
8207 | +-A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8208 | -A ufw-user-input -p tcp -m multiport --dports 1,9 -j ufw-user-limit-accept | ||
8209 | |||
8210 | ### END RULES ### | ||
8211 | @@ -12004,7 +12004,7 @@ WARN: Checks disabled | ||
8212 | ### LOGGING ### | ||
8213 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8214 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8215 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8216 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8217 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8218 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8219 | ### END LOGGING ### | ||
8220 | @@ -12040,8 +12040,8 @@ WARN: Checks disabled | ||
8221 | ### RULES ### | ||
8222 | |||
8223 | ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in | ||
8224 | --A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --set | ||
8225 | --A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8226 | +-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set | ||
8227 | +-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8228 | -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept | ||
8229 | |||
8230 | ### END RULES ### | ||
8231 | @@ -12049,7 +12049,7 @@ WARN: Checks disabled | ||
8232 | ### LOGGING ### | ||
8233 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8234 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8235 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8236 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8237 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8238 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8239 | ### END LOGGING ### | ||
8240 | @@ -12085,8 +12085,8 @@ WARN: Checks disabled | ||
8241 | ### RULES ### | ||
8242 | |||
8243 | ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
8244 | --A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set | ||
8245 | --A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8246 | +-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set | ||
8247 | +-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8248 | -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept | ||
8249 | |||
8250 | ### END RULES ### | ||
8251 | @@ -12094,7 +12094,7 @@ WARN: Checks disabled | ||
8252 | ### LOGGING ### | ||
8253 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8254 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8255 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8256 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8257 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8258 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8259 | ### END LOGGING ### | ||
8260 | @@ -12130,8 +12130,8 @@ WARN: Checks disabled | ||
8261 | ### RULES ### | ||
8262 | |||
8263 | ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
8264 | --A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --set | ||
8265 | --A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8266 | +-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set | ||
8267 | +-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8268 | -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept | ||
8269 | |||
8270 | ### END RULES ### | ||
8271 | @@ -12139,7 +12139,7 @@ WARN: Checks disabled | ||
8272 | ### LOGGING ### | ||
8273 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8274 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8275 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8276 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8277 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8278 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8279 | ### END LOGGING ### | ||
8280 | @@ -12175,8 +12175,8 @@ WARN: Checks disabled | ||
8281 | ### RULES ### | ||
8282 | |||
8283 | ### tuple ### limit udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
8284 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set | ||
8285 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8286 | +-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set | ||
8287 | +-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8288 | -A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept | ||
8289 | |||
8290 | ### END RULES ### | ||
8291 | @@ -12184,7 +12184,7 @@ WARN: Checks disabled | ||
8292 | ### LOGGING ### | ||
8293 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8294 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8295 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8296 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8297 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8298 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8299 | ### END LOGGING ### | ||
8300 | @@ -12220,8 +12220,8 @@ WARN: Checks disabled | ||
8301 | ### RULES ### | ||
8302 | |||
8303 | ### tuple ### limit udp 1,9 0.0.0.0/0 any 0.0.0.0/0 in | ||
8304 | --A ufw-user-input -p udp -m multiport --dports 1,9 -m state --state NEW -m recent --set | ||
8305 | --A ufw-user-input -p udp -m multiport --dports 1,9 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8306 | +-A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set | ||
8307 | +-A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8308 | -A ufw-user-input -p udp -m multiport --dports 1,9 -j ufw-user-limit-accept | ||
8309 | |||
8310 | ### END RULES ### | ||
8311 | @@ -12229,7 +12229,7 @@ WARN: Checks disabled | ||
8312 | ### LOGGING ### | ||
8313 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8314 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8315 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8316 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8317 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8318 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8319 | ### END LOGGING ### | ||
8320 | @@ -12273,7 +12273,7 @@ WARN: Checks disabled | ||
8321 | ### LOGGING ### | ||
8322 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8323 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8324 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8325 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8326 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8327 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8328 | ### END LOGGING ### | ||
8329 | @@ -12317,7 +12317,7 @@ WARN: Checks disabled | ||
8330 | ### LOGGING ### | ||
8331 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8332 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8333 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8334 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8335 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8336 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8337 | ### END LOGGING ### | ||
8338 | @@ -12357,7 +12357,7 @@ WARN: Checks disabled | ||
8339 | ### LOGGING ### | ||
8340 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8341 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8342 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8343 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8344 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8345 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8346 | ### END LOGGING ### | ||
8347 | @@ -12400,7 +12400,7 @@ WARN: Checks disabled | ||
8348 | ### LOGGING ### | ||
8349 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8350 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8351 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8352 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8353 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8354 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8355 | ### END LOGGING ### | ||
8356 | @@ -12440,7 +12440,7 @@ WARN: Checks disabled | ||
8357 | ### LOGGING ### | ||
8358 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8359 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8360 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8361 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8362 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8363 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8364 | ### END LOGGING ### | ||
8365 | @@ -12484,7 +12484,7 @@ WARN: Checks disabled | ||
8366 | ### LOGGING ### | ||
8367 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8368 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8369 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8370 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8371 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8372 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8373 | ### END LOGGING ### | ||
8374 | @@ -12527,7 +12527,7 @@ WARN: Checks disabled | ||
8375 | ### LOGGING ### | ||
8376 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8377 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8378 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8379 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8380 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8381 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8382 | ### END LOGGING ### | ||
8383 | @@ -12570,7 +12570,7 @@ WARN: Checks disabled | ||
8384 | ### LOGGING ### | ||
8385 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8386 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8387 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8388 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8389 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8390 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8391 | ### END LOGGING ### | ||
8392 | @@ -12613,7 +12613,7 @@ WARN: Checks disabled | ||
8393 | ### LOGGING ### | ||
8394 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8395 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8396 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8397 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8398 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8399 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8400 | ### END LOGGING ### | ||
8401 | @@ -12656,7 +12656,7 @@ WARN: Checks disabled | ||
8402 | ### LOGGING ### | ||
8403 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8404 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8405 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8406 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8407 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8408 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8409 | ### END LOGGING ### | ||
8410 | @@ -12706,11 +12706,11 @@ Insert | ||
8411 | ### RULES ### | ||
8412 | |||
8413 | ### tuple ### allow_log any 9998 0.0.0.0/0 any 0.0.0.0/0 in | ||
8414 | --A ufw-user-logging-input -p tcp --dport 9998 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8415 | +-A ufw-user-logging-input -p tcp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8416 | -A ufw-user-logging-input -p tcp --dport 9998 -j RETURN | ||
8417 | -A ufw-user-input -p tcp --dport 9998 -j ufw-user-logging-input | ||
8418 | -A ufw-user-input -p tcp --dport 9998 -j ACCEPT | ||
8419 | --A ufw-user-logging-input -p udp --dport 9998 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8420 | +-A ufw-user-logging-input -p udp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8421 | -A ufw-user-logging-input -p udp --dport 9998 -j RETURN | ||
8422 | -A ufw-user-input -p udp --dport 9998 -j ufw-user-logging-input | ||
8423 | -A ufw-user-input -p udp --dport 9998 -j ACCEPT | ||
8424 | @@ -12735,7 +12735,7 @@ Insert | ||
8425 | ### LOGGING ### | ||
8426 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8427 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8428 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8429 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8430 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8431 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8432 | ### END LOGGING ### | ||
8433 | @@ -12785,7 +12785,7 @@ COMMIT | ||
8434 | ### LOGGING ### | ||
8435 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8436 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8437 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8438 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8439 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8440 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8441 | ### END LOGGING ### | ||
8442 | @@ -12908,7 +12908,7 @@ Interfaces | ||
8443 | ### LOGGING ### | ||
8444 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8445 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8446 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8447 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8448 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8449 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8450 | ### END LOGGING ### | ||
8451 | @@ -12982,7 +12982,7 @@ COMMIT | ||
8452 | ### LOGGING ### | ||
8453 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8454 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8455 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8456 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8457 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8458 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8459 | ### END LOGGING ### | ||
8460 | @@ -13100,7 +13100,7 @@ COMMIT | ||
8461 | ### LOGGING ### | ||
8462 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8463 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8464 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8465 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8466 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8467 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8468 | ### END LOGGING ### | ||
8469 | @@ -13174,7 +13174,7 @@ COMMIT | ||
8470 | ### LOGGING ### | ||
8471 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8472 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8473 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8474 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8475 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8476 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8477 | ### END LOGGING ### | ||
8478 | @@ -13244,83 +13244,83 @@ COMMIT | ||
8479 | ### RULES ### | ||
8480 | |||
8481 | ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
8482 | --A ufw-user-input -i eth0 -m state --state NEW -m recent --set | ||
8483 | --A ufw-user-input -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8484 | +-A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --set | ||
8485 | +-A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8486 | -A ufw-user-input -i eth0 -j ufw-user-limit-accept | ||
8487 | |||
8488 | ### tuple ### limit any 22 192.168.0.1 any 0.0.0.0/0 in_eth0 | ||
8489 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8490 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8491 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8492 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8493 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8494 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8495 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8496 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8497 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8498 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8499 | |||
8500 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth0 | ||
8501 | --A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8502 | --A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8503 | +-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8504 | +-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8505 | -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8506 | --A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8507 | --A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8508 | +-A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8509 | +-A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8510 | -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8511 | |||
8512 | ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 in_eth0 | ||
8513 | --A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8514 | --A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8515 | +-A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8516 | +-A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8517 | -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8518 | |||
8519 | ### tuple ### limit any 22 192.168.0.1 any 10.0.0.1 in_eth0 | ||
8520 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8521 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8522 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8523 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8524 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8525 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8526 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8527 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8528 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8529 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8530 | |||
8531 | ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 in_eth0 | ||
8532 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8533 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8534 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8535 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8536 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8537 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8538 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8539 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8540 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8541 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8542 | |||
8543 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth0 | ||
8544 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8545 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8546 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8547 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8548 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8549 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8550 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8551 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8552 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8553 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8554 | |||
8555 | ### tuple ### limit tcp 22 192.168.0.1 any 0.0.0.0/0 in_eth0 | ||
8556 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8557 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8558 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8559 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8560 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8561 | |||
8562 | ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0 | ||
8563 | --A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8564 | --A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8565 | +-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8566 | +-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8567 | -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8568 | |||
8569 | ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 in_eth0 | ||
8570 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8571 | --A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8572 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8573 | +-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8574 | -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8575 | |||
8576 | ### tuple ### limit udp 22 192.168.0.1 any 10.0.0.1 in_eth0 | ||
8577 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8578 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8579 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8580 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8581 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8582 | |||
8583 | ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 in_eth0 | ||
8584 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8585 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8586 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8587 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8588 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8589 | |||
8590 | ### tuple ### limit udp 22 192.168.0.1 80 10.0.0.1 in_eth0 | ||
8591 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8592 | --A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8593 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8594 | +-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8595 | -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8596 | |||
8597 | ### END RULES ### | ||
8598 | @@ -13328,7 +13328,7 @@ COMMIT | ||
8599 | ### LOGGING ### | ||
8600 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8601 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8602 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8603 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8604 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8605 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8606 | ### END LOGGING ### | ||
8607 | @@ -13402,7 +13402,7 @@ COMMIT | ||
8608 | ### LOGGING ### | ||
8609 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8610 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8611 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8612 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8613 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8614 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8615 | ### END LOGGING ### | ||
8616 | @@ -13520,7 +13520,7 @@ COMMIT | ||
8617 | ### LOGGING ### | ||
8618 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8619 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8620 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8621 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8622 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8623 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8624 | ### END LOGGING ### | ||
8625 | @@ -13594,7 +13594,7 @@ COMMIT | ||
8626 | ### LOGGING ### | ||
8627 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8628 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8629 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8630 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8631 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8632 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8633 | ### END LOGGING ### | ||
8634 | @@ -13638,7 +13638,7 @@ COMMIT | ||
8635 | ### LOGGING ### | ||
8636 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8637 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8638 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8639 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8640 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8641 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8642 | ### END LOGGING ### | ||
8643 | @@ -13676,7 +13676,7 @@ COMMIT | ||
8644 | ### LOGGING ### | ||
8645 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8646 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8647 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8648 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8649 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8650 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8651 | ### END LOGGING ### | ||
8652 | @@ -13794,7 +13794,7 @@ COMMIT | ||
8653 | ### LOGGING ### | ||
8654 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8655 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8656 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8657 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8658 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8659 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8660 | ### END LOGGING ### | ||
8661 | @@ -13868,7 +13868,7 @@ COMMIT | ||
8662 | ### LOGGING ### | ||
8663 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8664 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8665 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8666 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8667 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8668 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8669 | ### END LOGGING ### | ||
8670 | @@ -13986,7 +13986,7 @@ COMMIT | ||
8671 | ### LOGGING ### | ||
8672 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8673 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8674 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8675 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8676 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8677 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8678 | ### END LOGGING ### | ||
8679 | @@ -14060,7 +14060,7 @@ COMMIT | ||
8680 | ### LOGGING ### | ||
8681 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8682 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8683 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8684 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8685 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8686 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8687 | ### END LOGGING ### | ||
8688 | @@ -14130,83 +14130,83 @@ COMMIT | ||
8689 | ### RULES ### | ||
8690 | |||
8691 | ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
8692 | --A ufw-user-output -o eth0 -m state --state NEW -m recent --set | ||
8693 | --A ufw-user-output -o eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8694 | +-A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --set | ||
8695 | +-A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8696 | -A ufw-user-output -o eth0 -j ufw-user-limit-accept | ||
8697 | |||
8698 | ### tuple ### limit any 22 192.168.0.1 any 0.0.0.0/0 out_eth0 | ||
8699 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8700 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8701 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8702 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8703 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8704 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8705 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8706 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8707 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8708 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8709 | |||
8710 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth0 | ||
8711 | --A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8712 | --A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8713 | +-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8714 | +-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8715 | -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8716 | --A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8717 | --A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8718 | +-A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8719 | +-A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8720 | -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8721 | |||
8722 | ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 out_eth0 | ||
8723 | --A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8724 | --A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8725 | +-A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8726 | +-A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8727 | -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8728 | |||
8729 | ### tuple ### limit any 22 192.168.0.1 any 10.0.0.1 out_eth0 | ||
8730 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8731 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8732 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8733 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8734 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8735 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8736 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8737 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8738 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8739 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8740 | |||
8741 | ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 out_eth0 | ||
8742 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8743 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8744 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8745 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8746 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8747 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8748 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8749 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8750 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8751 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8752 | |||
8753 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth0 | ||
8754 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8755 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8756 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8757 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8758 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8759 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8760 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8761 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8762 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8763 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8764 | |||
8765 | ### tuple ### limit tcp 22 192.168.0.1 any 0.0.0.0/0 out_eth0 | ||
8766 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set | ||
8767 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8768 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
8769 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8770 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept | ||
8771 | |||
8772 | ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0 | ||
8773 | --A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8774 | --A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8775 | +-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8776 | +-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8777 | -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8778 | |||
8779 | ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 out_eth0 | ||
8780 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8781 | --A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8782 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8783 | +-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8784 | -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8785 | |||
8786 | ### tuple ### limit udp 22 192.168.0.1 any 10.0.0.1 out_eth0 | ||
8787 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set | ||
8788 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8789 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
8790 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8791 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept | ||
8792 | |||
8793 | ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 out_eth0 | ||
8794 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8795 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8796 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8797 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8798 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8799 | |||
8800 | ### tuple ### limit udp 22 192.168.0.1 80 10.0.0.1 out_eth0 | ||
8801 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
8802 | --A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8803 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
8804 | +-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
8805 | -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept | ||
8806 | |||
8807 | ### END RULES ### | ||
8808 | @@ -14214,7 +14214,7 @@ COMMIT | ||
8809 | ### LOGGING ### | ||
8810 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8811 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8812 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8813 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8814 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8815 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8816 | ### END LOGGING ### | ||
8817 | @@ -14288,7 +14288,7 @@ COMMIT | ||
8818 | ### LOGGING ### | ||
8819 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8820 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8821 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8822 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8823 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8824 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8825 | ### END LOGGING ### | ||
8826 | @@ -14406,7 +14406,7 @@ COMMIT | ||
8827 | ### LOGGING ### | ||
8828 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8829 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8830 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8831 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8832 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8833 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8834 | ### END LOGGING ### | ||
8835 | @@ -14480,7 +14480,7 @@ COMMIT | ||
8836 | ### LOGGING ### | ||
8837 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8838 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8839 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8840 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8841 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8842 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8843 | ### END LOGGING ### | ||
8844 | @@ -14524,7 +14524,7 @@ COMMIT | ||
8845 | ### LOGGING ### | ||
8846 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8847 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8848 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8849 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8850 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8851 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8852 | ### END LOGGING ### | ||
8853 | @@ -14562,7 +14562,7 @@ COMMIT | ||
8854 | ### LOGGING ### | ||
8855 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8856 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8857 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8858 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8859 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8860 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8861 | ### END LOGGING ### | ||
8862 | @@ -14603,7 +14603,7 @@ WARN: Checks disabled | ||
8863 | ### LOGGING ### | ||
8864 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8865 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8866 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8867 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8868 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8869 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8870 | ### END LOGGING ### | ||
8871 | @@ -14646,7 +14646,7 @@ WARN: Checks disabled | ||
8872 | ### LOGGING ### | ||
8873 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8874 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8875 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8876 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8877 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8878 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8879 | ### END LOGGING ### | ||
8880 | @@ -14690,7 +14690,7 @@ WARN: Checks disabled | ||
8881 | ### LOGGING ### | ||
8882 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8883 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8884 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8885 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8886 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8887 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8888 | ### END LOGGING ### | ||
8889 | @@ -14733,7 +14733,7 @@ WARN: Checks disabled | ||
8890 | ### LOGGING ### | ||
8891 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8892 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8893 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8894 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8895 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8896 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8897 | ### END LOGGING ### | ||
8898 | @@ -14776,7 +14776,7 @@ WARN: Checks disabled | ||
8899 | ### LOGGING ### | ||
8900 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8901 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8902 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8903 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8904 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8905 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8906 | ### END LOGGING ### | ||
8907 | @@ -14819,7 +14819,7 @@ WARN: Checks disabled | ||
8908 | ### LOGGING ### | ||
8909 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8910 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8911 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8912 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8913 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8914 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8915 | ### END LOGGING ### | ||
8916 | diff --git a/tests/ipv6/logging/result b/tests/ipv6/logging/result | ||
8917 | index dd9c077..afd72dd 100644 | ||
8918 | --- a/tests/ipv6/logging/result | ||
8919 | +++ b/tests/ipv6/logging/result | ||
8920 | @@ -26,23 +26,23 @@ contents of user*.rules: | ||
8921 | ### RULES ### | ||
8922 | |||
8923 | ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
8924 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8925 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8926 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
8927 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
8928 | -A ufw-user-input -p tcp --dport 23 -j ACCEPT | ||
8929 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8930 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8931 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
8932 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
8933 | -A ufw-user-input -p udp --dport 23 -j ACCEPT | ||
8934 | |||
8935 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
8936 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8937 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8938 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
8939 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
8940 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
8941 | |||
8942 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
8943 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8944 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8945 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
8946 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
8947 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
8948 | @@ -52,7 +52,7 @@ contents of user*.rules: | ||
8949 | ### LOGGING ### | ||
8950 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8951 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8952 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8953 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8954 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8955 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8956 | ### END LOGGING ### | ||
8957 | @@ -81,23 +81,23 @@ COMMIT | ||
8958 | ### RULES ### | ||
8959 | |||
8960 | ### tuple ### allow_log any 23 ::/0 any ::/0 in | ||
8961 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8962 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8963 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
8964 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
8965 | -A ufw6-user-input -p tcp --dport 23 -j ACCEPT | ||
8966 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8967 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8968 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
8969 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
8970 | -A ufw6-user-input -p udp --dport 23 -j ACCEPT | ||
8971 | |||
8972 | ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in | ||
8973 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8974 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8975 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
8976 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
8977 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
8978 | |||
8979 | ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
8980 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8981 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
8982 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
8983 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
8984 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
8985 | @@ -107,7 +107,7 @@ COMMIT | ||
8986 | ### LOGGING ### | ||
8987 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8988 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8989 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8990 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8991 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8992 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
8993 | ### END LOGGING ### | ||
8994 | @@ -143,7 +143,7 @@ contents of user*.rules: | ||
8995 | ### LOGGING ### | ||
8996 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8997 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
8998 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
8999 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9000 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9001 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9002 | ### END LOGGING ### | ||
9003 | @@ -176,7 +176,7 @@ COMMIT | ||
9004 | ### LOGGING ### | ||
9005 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9006 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9007 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9008 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9009 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9010 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9011 | ### END LOGGING ### | ||
9012 | @@ -209,7 +209,7 @@ contents of user*.rules: | ||
9013 | ### LOGGING ### | ||
9014 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9015 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9016 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9017 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9018 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9019 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9020 | ### END LOGGING ### | ||
9021 | @@ -238,7 +238,7 @@ COMMIT | ||
9022 | ### RULES ### | ||
9023 | |||
9024 | ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
9025 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9026 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9027 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
9028 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
9029 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT | ||
9030 | @@ -248,7 +248,7 @@ COMMIT | ||
9031 | ### LOGGING ### | ||
9032 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9033 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9034 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9035 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9036 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9037 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9038 | ### END LOGGING ### | ||
9039 | @@ -281,7 +281,7 @@ contents of user*.rules: | ||
9040 | ### LOGGING ### | ||
9041 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9042 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9043 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9044 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9045 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9046 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9047 | ### END LOGGING ### | ||
9048 | @@ -314,7 +314,7 @@ COMMIT | ||
9049 | ### LOGGING ### | ||
9050 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9051 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9052 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9053 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9054 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9055 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9056 | ### END LOGGING ### | ||
9057 | @@ -372,7 +372,7 @@ contents of user*.rules: | ||
9058 | ### LOGGING ### | ||
9059 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9060 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9061 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9062 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9063 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9064 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9065 | ### END LOGGING ### | ||
9066 | @@ -427,7 +427,7 @@ COMMIT | ||
9067 | ### LOGGING ### | ||
9068 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9069 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9070 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9071 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9072 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9073 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9074 | ### END LOGGING ### | ||
9075 | @@ -463,7 +463,7 @@ contents of user*.rules: | ||
9076 | ### LOGGING ### | ||
9077 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9078 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9079 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9080 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9081 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9082 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9083 | ### END LOGGING ### | ||
9084 | @@ -496,7 +496,7 @@ COMMIT | ||
9085 | ### LOGGING ### | ||
9086 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9087 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9088 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9089 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9090 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9091 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9092 | ### END LOGGING ### | ||
9093 | @@ -529,7 +529,7 @@ contents of user*.rules: | ||
9094 | ### LOGGING ### | ||
9095 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9096 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9097 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9098 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9099 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9100 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9101 | ### END LOGGING ### | ||
9102 | @@ -568,7 +568,7 @@ COMMIT | ||
9103 | ### LOGGING ### | ||
9104 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9105 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9106 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9107 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9108 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9109 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9110 | ### END LOGGING ### | ||
9111 | @@ -601,7 +601,7 @@ contents of user*.rules: | ||
9112 | ### LOGGING ### | ||
9113 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9114 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9115 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9116 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9117 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9118 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9119 | ### END LOGGING ### | ||
9120 | @@ -634,7 +634,7 @@ COMMIT | ||
9121 | ### LOGGING ### | ||
9122 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9123 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9124 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9125 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9126 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9127 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9128 | ### END LOGGING ### | ||
9129 | @@ -666,23 +666,23 @@ contents of user*.rules: | ||
9130 | ### RULES ### | ||
9131 | |||
9132 | ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
9133 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9134 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9135 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
9136 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
9137 | -A ufw-user-input -p tcp --dport 23 -j DROP | ||
9138 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9139 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9140 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
9141 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
9142 | -A ufw-user-input -p udp --dport 23 -j DROP | ||
9143 | |||
9144 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9145 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9146 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9147 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9148 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9149 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
9150 | |||
9151 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9152 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9153 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9154 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9155 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9156 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
9157 | @@ -692,7 +692,7 @@ contents of user*.rules: | ||
9158 | ### LOGGING ### | ||
9159 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9160 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9161 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9162 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9163 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9164 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9165 | ### END LOGGING ### | ||
9166 | @@ -721,23 +721,23 @@ COMMIT | ||
9167 | ### RULES ### | ||
9168 | |||
9169 | ### tuple ### deny_log any 23 ::/0 any ::/0 in | ||
9170 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9171 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9172 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
9173 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
9174 | -A ufw6-user-input -p tcp --dport 23 -j DROP | ||
9175 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9176 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9177 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
9178 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
9179 | -A ufw6-user-input -p udp --dport 23 -j DROP | ||
9180 | |||
9181 | ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in | ||
9182 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9183 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9184 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9185 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
9186 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
9187 | |||
9188 | ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
9189 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9190 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9191 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9192 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
9193 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
9194 | @@ -747,7 +747,7 @@ COMMIT | ||
9195 | ### LOGGING ### | ||
9196 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9197 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9198 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9199 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9200 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9201 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9202 | ### END LOGGING ### | ||
9203 | @@ -783,7 +783,7 @@ contents of user*.rules: | ||
9204 | ### LOGGING ### | ||
9205 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9206 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9207 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9208 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9209 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9210 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9211 | ### END LOGGING ### | ||
9212 | @@ -816,7 +816,7 @@ COMMIT | ||
9213 | ### LOGGING ### | ||
9214 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9215 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9216 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9217 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9218 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9219 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9220 | ### END LOGGING ### | ||
9221 | @@ -849,7 +849,7 @@ contents of user*.rules: | ||
9222 | ### LOGGING ### | ||
9223 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9224 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9225 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9226 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9227 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9228 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9229 | ### END LOGGING ### | ||
9230 | @@ -878,7 +878,7 @@ COMMIT | ||
9231 | ### RULES ### | ||
9232 | |||
9233 | ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
9234 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9235 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9236 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
9237 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
9238 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP | ||
9239 | @@ -888,7 +888,7 @@ COMMIT | ||
9240 | ### LOGGING ### | ||
9241 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9242 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9243 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9244 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9245 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9246 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9247 | ### END LOGGING ### | ||
9248 | @@ -921,7 +921,7 @@ contents of user*.rules: | ||
9249 | ### LOGGING ### | ||
9250 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9251 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9252 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9253 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9254 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9255 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9256 | ### END LOGGING ### | ||
9257 | @@ -954,7 +954,7 @@ COMMIT | ||
9258 | ### LOGGING ### | ||
9259 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9260 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9261 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9262 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9263 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9264 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9265 | ### END LOGGING ### | ||
9266 | @@ -1012,7 +1012,7 @@ contents of user*.rules: | ||
9267 | ### LOGGING ### | ||
9268 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9269 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9270 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9271 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9272 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9273 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9274 | ### END LOGGING ### | ||
9275 | @@ -1067,7 +1067,7 @@ COMMIT | ||
9276 | ### LOGGING ### | ||
9277 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9278 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9279 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9280 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9281 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9282 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9283 | ### END LOGGING ### | ||
9284 | @@ -1103,7 +1103,7 @@ contents of user*.rules: | ||
9285 | ### LOGGING ### | ||
9286 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9287 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9288 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9289 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9290 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9291 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9292 | ### END LOGGING ### | ||
9293 | @@ -1136,7 +1136,7 @@ COMMIT | ||
9294 | ### LOGGING ### | ||
9295 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9296 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9297 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9298 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9299 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9300 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9301 | ### END LOGGING ### | ||
9302 | @@ -1169,7 +1169,7 @@ contents of user*.rules: | ||
9303 | ### LOGGING ### | ||
9304 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9305 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9306 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9307 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9308 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9309 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9310 | ### END LOGGING ### | ||
9311 | @@ -1208,7 +1208,7 @@ COMMIT | ||
9312 | ### LOGGING ### | ||
9313 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9314 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9315 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9316 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9317 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9318 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9319 | ### END LOGGING ### | ||
9320 | @@ -1241,7 +1241,7 @@ contents of user*.rules: | ||
9321 | ### LOGGING ### | ||
9322 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9323 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9324 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9325 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9326 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9327 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9328 | ### END LOGGING ### | ||
9329 | @@ -1274,7 +1274,7 @@ COMMIT | ||
9330 | ### LOGGING ### | ||
9331 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9332 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9333 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9334 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9335 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9336 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9337 | ### END LOGGING ### | ||
9338 | @@ -1306,33 +1306,33 @@ contents of user*.rules: | ||
9339 | ### RULES ### | ||
9340 | |||
9341 | ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
9342 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9343 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9344 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
9345 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
9346 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
9347 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9348 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
9349 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9350 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
9351 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9352 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9353 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
9354 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
9355 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
9356 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9357 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
9358 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9359 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
9360 | |||
9361 | ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9362 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9363 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9364 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9365 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9366 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9367 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9368 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9369 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9370 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
9371 | |||
9372 | ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9373 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9374 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9375 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9376 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9377 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9378 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9379 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9380 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9381 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
9382 | |||
9383 | ### END RULES ### | ||
9384 | @@ -1340,7 +1340,7 @@ contents of user*.rules: | ||
9385 | ### LOGGING ### | ||
9386 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9387 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9388 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9389 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9390 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9391 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9392 | ### END LOGGING ### | ||
9393 | @@ -1373,7 +1373,7 @@ COMMIT | ||
9394 | ### LOGGING ### | ||
9395 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9396 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9397 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9398 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9399 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9400 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9401 | ### END LOGGING ### | ||
9402 | @@ -1409,7 +1409,7 @@ contents of user*.rules: | ||
9403 | ### LOGGING ### | ||
9404 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9405 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9406 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9407 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9408 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9409 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9410 | ### END LOGGING ### | ||
9411 | @@ -1442,7 +1442,7 @@ COMMIT | ||
9412 | ### LOGGING ### | ||
9413 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9414 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9415 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9416 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9417 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9418 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9419 | ### END LOGGING ### | ||
9420 | @@ -1475,7 +1475,7 @@ contents of user*.rules: | ||
9421 | ### LOGGING ### | ||
9422 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9423 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9424 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9425 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9426 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9427 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9428 | ### END LOGGING ### | ||
9429 | @@ -1508,7 +1508,7 @@ COMMIT | ||
9430 | ### LOGGING ### | ||
9431 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9432 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9433 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9434 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9435 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9436 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9437 | ### END LOGGING ### | ||
9438 | @@ -1541,7 +1541,7 @@ contents of user*.rules: | ||
9439 | ### LOGGING ### | ||
9440 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9441 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9442 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9443 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9444 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9445 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9446 | ### END LOGGING ### | ||
9447 | @@ -1574,7 +1574,7 @@ COMMIT | ||
9448 | ### LOGGING ### | ||
9449 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9450 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9451 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9452 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9453 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9454 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9455 | ### END LOGGING ### | ||
9456 | @@ -1609,30 +1609,30 @@ contents of user*.rules: | ||
9457 | -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9458 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
9459 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
9460 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
9461 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9462 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
9463 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9464 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
9465 | -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9466 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
9467 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
9468 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
9469 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9470 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
9471 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
9472 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
9473 | |||
9474 | ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9475 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9476 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9477 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9478 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9479 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9480 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9481 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9482 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
9483 | |||
9484 | ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9485 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
9486 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9487 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9488 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9489 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9490 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
9491 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
9492 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
9493 | |||
9494 | ### END RULES ### | ||
9495 | @@ -1640,7 +1640,7 @@ contents of user*.rules: | ||
9496 | ### LOGGING ### | ||
9497 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9498 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9499 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9500 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9501 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9502 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9503 | ### END LOGGING ### | ||
9504 | @@ -1673,7 +1673,7 @@ COMMIT | ||
9505 | ### LOGGING ### | ||
9506 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9507 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9508 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9509 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9510 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9511 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9512 | ### END LOGGING ### | ||
9513 | @@ -1709,7 +1709,7 @@ contents of user*.rules: | ||
9514 | ### LOGGING ### | ||
9515 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9516 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9517 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9518 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9519 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9520 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9521 | ### END LOGGING ### | ||
9522 | @@ -1742,7 +1742,7 @@ COMMIT | ||
9523 | ### LOGGING ### | ||
9524 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9525 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9526 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9527 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9528 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9529 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9530 | ### END LOGGING ### | ||
9531 | @@ -1775,7 +1775,7 @@ contents of user*.rules: | ||
9532 | ### LOGGING ### | ||
9533 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9534 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9535 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9536 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9537 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9538 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9539 | ### END LOGGING ### | ||
9540 | @@ -1808,7 +1808,7 @@ COMMIT | ||
9541 | ### LOGGING ### | ||
9542 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9543 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9544 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9545 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9546 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9547 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9548 | ### END LOGGING ### | ||
9549 | @@ -1841,7 +1841,7 @@ contents of user*.rules: | ||
9550 | ### LOGGING ### | ||
9551 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9552 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9553 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9554 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9555 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9556 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9557 | ### END LOGGING ### | ||
9558 | @@ -1874,7 +1874,7 @@ COMMIT | ||
9559 | ### LOGGING ### | ||
9560 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9561 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9562 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9563 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9564 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9565 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9566 | ### END LOGGING ### | ||
9567 | @@ -1906,23 +1906,23 @@ contents of user*.rules: | ||
9568 | ### RULES ### | ||
9569 | |||
9570 | ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
9571 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9572 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9573 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
9574 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
9575 | -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
9576 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9577 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9578 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
9579 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
9580 | -A ufw-user-input -p udp --dport 23 -j REJECT | ||
9581 | |||
9582 | ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9583 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9584 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9585 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9586 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9587 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
9588 | |||
9589 | ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9590 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9591 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9592 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9593 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9594 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
9595 | @@ -1932,7 +1932,7 @@ contents of user*.rules: | ||
9596 | ### LOGGING ### | ||
9597 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9598 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9599 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9600 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9601 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9602 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9603 | ### END LOGGING ### | ||
9604 | @@ -1961,23 +1961,23 @@ COMMIT | ||
9605 | ### RULES ### | ||
9606 | |||
9607 | ### tuple ### reject_log any 23 ::/0 any ::/0 in | ||
9608 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9609 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9610 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
9611 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
9612 | -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
9613 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9614 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9615 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
9616 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
9617 | -A ufw6-user-input -p udp --dport 23 -j REJECT | ||
9618 | |||
9619 | ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in | ||
9620 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9621 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9622 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9623 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
9624 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
9625 | |||
9626 | ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
9627 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9628 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9629 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9630 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
9631 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
9632 | @@ -1987,7 +1987,7 @@ COMMIT | ||
9633 | ### LOGGING ### | ||
9634 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9635 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9636 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9637 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9638 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9639 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9640 | ### END LOGGING ### | ||
9641 | @@ -2023,7 +2023,7 @@ contents of user*.rules: | ||
9642 | ### LOGGING ### | ||
9643 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9644 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9645 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9646 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9647 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9648 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9649 | ### END LOGGING ### | ||
9650 | @@ -2056,7 +2056,7 @@ COMMIT | ||
9651 | ### LOGGING ### | ||
9652 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9653 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9654 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9655 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9656 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9657 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9658 | ### END LOGGING ### | ||
9659 | @@ -2089,7 +2089,7 @@ contents of user*.rules: | ||
9660 | ### LOGGING ### | ||
9661 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9662 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9663 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9664 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9665 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9666 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9667 | ### END LOGGING ### | ||
9668 | @@ -2118,7 +2118,7 @@ COMMIT | ||
9669 | ### RULES ### | ||
9670 | |||
9671 | ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
9672 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9673 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9674 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
9675 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
9676 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset | ||
9677 | @@ -2128,7 +2128,7 @@ COMMIT | ||
9678 | ### LOGGING ### | ||
9679 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9680 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9681 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9682 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9683 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9684 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9685 | ### END LOGGING ### | ||
9686 | @@ -2161,7 +2161,7 @@ contents of user*.rules: | ||
9687 | ### LOGGING ### | ||
9688 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9689 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9690 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9691 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9692 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9693 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9694 | ### END LOGGING ### | ||
9695 | @@ -2194,7 +2194,7 @@ COMMIT | ||
9696 | ### LOGGING ### | ||
9697 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9698 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9699 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9700 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9701 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9702 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9703 | ### END LOGGING ### | ||
9704 | @@ -2252,7 +2252,7 @@ contents of user*.rules: | ||
9705 | ### LOGGING ### | ||
9706 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9707 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9708 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9709 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9710 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9711 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9712 | ### END LOGGING ### | ||
9713 | @@ -2307,7 +2307,7 @@ COMMIT | ||
9714 | ### LOGGING ### | ||
9715 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9716 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9717 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9718 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9719 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9720 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9721 | ### END LOGGING ### | ||
9722 | @@ -2343,7 +2343,7 @@ contents of user*.rules: | ||
9723 | ### LOGGING ### | ||
9724 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9725 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9726 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9727 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9728 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9729 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9730 | ### END LOGGING ### | ||
9731 | @@ -2376,7 +2376,7 @@ COMMIT | ||
9732 | ### LOGGING ### | ||
9733 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9734 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9735 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9736 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9737 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9738 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9739 | ### END LOGGING ### | ||
9740 | @@ -2409,7 +2409,7 @@ contents of user*.rules: | ||
9741 | ### LOGGING ### | ||
9742 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9743 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9744 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9745 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9746 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9747 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9748 | ### END LOGGING ### | ||
9749 | @@ -2448,7 +2448,7 @@ COMMIT | ||
9750 | ### LOGGING ### | ||
9751 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9752 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9753 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9754 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9755 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9756 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9757 | ### END LOGGING ### | ||
9758 | @@ -2481,7 +2481,7 @@ contents of user*.rules: | ||
9759 | ### LOGGING ### | ||
9760 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9761 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9762 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9763 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9764 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9765 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9766 | ### END LOGGING ### | ||
9767 | @@ -2514,7 +2514,7 @@ COMMIT | ||
9768 | ### LOGGING ### | ||
9769 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9770 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9771 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9772 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9773 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9774 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9775 | ### END LOGGING ### | ||
9776 | @@ -2547,13 +2547,13 @@ contents of user*.rules: | ||
9777 | ### RULES ### | ||
9778 | |||
9779 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9780 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9781 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9782 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9783 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9784 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9785 | |||
9786 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9787 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9788 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9789 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9790 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9791 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9792 | @@ -2563,7 +2563,7 @@ contents of user*.rules: | ||
9793 | ### LOGGING ### | ||
9794 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9795 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9796 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9797 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9798 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9799 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9800 | ### END LOGGING ### | ||
9801 | @@ -2592,13 +2592,13 @@ COMMIT | ||
9802 | ### RULES ### | ||
9803 | |||
9804 | ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in | ||
9805 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9806 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9807 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9808 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
9809 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9810 | |||
9811 | ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
9812 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9813 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9814 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9815 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
9816 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9817 | @@ -2614,7 +2614,7 @@ COMMIT | ||
9818 | ### LOGGING ### | ||
9819 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9820 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9821 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9822 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9823 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9824 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9825 | ### END LOGGING ### | ||
9826 | @@ -2646,13 +2646,13 @@ contents of user*.rules: | ||
9827 | ### RULES ### | ||
9828 | |||
9829 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9830 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9831 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9832 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9833 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9834 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
9835 | |||
9836 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9837 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9838 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9839 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9840 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9841 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
9842 | @@ -2662,7 +2662,7 @@ contents of user*.rules: | ||
9843 | ### LOGGING ### | ||
9844 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9845 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9846 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9847 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9848 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9849 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9850 | ### END LOGGING ### | ||
9851 | @@ -2691,13 +2691,13 @@ COMMIT | ||
9852 | ### RULES ### | ||
9853 | |||
9854 | ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in | ||
9855 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9856 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9857 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9858 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
9859 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
9860 | |||
9861 | ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
9862 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9863 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
9864 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9865 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
9866 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
9867 | @@ -2713,7 +2713,7 @@ COMMIT | ||
9868 | ### LOGGING ### | ||
9869 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9870 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9871 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9872 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9873 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9874 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9875 | ### END LOGGING ### | ||
9876 | @@ -2749,7 +2749,7 @@ contents of user*.rules: | ||
9877 | ### LOGGING ### | ||
9878 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9879 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9880 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9881 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9882 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9883 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9884 | ### END LOGGING ### | ||
9885 | @@ -2782,7 +2782,7 @@ COMMIT | ||
9886 | ### LOGGING ### | ||
9887 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9888 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9889 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9890 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9891 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9892 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9893 | ### END LOGGING ### | ||
9894 | @@ -2827,13 +2827,13 @@ contents of user*.rules: | ||
9895 | ### RULES ### | ||
9896 | |||
9897 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
9898 | --A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9899 | +-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9900 | -A ufw-user-logging-input -i eth0 -j RETURN | ||
9901 | -A ufw-user-input -i eth0 -j ufw-user-logging-input | ||
9902 | -A ufw-user-input -i eth0 -j ACCEPT | ||
9903 | |||
9904 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
9905 | --A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9906 | +-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9907 | -A ufw-user-logging-output -o eth0 -j RETURN | ||
9908 | -A ufw-user-output -o eth0 -j ufw-user-logging-output | ||
9909 | -A ufw-user-output -o eth0 -j ACCEPT | ||
9910 | @@ -2843,7 +2843,7 @@ contents of user*.rules: | ||
9911 | ### LOGGING ### | ||
9912 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9913 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9914 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9915 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9916 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9917 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9918 | ### END LOGGING ### | ||
9919 | @@ -2872,13 +2872,13 @@ COMMIT | ||
9920 | ### RULES ### | ||
9921 | |||
9922 | ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 | ||
9923 | --A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9924 | +-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9925 | -A ufw6-user-logging-input -i eth0 -j RETURN | ||
9926 | -A ufw6-user-input -i eth0 -j ufw6-user-logging-input | ||
9927 | -A ufw6-user-input -i eth0 -j ACCEPT | ||
9928 | |||
9929 | ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 | ||
9930 | --A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9931 | +-A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9932 | -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN | ||
9933 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
9934 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT | ||
9935 | @@ -2890,13 +2890,13 @@ COMMIT | ||
9936 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP | ||
9937 | |||
9938 | ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 | ||
9939 | --A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9940 | +-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9941 | -A ufw6-user-logging-output -o eth0 -j RETURN | ||
9942 | -A ufw6-user-output -o eth0 -j ufw6-user-logging-output | ||
9943 | -A ufw6-user-output -o eth0 -j ACCEPT | ||
9944 | |||
9945 | ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 | ||
9946 | --A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9947 | +-A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9948 | -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN | ||
9949 | -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output | ||
9950 | -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT | ||
9951 | @@ -2912,7 +2912,7 @@ COMMIT | ||
9952 | ### LOGGING ### | ||
9953 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9954 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9955 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9956 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
9957 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
9958 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
9959 | ### END LOGGING ### | ||
9960 | diff --git a/tests/ipv6/logging/result.1.3 b/tests/ipv6/logging/result.1.3 | ||
9961 | index 5b0c26d..036b49e 100644 | ||
9962 | --- a/tests/ipv6/logging/result.1.3 | ||
9963 | +++ b/tests/ipv6/logging/result.1.3 | ||
9964 | @@ -15,23 +15,23 @@ contents of user*.rules: | ||
9965 | ### RULES ### | ||
9966 | |||
9967 | ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
9968 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9969 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9970 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
9971 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
9972 | -A ufw-user-input -p tcp --dport 23 -j ACCEPT | ||
9973 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9974 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9975 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
9976 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
9977 | -A ufw-user-input -p udp --dport 23 -j ACCEPT | ||
9978 | |||
9979 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9980 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9981 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9982 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
9983 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
9984 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9985 | |||
9986 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
9987 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9988 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9989 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
9990 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
9991 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
9992 | @@ -48,11 +48,11 @@ COMMIT | ||
9993 | ### RULES ### | ||
9994 | |||
9995 | ### tuple ### allow_log any 23 ::/0 any ::/0 in | ||
9996 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9997 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
9998 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
9999 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
10000 | -A ufw6-user-input -p tcp --dport 23 -j ACCEPT | ||
10001 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10002 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10003 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
10004 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
10005 | -A ufw6-user-input -p udp --dport 23 -j ACCEPT | ||
10006 | @@ -111,7 +111,7 @@ COMMIT | ||
10007 | ### RULES ### | ||
10008 | |||
10009 | ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
10010 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10011 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10012 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
10013 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
10014 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT | ||
10015 | @@ -303,23 +303,23 @@ contents of user*.rules: | ||
10016 | ### RULES ### | ||
10017 | |||
10018 | ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
10019 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10020 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10021 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
10022 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
10023 | -A ufw-user-input -p tcp --dport 23 -j DROP | ||
10024 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10025 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10026 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
10027 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
10028 | -A ufw-user-input -p udp --dport 23 -j DROP | ||
10029 | |||
10030 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10031 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10032 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10033 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10034 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10035 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
10036 | |||
10037 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10038 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10039 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10040 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10041 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10042 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
10043 | @@ -336,11 +336,11 @@ COMMIT | ||
10044 | ### RULES ### | ||
10045 | |||
10046 | ### tuple ### deny_log any 23 ::/0 any ::/0 in | ||
10047 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10048 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10049 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
10050 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
10051 | -A ufw6-user-input -p tcp --dport 23 -j DROP | ||
10052 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10053 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10054 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
10055 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
10056 | -A ufw6-user-input -p udp --dport 23 -j DROP | ||
10057 | @@ -399,7 +399,7 @@ COMMIT | ||
10058 | ### RULES ### | ||
10059 | |||
10060 | ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
10061 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10062 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10063 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
10064 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
10065 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP | ||
10066 | @@ -591,33 +591,33 @@ contents of user*.rules: | ||
10067 | ### RULES ### | ||
10068 | |||
10069 | ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
10070 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10071 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10072 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
10073 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
10074 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
10075 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10076 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
10077 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10078 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
10079 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10080 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10081 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
10082 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
10083 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
10084 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10085 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
10086 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10087 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
10088 | |||
10089 | ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10090 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10091 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10092 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10093 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10094 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10095 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10096 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10097 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10098 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
10099 | |||
10100 | ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10101 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10102 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10103 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10104 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10105 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10106 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10107 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10108 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10109 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
10110 | |||
10111 | ### END RULES ### | ||
10112 | @@ -730,30 +730,30 @@ contents of user*.rules: | ||
10113 | -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10114 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
10115 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
10116 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
10117 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10118 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
10119 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10120 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
10121 | -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10122 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
10123 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
10124 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
10125 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10126 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
10127 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
10128 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
10129 | |||
10130 | ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10131 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10132 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10133 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10134 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10135 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10136 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10137 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10138 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
10139 | |||
10140 | ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10141 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
10142 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10143 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10144 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10145 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10146 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
10147 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
10148 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
10149 | |||
10150 | ### END RULES ### | ||
10151 | @@ -863,23 +863,23 @@ contents of user*.rules: | ||
10152 | ### RULES ### | ||
10153 | |||
10154 | ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
10155 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10156 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10157 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
10158 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
10159 | -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
10160 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10161 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10162 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
10163 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
10164 | -A ufw-user-input -p udp --dport 23 -j REJECT | ||
10165 | |||
10166 | ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10167 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10168 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10169 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10170 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10171 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
10172 | |||
10173 | ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10174 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10175 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10176 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10177 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10178 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
10179 | @@ -896,11 +896,11 @@ COMMIT | ||
10180 | ### RULES ### | ||
10181 | |||
10182 | ### tuple ### reject_log any 23 ::/0 any ::/0 in | ||
10183 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10184 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10185 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
10186 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
10187 | -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
10188 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10189 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10190 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
10191 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
10192 | -A ufw6-user-input -p udp --dport 23 -j REJECT | ||
10193 | @@ -959,7 +959,7 @@ COMMIT | ||
10194 | ### RULES ### | ||
10195 | |||
10196 | ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
10197 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10198 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10199 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
10200 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
10201 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset | ||
10202 | @@ -1152,13 +1152,13 @@ contents of user*.rules: | ||
10203 | ### RULES ### | ||
10204 | |||
10205 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10206 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10207 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10208 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10209 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10210 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
10211 | |||
10212 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10213 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10214 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10215 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10216 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10217 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
10218 | @@ -1198,13 +1198,13 @@ contents of user*.rules: | ||
10219 | ### RULES ### | ||
10220 | |||
10221 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10222 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10223 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10224 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
10225 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
10226 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
10227 | |||
10228 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
10229 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10230 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
10231 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
10232 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
10233 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
10234 | @@ -1285,13 +1285,13 @@ contents of user*.rules: | ||
10235 | ### RULES ### | ||
10236 | |||
10237 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
10238 | --A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10239 | +-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10240 | -A ufw-user-logging-input -i eth0 -j RETURN | ||
10241 | -A ufw-user-input -i eth0 -j ufw-user-logging-input | ||
10242 | -A ufw-user-input -i eth0 -j ACCEPT | ||
10243 | |||
10244 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
10245 | --A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10246 | +-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10247 | -A ufw-user-logging-output -o eth0 -j RETURN | ||
10248 | -A ufw-user-output -o eth0 -j ufw-user-logging-output | ||
10249 | -A ufw-user-output -o eth0 -j ACCEPT | ||
10250 | @@ -1308,13 +1308,13 @@ COMMIT | ||
10251 | ### RULES ### | ||
10252 | |||
10253 | ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 | ||
10254 | --A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10255 | +-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10256 | -A ufw6-user-logging-input -i eth0 -j RETURN | ||
10257 | -A ufw6-user-input -i eth0 -j ufw6-user-logging-input | ||
10258 | -A ufw6-user-input -i eth0 -j ACCEPT | ||
10259 | |||
10260 | ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 | ||
10261 | --A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10262 | +-A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10263 | -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN | ||
10264 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
10265 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT | ||
10266 | @@ -1326,13 +1326,13 @@ COMMIT | ||
10267 | -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP | ||
10268 | |||
10269 | ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 | ||
10270 | --A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10271 | +-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10272 | -A ufw6-user-logging-output -o eth0 -j RETURN | ||
10273 | -A ufw6-user-output -o eth0 -j ufw6-user-logging-output | ||
10274 | -A ufw6-user-output -o eth0 -j ACCEPT | ||
10275 | |||
10276 | ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 | ||
10277 | --A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10278 | +-A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
10279 | -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN | ||
10280 | -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output | ||
10281 | -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT | ||
10282 | diff --git a/tests/ipv6/rules6/result b/tests/ipv6/rules6/result | ||
10283 | index 4e6a197..4fd299c 100644 | ||
10284 | --- a/tests/ipv6/rules6/result | ||
10285 | +++ b/tests/ipv6/rules6/result | ||
10286 | @@ -26,7 +26,7 @@ WARN: Checks disabled | ||
10287 | ### LOGGING ### | ||
10288 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10289 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10290 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10291 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10292 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10293 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10294 | ### END LOGGING ### | ||
10295 | @@ -62,7 +62,7 @@ WARN: Checks disabled | ||
10296 | ### LOGGING ### | ||
10297 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10298 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10299 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10300 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10301 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10302 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10303 | ### END LOGGING ### | ||
10304 | @@ -94,7 +94,7 @@ WARN: Checks disabled | ||
10305 | ### LOGGING ### | ||
10306 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10307 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10308 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10309 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10310 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10311 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10312 | ### END LOGGING ### | ||
10313 | @@ -129,7 +129,7 @@ WARN: Checks disabled | ||
10314 | ### LOGGING ### | ||
10315 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10316 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10317 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10318 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10319 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10320 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10321 | ### END LOGGING ### | ||
10322 | @@ -161,7 +161,7 @@ WARN: Checks disabled | ||
10323 | ### LOGGING ### | ||
10324 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10325 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10326 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10327 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10328 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10329 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10330 | ### END LOGGING ### | ||
10331 | @@ -196,7 +196,7 @@ WARN: Checks disabled | ||
10332 | ### LOGGING ### | ||
10333 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10334 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10335 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10336 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10337 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10338 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10339 | ### END LOGGING ### | ||
10340 | @@ -228,7 +228,7 @@ WARN: Checks disabled | ||
10341 | ### LOGGING ### | ||
10342 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10343 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10344 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10345 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10346 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10347 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10348 | ### END LOGGING ### | ||
10349 | @@ -264,7 +264,7 @@ WARN: Checks disabled | ||
10350 | ### LOGGING ### | ||
10351 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10352 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10353 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10354 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10355 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10356 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10357 | ### END LOGGING ### | ||
10358 | @@ -296,7 +296,7 @@ WARN: Checks disabled | ||
10359 | ### LOGGING ### | ||
10360 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10361 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10362 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10363 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10364 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10365 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10366 | ### END LOGGING ### | ||
10367 | @@ -332,7 +332,7 @@ WARN: Checks disabled | ||
10368 | ### LOGGING ### | ||
10369 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10370 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10371 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10372 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10373 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10374 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10375 | ### END LOGGING ### | ||
10376 | @@ -364,7 +364,7 @@ WARN: Checks disabled | ||
10377 | ### LOGGING ### | ||
10378 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10379 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10380 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10381 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10382 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10383 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10384 | ### END LOGGING ### | ||
10385 | @@ -400,7 +400,7 @@ WARN: Checks disabled | ||
10386 | ### LOGGING ### | ||
10387 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10388 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10389 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10390 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10391 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10392 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10393 | ### END LOGGING ### | ||
10394 | @@ -432,7 +432,7 @@ WARN: Checks disabled | ||
10395 | ### LOGGING ### | ||
10396 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10397 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10398 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10399 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10400 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10401 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10402 | ### END LOGGING ### | ||
10403 | @@ -468,7 +468,7 @@ WARN: Checks disabled | ||
10404 | ### LOGGING ### | ||
10405 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10406 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10407 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10408 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10409 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10410 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10411 | ### END LOGGING ### | ||
10412 | @@ -500,7 +500,7 @@ WARN: Checks disabled | ||
10413 | ### LOGGING ### | ||
10414 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10415 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10416 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10417 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10418 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10419 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10420 | ### END LOGGING ### | ||
10421 | @@ -536,7 +536,7 @@ WARN: Checks disabled | ||
10422 | ### LOGGING ### | ||
10423 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10424 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10425 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10426 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10427 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10428 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10429 | ### END LOGGING ### | ||
10430 | @@ -568,7 +568,7 @@ WARN: Checks disabled | ||
10431 | ### LOGGING ### | ||
10432 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10433 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10434 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10435 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10436 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10437 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10438 | ### END LOGGING ### | ||
10439 | @@ -603,7 +603,7 @@ WARN: Checks disabled | ||
10440 | ### LOGGING ### | ||
10441 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10442 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10443 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10444 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10445 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10446 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10447 | ### END LOGGING ### | ||
10448 | @@ -635,7 +635,7 @@ WARN: Checks disabled | ||
10449 | ### LOGGING ### | ||
10450 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10451 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10452 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10453 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10454 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10455 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10456 | ### END LOGGING ### | ||
10457 | @@ -670,7 +670,7 @@ WARN: Checks disabled | ||
10458 | ### LOGGING ### | ||
10459 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10460 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10461 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10462 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10463 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10464 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10465 | ### END LOGGING ### | ||
10466 | @@ -702,7 +702,7 @@ WARN: Checks disabled | ||
10467 | ### LOGGING ### | ||
10468 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10469 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10470 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10471 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10472 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10473 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10474 | ### END LOGGING ### | ||
10475 | @@ -737,7 +737,7 @@ WARN: Checks disabled | ||
10476 | ### LOGGING ### | ||
10477 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10478 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10479 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10480 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10481 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10482 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10483 | ### END LOGGING ### | ||
10484 | @@ -769,7 +769,7 @@ WARN: Checks disabled | ||
10485 | ### LOGGING ### | ||
10486 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10487 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10488 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10489 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10490 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10491 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10492 | ### END LOGGING ### | ||
10493 | @@ -804,7 +804,7 @@ WARN: Checks disabled | ||
10494 | ### LOGGING ### | ||
10495 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10496 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10497 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10498 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10499 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10500 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10501 | ### END LOGGING ### | ||
10502 | @@ -836,7 +836,7 @@ WARN: Checks disabled | ||
10503 | ### LOGGING ### | ||
10504 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10505 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10506 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10507 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10508 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10509 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10510 | ### END LOGGING ### | ||
10511 | @@ -871,7 +871,7 @@ WARN: Checks disabled | ||
10512 | ### LOGGING ### | ||
10513 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10514 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10515 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10516 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10517 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10518 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10519 | ### END LOGGING ### | ||
10520 | @@ -903,7 +903,7 @@ WARN: Checks disabled | ||
10521 | ### LOGGING ### | ||
10522 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10523 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10524 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10525 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10526 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10527 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10528 | ### END LOGGING ### | ||
10529 | @@ -938,7 +938,7 @@ WARN: Checks disabled | ||
10530 | ### LOGGING ### | ||
10531 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10532 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10533 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10534 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10535 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10536 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10537 | ### END LOGGING ### | ||
10538 | @@ -970,7 +970,7 @@ WARN: Checks disabled | ||
10539 | ### LOGGING ### | ||
10540 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10541 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10542 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10543 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10544 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10545 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10546 | ### END LOGGING ### | ||
10547 | @@ -1005,7 +1005,7 @@ WARN: Checks disabled | ||
10548 | ### LOGGING ### | ||
10549 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10550 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10551 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10552 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10553 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10554 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10555 | ### END LOGGING ### | ||
10556 | @@ -1037,7 +1037,7 @@ WARN: Checks disabled | ||
10557 | ### LOGGING ### | ||
10558 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10559 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10560 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10561 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10562 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10563 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10564 | ### END LOGGING ### | ||
10565 | @@ -1072,7 +1072,7 @@ WARN: Checks disabled | ||
10566 | ### LOGGING ### | ||
10567 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10568 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10569 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10570 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10571 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10572 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10573 | ### END LOGGING ### | ||
10574 | @@ -1104,7 +1104,7 @@ WARN: Checks disabled | ||
10575 | ### LOGGING ### | ||
10576 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10577 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10578 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10579 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10580 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10581 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10582 | ### END LOGGING ### | ||
10583 | @@ -1139,7 +1139,7 @@ WARN: Checks disabled | ||
10584 | ### LOGGING ### | ||
10585 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10586 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10587 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10588 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10589 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10590 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10591 | ### END LOGGING ### | ||
10592 | @@ -1171,7 +1171,7 @@ WARN: Checks disabled | ||
10593 | ### LOGGING ### | ||
10594 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10595 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10596 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10597 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10598 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10599 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10600 | ### END LOGGING ### | ||
10601 | @@ -1206,7 +1206,7 @@ WARN: Checks disabled | ||
10602 | ### LOGGING ### | ||
10603 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10604 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10605 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10606 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10607 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10608 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10609 | ### END LOGGING ### | ||
10610 | @@ -1238,7 +1238,7 @@ WARN: Checks disabled | ||
10611 | ### LOGGING ### | ||
10612 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10613 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10614 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10615 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10616 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10617 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10618 | ### END LOGGING ### | ||
10619 | @@ -1273,7 +1273,7 @@ WARN: Checks disabled | ||
10620 | ### LOGGING ### | ||
10621 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10622 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10623 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10624 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10625 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10626 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10627 | ### END LOGGING ### | ||
10628 | @@ -1305,7 +1305,7 @@ WARN: Checks disabled | ||
10629 | ### LOGGING ### | ||
10630 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10631 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10632 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10633 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10634 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10635 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10636 | ### END LOGGING ### | ||
10637 | @@ -1340,7 +1340,7 @@ WARN: Checks disabled | ||
10638 | ### LOGGING ### | ||
10639 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10640 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10641 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10642 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10643 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10644 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10645 | ### END LOGGING ### | ||
10646 | @@ -1372,7 +1372,7 @@ WARN: Checks disabled | ||
10647 | ### LOGGING ### | ||
10648 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10649 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10650 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10651 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10652 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10653 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10654 | ### END LOGGING ### | ||
10655 | @@ -1408,7 +1408,7 @@ WARN: Checks disabled | ||
10656 | ### LOGGING ### | ||
10657 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10658 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10659 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10660 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10661 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10662 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10663 | ### END LOGGING ### | ||
10664 | @@ -1440,7 +1440,7 @@ WARN: Checks disabled | ||
10665 | ### LOGGING ### | ||
10666 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10667 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10668 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10669 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10670 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10671 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10672 | ### END LOGGING ### | ||
10673 | @@ -1475,7 +1475,7 @@ WARN: Checks disabled | ||
10674 | ### LOGGING ### | ||
10675 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10676 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10677 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10678 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10679 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10680 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10681 | ### END LOGGING ### | ||
10682 | @@ -1507,7 +1507,7 @@ WARN: Checks disabled | ||
10683 | ### LOGGING ### | ||
10684 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10685 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10686 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10687 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10688 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10689 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10690 | ### END LOGGING ### | ||
10691 | @@ -1542,7 +1542,7 @@ WARN: Checks disabled | ||
10692 | ### LOGGING ### | ||
10693 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10694 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10695 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10696 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10697 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10698 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10699 | ### END LOGGING ### | ||
10700 | @@ -1574,7 +1574,7 @@ WARN: Checks disabled | ||
10701 | ### LOGGING ### | ||
10702 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10703 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10704 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10705 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10706 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10707 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10708 | ### END LOGGING ### | ||
10709 | @@ -1609,7 +1609,7 @@ WARN: Checks disabled | ||
10710 | ### LOGGING ### | ||
10711 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10712 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10713 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10714 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10715 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10716 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10717 | ### END LOGGING ### | ||
10718 | @@ -1641,7 +1641,7 @@ WARN: Checks disabled | ||
10719 | ### LOGGING ### | ||
10720 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10721 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10722 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10723 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10724 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10725 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10726 | ### END LOGGING ### | ||
10727 | @@ -1677,7 +1677,7 @@ WARN: Checks disabled | ||
10728 | ### LOGGING ### | ||
10729 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10730 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10731 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10732 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10733 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10734 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10735 | ### END LOGGING ### | ||
10736 | @@ -1709,7 +1709,7 @@ WARN: Checks disabled | ||
10737 | ### LOGGING ### | ||
10738 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10739 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10740 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10741 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10742 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10743 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10744 | ### END LOGGING ### | ||
10745 | @@ -1745,7 +1745,7 @@ WARN: Checks disabled | ||
10746 | ### LOGGING ### | ||
10747 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10748 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10749 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10750 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10751 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10752 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10753 | ### END LOGGING ### | ||
10754 | @@ -1777,7 +1777,7 @@ WARN: Checks disabled | ||
10755 | ### LOGGING ### | ||
10756 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10757 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10758 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10759 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10760 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10761 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10762 | ### END LOGGING ### | ||
10763 | @@ -1813,7 +1813,7 @@ WARN: Checks disabled | ||
10764 | ### LOGGING ### | ||
10765 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10766 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10767 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10768 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10769 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10770 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10771 | ### END LOGGING ### | ||
10772 | @@ -1845,7 +1845,7 @@ WARN: Checks disabled | ||
10773 | ### LOGGING ### | ||
10774 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10775 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10776 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10777 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10778 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10779 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10780 | ### END LOGGING ### | ||
10781 | @@ -1881,7 +1881,7 @@ WARN: Checks disabled | ||
10782 | ### LOGGING ### | ||
10783 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10784 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10785 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10786 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10787 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10788 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10789 | ### END LOGGING ### | ||
10790 | @@ -1913,7 +1913,7 @@ WARN: Checks disabled | ||
10791 | ### LOGGING ### | ||
10792 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10793 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10794 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10795 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10796 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10797 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10798 | ### END LOGGING ### | ||
10799 | @@ -1949,7 +1949,7 @@ WARN: Checks disabled | ||
10800 | ### LOGGING ### | ||
10801 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10802 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10803 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10804 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10805 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10806 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10807 | ### END LOGGING ### | ||
10808 | @@ -1981,7 +1981,7 @@ WARN: Checks disabled | ||
10809 | ### LOGGING ### | ||
10810 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10811 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10812 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10813 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10814 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10815 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10816 | ### END LOGGING ### | ||
10817 | @@ -2016,7 +2016,7 @@ WARN: Checks disabled | ||
10818 | ### LOGGING ### | ||
10819 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10820 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10821 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10822 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10823 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10824 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10825 | ### END LOGGING ### | ||
10826 | @@ -2048,7 +2048,7 @@ WARN: Checks disabled | ||
10827 | ### LOGGING ### | ||
10828 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10829 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10830 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10831 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10832 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10833 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10834 | ### END LOGGING ### | ||
10835 | @@ -2083,7 +2083,7 @@ WARN: Checks disabled | ||
10836 | ### LOGGING ### | ||
10837 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10838 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10839 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10840 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10841 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10842 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10843 | ### END LOGGING ### | ||
10844 | @@ -2115,7 +2115,7 @@ WARN: Checks disabled | ||
10845 | ### LOGGING ### | ||
10846 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10847 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10848 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10849 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10850 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10851 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10852 | ### END LOGGING ### | ||
10853 | @@ -2150,7 +2150,7 @@ WARN: Checks disabled | ||
10854 | ### LOGGING ### | ||
10855 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10856 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10857 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10858 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10859 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10860 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10861 | ### END LOGGING ### | ||
10862 | @@ -2182,7 +2182,7 @@ WARN: Checks disabled | ||
10863 | ### LOGGING ### | ||
10864 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10865 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10866 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10867 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10868 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10869 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10870 | ### END LOGGING ### | ||
10871 | @@ -2217,7 +2217,7 @@ WARN: Checks disabled | ||
10872 | ### LOGGING ### | ||
10873 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10874 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10875 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10876 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10877 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10878 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10879 | ### END LOGGING ### | ||
10880 | @@ -2249,7 +2249,7 @@ WARN: Checks disabled | ||
10881 | ### LOGGING ### | ||
10882 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10883 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10884 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10885 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10886 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10887 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10888 | ### END LOGGING ### | ||
10889 | @@ -2284,7 +2284,7 @@ WARN: Checks disabled | ||
10890 | ### LOGGING ### | ||
10891 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10892 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10893 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10894 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10895 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10896 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10897 | ### END LOGGING ### | ||
10898 | @@ -2316,7 +2316,7 @@ WARN: Checks disabled | ||
10899 | ### LOGGING ### | ||
10900 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10901 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10902 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10903 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10904 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10905 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10906 | ### END LOGGING ### | ||
10907 | @@ -2351,7 +2351,7 @@ WARN: Checks disabled | ||
10908 | ### LOGGING ### | ||
10909 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10910 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10911 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10912 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10913 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10914 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10915 | ### END LOGGING ### | ||
10916 | @@ -2383,7 +2383,7 @@ WARN: Checks disabled | ||
10917 | ### LOGGING ### | ||
10918 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10919 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10920 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10921 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10922 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10923 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10924 | ### END LOGGING ### | ||
10925 | @@ -2418,7 +2418,7 @@ WARN: Checks disabled | ||
10926 | ### LOGGING ### | ||
10927 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10928 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10929 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10930 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10931 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10932 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10933 | ### END LOGGING ### | ||
10934 | @@ -2450,7 +2450,7 @@ WARN: Checks disabled | ||
10935 | ### LOGGING ### | ||
10936 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10937 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10938 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10939 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10940 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10941 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10942 | ### END LOGGING ### | ||
10943 | @@ -2485,7 +2485,7 @@ WARN: Checks disabled | ||
10944 | ### LOGGING ### | ||
10945 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10946 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10947 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10948 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10949 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10950 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10951 | ### END LOGGING ### | ||
10952 | @@ -2517,7 +2517,7 @@ WARN: Checks disabled | ||
10953 | ### LOGGING ### | ||
10954 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10955 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10956 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10957 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10958 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10959 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10960 | ### END LOGGING ### | ||
10961 | @@ -2552,7 +2552,7 @@ WARN: Checks disabled | ||
10962 | ### LOGGING ### | ||
10963 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10964 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10965 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10966 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10967 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10968 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10969 | ### END LOGGING ### | ||
10970 | @@ -2584,7 +2584,7 @@ WARN: Checks disabled | ||
10971 | ### LOGGING ### | ||
10972 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10973 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10974 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10975 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10976 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10977 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10978 | ### END LOGGING ### | ||
10979 | @@ -2619,7 +2619,7 @@ WARN: Checks disabled | ||
10980 | ### LOGGING ### | ||
10981 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10982 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10983 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10984 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10985 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10986 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10987 | ### END LOGGING ### | ||
10988 | @@ -2651,7 +2651,7 @@ WARN: Checks disabled | ||
10989 | ### LOGGING ### | ||
10990 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10991 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10992 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10993 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
10994 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
10995 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
10996 | ### END LOGGING ### | ||
10997 | @@ -2686,7 +2686,7 @@ WARN: Checks disabled | ||
10998 | ### LOGGING ### | ||
10999 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11000 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11001 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11002 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11003 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11004 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11005 | ### END LOGGING ### | ||
11006 | @@ -2718,7 +2718,7 @@ WARN: Checks disabled | ||
11007 | ### LOGGING ### | ||
11008 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11009 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11010 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11011 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11012 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11013 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11014 | ### END LOGGING ### | ||
11015 | @@ -2753,7 +2753,7 @@ WARN: Checks disabled | ||
11016 | ### LOGGING ### | ||
11017 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11018 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11019 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11020 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11021 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11022 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11023 | ### END LOGGING ### | ||
11024 | @@ -2785,7 +2785,7 @@ WARN: Checks disabled | ||
11025 | ### LOGGING ### | ||
11026 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11027 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11028 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11029 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11030 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11031 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11032 | ### END LOGGING ### | ||
11033 | @@ -2821,7 +2821,7 @@ WARN: Checks disabled | ||
11034 | ### LOGGING ### | ||
11035 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11036 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11037 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11038 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11039 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11040 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11041 | ### END LOGGING ### | ||
11042 | @@ -2853,7 +2853,7 @@ WARN: Checks disabled | ||
11043 | ### LOGGING ### | ||
11044 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11045 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11046 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11047 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11048 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11049 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11050 | ### END LOGGING ### | ||
11051 | @@ -3099,7 +3099,7 @@ WARN: Checks disabled | ||
11052 | ### LOGGING ### | ||
11053 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11054 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11055 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11056 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11057 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11058 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11059 | ### END LOGGING ### | ||
11060 | @@ -3134,7 +3134,7 @@ WARN: Checks disabled | ||
11061 | ### LOGGING ### | ||
11062 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11063 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11064 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11065 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11066 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11067 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11068 | ### END LOGGING ### | ||
11069 | @@ -3169,7 +3169,7 @@ WARN: Checks disabled | ||
11070 | ### LOGGING ### | ||
11071 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11072 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11073 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11074 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11075 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11076 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11077 | ### END LOGGING ### | ||
11078 | @@ -3204,7 +3204,7 @@ WARN: Checks disabled | ||
11079 | ### LOGGING ### | ||
11080 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11081 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11082 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11083 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11084 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11085 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11086 | ### END LOGGING ### | ||
11087 | @@ -3239,7 +3239,7 @@ WARN: Checks disabled | ||
11088 | ### LOGGING ### | ||
11089 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11090 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11091 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11092 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11093 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11094 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11095 | ### END LOGGING ### | ||
11096 | @@ -3274,7 +3274,7 @@ WARN: Checks disabled | ||
11097 | ### LOGGING ### | ||
11098 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11099 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11100 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11101 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11102 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11103 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11104 | ### END LOGGING ### | ||
11105 | @@ -3309,7 +3309,7 @@ WARN: Checks disabled | ||
11106 | ### LOGGING ### | ||
11107 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11108 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11109 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11110 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11111 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11112 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11113 | ### END LOGGING ### | ||
11114 | @@ -3345,7 +3345,7 @@ WARN: Checks disabled | ||
11115 | ### LOGGING ### | ||
11116 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11117 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11118 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11119 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11120 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11121 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11122 | ### END LOGGING ### | ||
11123 | @@ -3380,7 +3380,7 @@ WARN: Checks disabled | ||
11124 | ### LOGGING ### | ||
11125 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11126 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11127 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11128 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11129 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11130 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11131 | ### END LOGGING ### | ||
11132 | @@ -3415,7 +3415,7 @@ WARN: Checks disabled | ||
11133 | ### LOGGING ### | ||
11134 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11135 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11136 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11137 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11138 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11139 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11140 | ### END LOGGING ### | ||
11141 | @@ -3450,7 +3450,7 @@ WARN: Checks disabled | ||
11142 | ### LOGGING ### | ||
11143 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11144 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11145 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11146 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11147 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11148 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11149 | ### END LOGGING ### | ||
11150 | @@ -3485,7 +3485,7 @@ WARN: Checks disabled | ||
11151 | ### LOGGING ### | ||
11152 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11153 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11154 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11155 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11156 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11157 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11158 | ### END LOGGING ### | ||
11159 | @@ -3520,7 +3520,7 @@ WARN: Checks disabled | ||
11160 | ### LOGGING ### | ||
11161 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11162 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11163 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11164 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11165 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11166 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11167 | ### END LOGGING ### | ||
11168 | @@ -3555,7 +3555,7 @@ WARN: Checks disabled | ||
11169 | ### LOGGING ### | ||
11170 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11171 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11172 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11173 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11174 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11175 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11176 | ### END LOGGING ### | ||
11177 | @@ -3590,7 +3590,7 @@ WARN: Checks disabled | ||
11178 | ### LOGGING ### | ||
11179 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11180 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11181 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11182 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11183 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11184 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11185 | ### END LOGGING ### | ||
11186 | @@ -3625,7 +3625,7 @@ WARN: Checks disabled | ||
11187 | ### LOGGING ### | ||
11188 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11189 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11190 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11191 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11192 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11193 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11194 | ### END LOGGING ### | ||
11195 | @@ -3660,7 +3660,7 @@ WARN: Checks disabled | ||
11196 | ### LOGGING ### | ||
11197 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11198 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11199 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11200 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11201 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11202 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11203 | ### END LOGGING ### | ||
11204 | @@ -3695,7 +3695,7 @@ WARN: Checks disabled | ||
11205 | ### LOGGING ### | ||
11206 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11207 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11208 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11209 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11210 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11211 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11212 | ### END LOGGING ### | ||
11213 | @@ -3730,7 +3730,7 @@ WARN: Checks disabled | ||
11214 | ### LOGGING ### | ||
11215 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11216 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11217 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11218 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11219 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11220 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11221 | ### END LOGGING ### | ||
11222 | @@ -3765,7 +3765,7 @@ WARN: Checks disabled | ||
11223 | ### LOGGING ### | ||
11224 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11225 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11226 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11227 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11228 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11229 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11230 | ### END LOGGING ### | ||
11231 | @@ -3800,7 +3800,7 @@ WARN: Checks disabled | ||
11232 | ### LOGGING ### | ||
11233 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11234 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11235 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11236 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11237 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11238 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11239 | ### END LOGGING ### | ||
11240 | @@ -3835,7 +3835,7 @@ WARN: Checks disabled | ||
11241 | ### LOGGING ### | ||
11242 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11243 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11244 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11245 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11246 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11247 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11248 | ### END LOGGING ### | ||
11249 | @@ -3870,7 +3870,7 @@ WARN: Checks disabled | ||
11250 | ### LOGGING ### | ||
11251 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11252 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11253 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11254 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11255 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11256 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11257 | ### END LOGGING ### | ||
11258 | @@ -3905,7 +3905,7 @@ WARN: Checks disabled | ||
11259 | ### LOGGING ### | ||
11260 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11261 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11262 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11263 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11264 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11265 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11266 | ### END LOGGING ### | ||
11267 | @@ -3940,7 +3940,7 @@ WARN: Checks disabled | ||
11268 | ### LOGGING ### | ||
11269 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11270 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11271 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11272 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11273 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11274 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11275 | ### END LOGGING ### | ||
11276 | @@ -3975,7 +3975,7 @@ WARN: Checks disabled | ||
11277 | ### LOGGING ### | ||
11278 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11279 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11280 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11281 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11282 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11283 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11284 | ### END LOGGING ### | ||
11285 | @@ -4010,7 +4010,7 @@ WARN: Checks disabled | ||
11286 | ### LOGGING ### | ||
11287 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11288 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11289 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11290 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11291 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11292 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11293 | ### END LOGGING ### | ||
11294 | @@ -4045,7 +4045,7 @@ WARN: Checks disabled | ||
11295 | ### LOGGING ### | ||
11296 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11297 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11298 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11299 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11300 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11301 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11302 | ### END LOGGING ### | ||
11303 | @@ -4080,7 +4080,7 @@ WARN: Checks disabled | ||
11304 | ### LOGGING ### | ||
11305 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11306 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11307 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11308 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11309 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11310 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11311 | ### END LOGGING ### | ||
11312 | @@ -4115,7 +4115,7 @@ WARN: Checks disabled | ||
11313 | ### LOGGING ### | ||
11314 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11315 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11316 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11317 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11318 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11319 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11320 | ### END LOGGING ### | ||
11321 | @@ -4150,7 +4150,7 @@ WARN: Checks disabled | ||
11322 | ### LOGGING ### | ||
11323 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11324 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11325 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11326 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11327 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11328 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11329 | ### END LOGGING ### | ||
11330 | @@ -4187,7 +4187,7 @@ WARN: Checks disabled | ||
11331 | ### LOGGING ### | ||
11332 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11333 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11334 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11335 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11336 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11337 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11338 | ### END LOGGING ### | ||
11339 | @@ -4223,7 +4223,7 @@ COMMIT | ||
11340 | ### LOGGING ### | ||
11341 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11342 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11343 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11344 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11345 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11346 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11347 | ### END LOGGING ### | ||
11348 | @@ -4261,7 +4261,7 @@ WARN: Checks disabled | ||
11349 | ### LOGGING ### | ||
11350 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11351 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11352 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11353 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11354 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11355 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11356 | ### END LOGGING ### | ||
11357 | @@ -4297,7 +4297,7 @@ COMMIT | ||
11358 | ### LOGGING ### | ||
11359 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11360 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11361 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11362 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11363 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11364 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11365 | ### END LOGGING ### | ||
11366 | @@ -4335,7 +4335,7 @@ WARN: Checks disabled | ||
11367 | ### LOGGING ### | ||
11368 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11369 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11370 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11371 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11372 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11373 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11374 | ### END LOGGING ### | ||
11375 | @@ -4371,7 +4371,7 @@ COMMIT | ||
11376 | ### LOGGING ### | ||
11377 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11378 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11379 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11380 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11381 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11382 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11383 | ### END LOGGING ### | ||
11384 | @@ -4409,7 +4409,7 @@ WARN: Checks disabled | ||
11385 | ### LOGGING ### | ||
11386 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11387 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11388 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11389 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11390 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11391 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11392 | ### END LOGGING ### | ||
11393 | @@ -4445,7 +4445,7 @@ COMMIT | ||
11394 | ### LOGGING ### | ||
11395 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11396 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11397 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11398 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11399 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11400 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11401 | ### END LOGGING ### | ||
11402 | @@ -4483,7 +4483,7 @@ WARN: Checks disabled | ||
11403 | ### LOGGING ### | ||
11404 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11405 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11406 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11407 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11408 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11409 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11410 | ### END LOGGING ### | ||
11411 | @@ -4519,7 +4519,7 @@ COMMIT | ||
11412 | ### LOGGING ### | ||
11413 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11414 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11415 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11416 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11417 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11418 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11419 | ### END LOGGING ### | ||
11420 | @@ -4557,7 +4557,7 @@ WARN: Checks disabled | ||
11421 | ### LOGGING ### | ||
11422 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11423 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11424 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11425 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11426 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11427 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11428 | ### END LOGGING ### | ||
11429 | @@ -4593,7 +4593,7 @@ COMMIT | ||
11430 | ### LOGGING ### | ||
11431 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11432 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11433 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11434 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11435 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11436 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11437 | ### END LOGGING ### | ||
11438 | @@ -4631,7 +4631,7 @@ WARN: Checks disabled | ||
11439 | ### LOGGING ### | ||
11440 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11441 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11442 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11443 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11444 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11445 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11446 | ### END LOGGING ### | ||
11447 | @@ -4667,7 +4667,7 @@ COMMIT | ||
11448 | ### LOGGING ### | ||
11449 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11450 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11451 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11452 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11453 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11454 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11455 | ### END LOGGING ### | ||
11456 | @@ -4705,7 +4705,7 @@ WARN: Checks disabled | ||
11457 | ### LOGGING ### | ||
11458 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11459 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11460 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11461 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11462 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11463 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11464 | ### END LOGGING ### | ||
11465 | @@ -4741,7 +4741,7 @@ COMMIT | ||
11466 | ### LOGGING ### | ||
11467 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11468 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11469 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11470 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11471 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11472 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11473 | ### END LOGGING ### | ||
11474 | @@ -4779,7 +4779,7 @@ WARN: Checks disabled | ||
11475 | ### LOGGING ### | ||
11476 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11477 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11478 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11479 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11480 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11481 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11482 | ### END LOGGING ### | ||
11483 | @@ -4815,7 +4815,7 @@ COMMIT | ||
11484 | ### LOGGING ### | ||
11485 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11486 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11487 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11488 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11489 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11490 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11491 | ### END LOGGING ### | ||
11492 | @@ -4853,7 +4853,7 @@ WARN: Checks disabled | ||
11493 | ### LOGGING ### | ||
11494 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11495 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11496 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11497 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11498 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11499 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11500 | ### END LOGGING ### | ||
11501 | @@ -4889,7 +4889,7 @@ COMMIT | ||
11502 | ### LOGGING ### | ||
11503 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11504 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11505 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11506 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11507 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11508 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11509 | ### END LOGGING ### | ||
11510 | @@ -4927,7 +4927,7 @@ WARN: Checks disabled | ||
11511 | ### LOGGING ### | ||
11512 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11513 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11514 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11515 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11516 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11517 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11518 | ### END LOGGING ### | ||
11519 | @@ -4963,7 +4963,7 @@ COMMIT | ||
11520 | ### LOGGING ### | ||
11521 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11522 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11523 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11524 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11525 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11526 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11527 | ### END LOGGING ### | ||
11528 | @@ -5001,7 +5001,7 @@ WARN: Checks disabled | ||
11529 | ### LOGGING ### | ||
11530 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11531 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11532 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11533 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11534 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11535 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11536 | ### END LOGGING ### | ||
11537 | @@ -5037,7 +5037,7 @@ COMMIT | ||
11538 | ### LOGGING ### | ||
11539 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11540 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11541 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11542 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11543 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11544 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11545 | ### END LOGGING ### | ||
11546 | @@ -5075,7 +5075,7 @@ WARN: Checks disabled | ||
11547 | ### LOGGING ### | ||
11548 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11549 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11550 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11551 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11552 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11553 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11554 | ### END LOGGING ### | ||
11555 | @@ -5111,7 +5111,7 @@ COMMIT | ||
11556 | ### LOGGING ### | ||
11557 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11558 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11559 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11560 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11561 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11562 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11563 | ### END LOGGING ### | ||
11564 | @@ -5149,7 +5149,7 @@ WARN: Checks disabled | ||
11565 | ### LOGGING ### | ||
11566 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11567 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11568 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11569 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11570 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11571 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11572 | ### END LOGGING ### | ||
11573 | @@ -5185,7 +5185,7 @@ COMMIT | ||
11574 | ### LOGGING ### | ||
11575 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11576 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11577 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11578 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11579 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11580 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11581 | ### END LOGGING ### | ||
11582 | @@ -5223,7 +5223,7 @@ WARN: Checks disabled | ||
11583 | ### LOGGING ### | ||
11584 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11585 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11586 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11587 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11588 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11589 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11590 | ### END LOGGING ### | ||
11591 | @@ -5259,7 +5259,7 @@ COMMIT | ||
11592 | ### LOGGING ### | ||
11593 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11594 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11595 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11596 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11597 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11598 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11599 | ### END LOGGING ### | ||
11600 | @@ -5297,7 +5297,7 @@ WARN: Checks disabled | ||
11601 | ### LOGGING ### | ||
11602 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11603 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11604 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11605 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11606 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11607 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11608 | ### END LOGGING ### | ||
11609 | @@ -5333,7 +5333,7 @@ COMMIT | ||
11610 | ### LOGGING ### | ||
11611 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11612 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11613 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11614 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11615 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11616 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11617 | ### END LOGGING ### | ||
11618 | @@ -5371,7 +5371,7 @@ WARN: Checks disabled | ||
11619 | ### LOGGING ### | ||
11620 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11621 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11622 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11623 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11624 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11625 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11626 | ### END LOGGING ### | ||
11627 | @@ -5407,7 +5407,7 @@ COMMIT | ||
11628 | ### LOGGING ### | ||
11629 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11630 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11631 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11632 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11633 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11634 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11635 | ### END LOGGING ### | ||
11636 | @@ -5445,7 +5445,7 @@ WARN: Checks disabled | ||
11637 | ### LOGGING ### | ||
11638 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11639 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11640 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11641 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11642 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11643 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11644 | ### END LOGGING ### | ||
11645 | @@ -5481,7 +5481,7 @@ COMMIT | ||
11646 | ### LOGGING ### | ||
11647 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11648 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11649 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11650 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11651 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11652 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11653 | ### END LOGGING ### | ||
11654 | @@ -5519,7 +5519,7 @@ WARN: Checks disabled | ||
11655 | ### LOGGING ### | ||
11656 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11657 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11658 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11659 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11660 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11661 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11662 | ### END LOGGING ### | ||
11663 | @@ -5555,7 +5555,7 @@ COMMIT | ||
11664 | ### LOGGING ### | ||
11665 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11666 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11667 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11668 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11669 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11670 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11671 | ### END LOGGING ### | ||
11672 | @@ -5593,7 +5593,7 @@ WARN: Checks disabled | ||
11673 | ### LOGGING ### | ||
11674 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11675 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11676 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11677 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11678 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11679 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11680 | ### END LOGGING ### | ||
11681 | @@ -5629,7 +5629,7 @@ COMMIT | ||
11682 | ### LOGGING ### | ||
11683 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11684 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11685 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11686 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11687 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11688 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11689 | ### END LOGGING ### | ||
11690 | @@ -5667,7 +5667,7 @@ WARN: Checks disabled | ||
11691 | ### LOGGING ### | ||
11692 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11693 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11694 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11695 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11696 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11697 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11698 | ### END LOGGING ### | ||
11699 | @@ -5703,7 +5703,7 @@ COMMIT | ||
11700 | ### LOGGING ### | ||
11701 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11702 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11703 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11704 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11705 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11706 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11707 | ### END LOGGING ### | ||
11708 | @@ -5741,7 +5741,7 @@ WARN: Checks disabled | ||
11709 | ### LOGGING ### | ||
11710 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11711 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11712 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11713 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11714 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11715 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11716 | ### END LOGGING ### | ||
11717 | @@ -5777,7 +5777,7 @@ COMMIT | ||
11718 | ### LOGGING ### | ||
11719 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11720 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11721 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11722 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11723 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11724 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11725 | ### END LOGGING ### | ||
11726 | @@ -5815,7 +5815,7 @@ WARN: Checks disabled | ||
11727 | ### LOGGING ### | ||
11728 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11729 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11730 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11731 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11732 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11733 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11734 | ### END LOGGING ### | ||
11735 | @@ -5851,7 +5851,7 @@ COMMIT | ||
11736 | ### LOGGING ### | ||
11737 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11738 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11739 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11740 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11741 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11742 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11743 | ### END LOGGING ### | ||
11744 | @@ -5889,7 +5889,7 @@ WARN: Checks disabled | ||
11745 | ### LOGGING ### | ||
11746 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11747 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11748 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11749 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11750 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11751 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11752 | ### END LOGGING ### | ||
11753 | @@ -5925,7 +5925,7 @@ COMMIT | ||
11754 | ### LOGGING ### | ||
11755 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11756 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11757 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11758 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11759 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11760 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11761 | ### END LOGGING ### | ||
11762 | @@ -5999,7 +5999,7 @@ WARN: Checks disabled | ||
11763 | ### LOGGING ### | ||
11764 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11765 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11766 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11767 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11768 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11769 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11770 | ### END LOGGING ### | ||
11771 | @@ -6034,7 +6034,7 @@ WARN: Checks disabled | ||
11772 | ### LOGGING ### | ||
11773 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11774 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11775 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11776 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11777 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11778 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11779 | ### END LOGGING ### | ||
11780 | @@ -6069,7 +6069,7 @@ WARN: Checks disabled | ||
11781 | ### LOGGING ### | ||
11782 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11783 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11784 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11785 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11786 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11787 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11788 | ### END LOGGING ### | ||
11789 | @@ -6104,7 +6104,7 @@ WARN: Checks disabled | ||
11790 | ### LOGGING ### | ||
11791 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11792 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11793 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11794 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11795 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11796 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11797 | ### END LOGGING ### | ||
11798 | diff --git a/tests/ipv6/rules64/result b/tests/ipv6/rules64/result | ||
11799 | index 8703253..cc2d397 100644 | ||
11800 | --- a/tests/ipv6/rules64/result | ||
11801 | +++ b/tests/ipv6/rules64/result | ||
11802 | @@ -29,7 +29,7 @@ WARN: Checks disabled | ||
11803 | ### LOGGING ### | ||
11804 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11805 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11806 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11807 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11808 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11809 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11810 | ### END LOGGING ### | ||
11811 | @@ -66,7 +66,7 @@ COMMIT | ||
11812 | ### LOGGING ### | ||
11813 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11814 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11815 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11816 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11817 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11818 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11819 | ### END LOGGING ### | ||
11820 | @@ -104,7 +104,7 @@ WARN: Checks disabled | ||
11821 | ### LOGGING ### | ||
11822 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11823 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11824 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11825 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11826 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11827 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11828 | ### END LOGGING ### | ||
11829 | @@ -140,7 +140,7 @@ COMMIT | ||
11830 | ### LOGGING ### | ||
11831 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11832 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11833 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11834 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11835 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11836 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11837 | ### END LOGGING ### | ||
11838 | @@ -178,7 +178,7 @@ WARN: Checks disabled | ||
11839 | ### LOGGING ### | ||
11840 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11841 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11842 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11843 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11844 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11845 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11846 | ### END LOGGING ### | ||
11847 | @@ -214,7 +214,7 @@ COMMIT | ||
11848 | ### LOGGING ### | ||
11849 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11850 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11851 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11852 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11853 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11854 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11855 | ### END LOGGING ### | ||
11856 | @@ -252,7 +252,7 @@ WARN: Checks disabled | ||
11857 | ### LOGGING ### | ||
11858 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11859 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11860 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11861 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11862 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11863 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11864 | ### END LOGGING ### | ||
11865 | @@ -288,7 +288,7 @@ COMMIT | ||
11866 | ### LOGGING ### | ||
11867 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11868 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11869 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11870 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11871 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11872 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11873 | ### END LOGGING ### | ||
11874 | @@ -326,7 +326,7 @@ WARN: Checks disabled | ||
11875 | ### LOGGING ### | ||
11876 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11877 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11878 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11879 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11880 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11881 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11882 | ### END LOGGING ### | ||
11883 | @@ -367,7 +367,7 @@ WARN: Checks disabled | ||
11884 | ### LOGGING ### | ||
11885 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11886 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11887 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11888 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11889 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11890 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11891 | ### END LOGGING ### | ||
11892 | @@ -404,7 +404,7 @@ WARN: Checks disabled | ||
11893 | ### LOGGING ### | ||
11894 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11895 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11896 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11897 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11898 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11899 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11900 | ### END LOGGING ### | ||
11901 | @@ -440,7 +440,7 @@ COMMIT | ||
11902 | ### LOGGING ### | ||
11903 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11904 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11905 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11906 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11907 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11908 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11909 | ### END LOGGING ### | ||
11910 | @@ -475,7 +475,7 @@ WARN: Checks disabled | ||
11911 | ### LOGGING ### | ||
11912 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11913 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11914 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11915 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11916 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11917 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11918 | ### END LOGGING ### | ||
11919 | @@ -508,7 +508,7 @@ COMMIT | ||
11920 | ### LOGGING ### | ||
11921 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11922 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11923 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11924 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11925 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11926 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11927 | ### END LOGGING ### | ||
11928 | @@ -539,8 +539,8 @@ WARN: Checks disabled | ||
11929 | ### RULES ### | ||
11930 | |||
11931 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
11932 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
11933 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
11934 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
11935 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
11936 | -A ufw-user-input -p tcp --dport 22 -j ufw-user-limit-accept | ||
11937 | |||
11938 | ### END RULES ### | ||
11939 | @@ -548,7 +548,7 @@ WARN: Checks disabled | ||
11940 | ### LOGGING ### | ||
11941 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11942 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11943 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11944 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11945 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11946 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11947 | ### END LOGGING ### | ||
11948 | @@ -593,7 +593,7 @@ WARN: Checks disabled | ||
11949 | ### LOGGING ### | ||
11950 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11951 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11952 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11953 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11954 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11955 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11956 | ### END LOGGING ### | ||
11957 | @@ -630,7 +630,7 @@ COMMIT | ||
11958 | ### LOGGING ### | ||
11959 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11960 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11961 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11962 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11963 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11964 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11965 | ### END LOGGING ### | ||
11966 | @@ -668,7 +668,7 @@ WARN: Checks disabled | ||
11967 | ### LOGGING ### | ||
11968 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11969 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11970 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11971 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11972 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11973 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11974 | ### END LOGGING ### | ||
11975 | @@ -704,7 +704,7 @@ COMMIT | ||
11976 | ### LOGGING ### | ||
11977 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11978 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11979 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11980 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11981 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11982 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11983 | ### END LOGGING ### | ||
11984 | @@ -742,7 +742,7 @@ WARN: Checks disabled | ||
11985 | ### LOGGING ### | ||
11986 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11987 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11988 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11989 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11990 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11991 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
11992 | ### END LOGGING ### | ||
11993 | @@ -785,7 +785,7 @@ WARN: Checks disabled | ||
11994 | ### LOGGING ### | ||
11995 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11996 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
11997 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11998 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
11999 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12000 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12001 | ### END LOGGING ### | ||
12002 | @@ -828,7 +828,7 @@ WARN: Checks disabled | ||
12003 | ### LOGGING ### | ||
12004 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12005 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12006 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12007 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12008 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12009 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12010 | ### END LOGGING ### | ||
12011 | @@ -871,7 +871,7 @@ WARN: Checks disabled | ||
12012 | ### LOGGING ### | ||
12013 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12014 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12015 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12016 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12017 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12018 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12019 | ### END LOGGING ### | ||
12020 | @@ -914,7 +914,7 @@ WARN: Checks disabled | ||
12021 | ### LOGGING ### | ||
12022 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12023 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12024 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12025 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12026 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12027 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12028 | ### END LOGGING ### | ||
12029 | @@ -958,7 +958,7 @@ WARN: Checks disabled | ||
12030 | ### LOGGING ### | ||
12031 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12032 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12033 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12034 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12035 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12036 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12037 | ### END LOGGING ### | ||
12038 | @@ -994,7 +994,7 @@ COMMIT | ||
12039 | ### LOGGING ### | ||
12040 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12041 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12042 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12043 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12044 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12045 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12046 | ### END LOGGING ### | ||
12047 | @@ -1029,7 +1029,7 @@ WARN: Checks disabled | ||
12048 | ### LOGGING ### | ||
12049 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12050 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12051 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12052 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12053 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12054 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12055 | ### END LOGGING ### | ||
12056 | @@ -1062,7 +1062,7 @@ COMMIT | ||
12057 | ### LOGGING ### | ||
12058 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12059 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12060 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12061 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12062 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12063 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12064 | ### END LOGGING ### | ||
12065 | @@ -1100,7 +1100,7 @@ WARN: Checks disabled | ||
12066 | ### LOGGING ### | ||
12067 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12068 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12069 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12070 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12071 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12072 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12073 | ### END LOGGING ### | ||
12074 | @@ -1136,7 +1136,7 @@ COMMIT | ||
12075 | ### LOGGING ### | ||
12076 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12077 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12078 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12079 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12080 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12081 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12082 | ### END LOGGING ### | ||
12083 | @@ -1171,7 +1171,7 @@ WARN: Checks disabled | ||
12084 | ### LOGGING ### | ||
12085 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12086 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12087 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12088 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12089 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12090 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12091 | ### END LOGGING ### | ||
12092 | @@ -1204,7 +1204,7 @@ COMMIT | ||
12093 | ### LOGGING ### | ||
12094 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12095 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12096 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12097 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12098 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12099 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12100 | ### END LOGGING ### | ||
12101 | @@ -1242,7 +1242,7 @@ WARN: Checks disabled | ||
12102 | ### LOGGING ### | ||
12103 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12104 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12105 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12106 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12107 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12108 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12109 | ### END LOGGING ### | ||
12110 | @@ -1278,7 +1278,7 @@ COMMIT | ||
12111 | ### LOGGING ### | ||
12112 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12113 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12114 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12115 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12116 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12117 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12118 | ### END LOGGING ### | ||
12119 | @@ -1313,7 +1313,7 @@ WARN: Checks disabled | ||
12120 | ### LOGGING ### | ||
12121 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12122 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12123 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12124 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12125 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12126 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12127 | ### END LOGGING ### | ||
12128 | @@ -1346,7 +1346,7 @@ COMMIT | ||
12129 | ### LOGGING ### | ||
12130 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12131 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12132 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12133 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12134 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12135 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12136 | ### END LOGGING ### | ||
12137 | @@ -1384,7 +1384,7 @@ WARN: Checks disabled | ||
12138 | ### LOGGING ### | ||
12139 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12140 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12141 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12142 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12143 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12144 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12145 | ### END LOGGING ### | ||
12146 | @@ -1420,7 +1420,7 @@ COMMIT | ||
12147 | ### LOGGING ### | ||
12148 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12149 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12150 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12151 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12152 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12153 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12154 | ### END LOGGING ### | ||
12155 | @@ -1455,7 +1455,7 @@ WARN: Checks disabled | ||
12156 | ### LOGGING ### | ||
12157 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12158 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12159 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12160 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12161 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12162 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12163 | ### END LOGGING ### | ||
12164 | @@ -1488,7 +1488,7 @@ COMMIT | ||
12165 | ### LOGGING ### | ||
12166 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12167 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12168 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12169 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12170 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12171 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12172 | ### END LOGGING ### | ||
12173 | @@ -1527,7 +1527,7 @@ WARN: Checks disabled | ||
12174 | ### LOGGING ### | ||
12175 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12176 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12177 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12178 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12179 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12180 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12181 | ### END LOGGING ### | ||
12182 | @@ -1564,7 +1564,7 @@ COMMIT | ||
12183 | ### LOGGING ### | ||
12184 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12185 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12186 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12187 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12188 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12189 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12190 | ### END LOGGING ### | ||
12191 | @@ -1599,7 +1599,7 @@ WARN: Checks disabled | ||
12192 | ### LOGGING ### | ||
12193 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12194 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12195 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12196 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12197 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12198 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12199 | ### END LOGGING ### | ||
12200 | @@ -1632,7 +1632,7 @@ COMMIT | ||
12201 | ### LOGGING ### | ||
12202 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12203 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12204 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12205 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12206 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12207 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12208 | ### END LOGGING ### | ||
12209 | @@ -1670,7 +1670,7 @@ WARN: Checks disabled | ||
12210 | ### LOGGING ### | ||
12211 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12212 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12213 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12214 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12215 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12216 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12217 | ### END LOGGING ### | ||
12218 | @@ -1706,7 +1706,7 @@ COMMIT | ||
12219 | ### LOGGING ### | ||
12220 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12221 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12222 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12223 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12224 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12225 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12226 | ### END LOGGING ### | ||
12227 | @@ -1741,7 +1741,7 @@ WARN: Checks disabled | ||
12228 | ### LOGGING ### | ||
12229 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12230 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12231 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12232 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12233 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12234 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12235 | ### END LOGGING ### | ||
12236 | @@ -1774,7 +1774,7 @@ COMMIT | ||
12237 | ### LOGGING ### | ||
12238 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12239 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12240 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12241 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12242 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12243 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12244 | ### END LOGGING ### | ||
12245 | @@ -1812,7 +1812,7 @@ WARN: Checks disabled | ||
12246 | ### LOGGING ### | ||
12247 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12248 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12249 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12250 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12251 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12252 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12253 | ### END LOGGING ### | ||
12254 | @@ -1848,7 +1848,7 @@ COMMIT | ||
12255 | ### LOGGING ### | ||
12256 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12257 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12258 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12259 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12260 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12261 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12262 | ### END LOGGING ### | ||
12263 | @@ -1883,7 +1883,7 @@ WARN: Checks disabled | ||
12264 | ### LOGGING ### | ||
12265 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12266 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12267 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12268 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12269 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12270 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12271 | ### END LOGGING ### | ||
12272 | @@ -1916,7 +1916,7 @@ COMMIT | ||
12273 | ### LOGGING ### | ||
12274 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12275 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12276 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12277 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12278 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12279 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12280 | ### END LOGGING ### | ||
12281 | @@ -1955,7 +1955,7 @@ WARN: Checks disabled | ||
12282 | ### LOGGING ### | ||
12283 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12284 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12285 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12286 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12287 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12288 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12289 | ### END LOGGING ### | ||
12290 | @@ -1991,7 +1991,7 @@ COMMIT | ||
12291 | ### LOGGING ### | ||
12292 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12293 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12294 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12295 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12296 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12297 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12298 | ### END LOGGING ### | ||
12299 | @@ -2026,7 +2026,7 @@ WARN: Checks disabled | ||
12300 | ### LOGGING ### | ||
12301 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12302 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12303 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12304 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12305 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12306 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12307 | ### END LOGGING ### | ||
12308 | @@ -2059,7 +2059,7 @@ COMMIT | ||
12309 | ### LOGGING ### | ||
12310 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12311 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12312 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12313 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12314 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12315 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12316 | ### END LOGGING ### | ||
12317 | @@ -2097,7 +2097,7 @@ WARN: Checks disabled | ||
12318 | ### LOGGING ### | ||
12319 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12320 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12321 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12322 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12323 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12324 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12325 | ### END LOGGING ### | ||
12326 | @@ -2133,7 +2133,7 @@ COMMIT | ||
12327 | ### LOGGING ### | ||
12328 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12329 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12330 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12331 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12332 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12333 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12334 | ### END LOGGING ### | ||
12335 | @@ -2168,7 +2168,7 @@ WARN: Checks disabled | ||
12336 | ### LOGGING ### | ||
12337 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12338 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12339 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12340 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12341 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12342 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12343 | ### END LOGGING ### | ||
12344 | @@ -2201,7 +2201,7 @@ COMMIT | ||
12345 | ### LOGGING ### | ||
12346 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12347 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12348 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12349 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12350 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12351 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12352 | ### END LOGGING ### | ||
12353 | @@ -2240,7 +2240,7 @@ WARN: Checks disabled | ||
12354 | ### LOGGING ### | ||
12355 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12356 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12357 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12358 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12359 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12360 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12361 | ### END LOGGING ### | ||
12362 | @@ -2277,7 +2277,7 @@ COMMIT | ||
12363 | ### LOGGING ### | ||
12364 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12365 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12366 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12367 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12368 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12369 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12370 | ### END LOGGING ### | ||
12371 | @@ -2312,7 +2312,7 @@ WARN: Checks disabled | ||
12372 | ### LOGGING ### | ||
12373 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12374 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12375 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12376 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12377 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12378 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12379 | ### END LOGGING ### | ||
12380 | @@ -2345,7 +2345,7 @@ COMMIT | ||
12381 | ### LOGGING ### | ||
12382 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12383 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12384 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12385 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12386 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12387 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12388 | ### END LOGGING ### | ||
12389 | @@ -2384,7 +2384,7 @@ WARN: Checks disabled | ||
12390 | ### LOGGING ### | ||
12391 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12392 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12393 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12394 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12395 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12396 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12397 | ### END LOGGING ### | ||
12398 | @@ -2428,7 +2428,7 @@ WARN: Checks disabled | ||
12399 | ### LOGGING ### | ||
12400 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12401 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12402 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12403 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12404 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12405 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12406 | ### END LOGGING ### | ||
12407 | @@ -2471,7 +2471,7 @@ WARN: Checks disabled | ||
12408 | ### LOGGING ### | ||
12409 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12410 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12411 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12412 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12413 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12414 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12415 | ### END LOGGING ### | ||
12416 | @@ -2514,7 +2514,7 @@ WARN: Checks disabled | ||
12417 | ### LOGGING ### | ||
12418 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12419 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12420 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12421 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12422 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12423 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12424 | ### END LOGGING ### | ||
12425 | @@ -2558,7 +2558,7 @@ WARN: Checks disabled | ||
12426 | ### LOGGING ### | ||
12427 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12428 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12429 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12430 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12431 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12432 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12433 | ### END LOGGING ### | ||
12434 | @@ -2601,7 +2601,7 @@ WARN: Checks disabled | ||
12435 | ### LOGGING ### | ||
12436 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12437 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12438 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12439 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12440 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12441 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12442 | ### END LOGGING ### | ||
12443 | @@ -2644,7 +2644,7 @@ WARN: Checks disabled | ||
12444 | ### LOGGING ### | ||
12445 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12446 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12447 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12448 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12449 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12450 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12451 | ### END LOGGING ### | ||
12452 | @@ -2685,7 +2685,7 @@ WARN: Checks disabled | ||
12453 | ### LOGGING ### | ||
12454 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12455 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12456 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12457 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12458 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12459 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12460 | ### END LOGGING ### | ||
12461 | @@ -2720,7 +2720,7 @@ WARN: Checks disabled | ||
12462 | ### LOGGING ### | ||
12463 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12464 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12465 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12466 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12467 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12468 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12469 | ### END LOGGING ### | ||
12470 | @@ -2755,7 +2755,7 @@ WARN: Checks disabled | ||
12471 | ### LOGGING ### | ||
12472 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12473 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12474 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12475 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12476 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12477 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12478 | ### END LOGGING ### | ||
12479 | @@ -2790,7 +2790,7 @@ WARN: Checks disabled | ||
12480 | ### LOGGING ### | ||
12481 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12482 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12483 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12484 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12485 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12486 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12487 | ### END LOGGING ### | ||
12488 | @@ -2825,7 +2825,7 @@ WARN: Checks disabled | ||
12489 | ### LOGGING ### | ||
12490 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12491 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12492 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12493 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12494 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12495 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12496 | ### END LOGGING ### | ||
12497 | @@ -2860,7 +2860,7 @@ WARN: Checks disabled | ||
12498 | ### LOGGING ### | ||
12499 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12500 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12501 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12502 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12503 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12504 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12505 | ### END LOGGING ### | ||
12506 | @@ -2895,7 +2895,7 @@ WARN: Checks disabled | ||
12507 | ### LOGGING ### | ||
12508 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12509 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12510 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12511 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12512 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12513 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12514 | ### END LOGGING ### | ||
12515 | @@ -3472,7 +3472,7 @@ WARN: Checks disabled | ||
12516 | ### LOGGING ### | ||
12517 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12518 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12519 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12520 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12521 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12522 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12523 | ### END LOGGING ### | ||
12524 | @@ -3515,7 +3515,7 @@ WARN: Checks disabled | ||
12525 | ### LOGGING ### | ||
12526 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12527 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12528 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12529 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12530 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12531 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12532 | ### END LOGGING ### | ||
12533 | @@ -3558,7 +3558,7 @@ WARN: Checks disabled | ||
12534 | ### LOGGING ### | ||
12535 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12536 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12537 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12538 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12539 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12540 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12541 | ### END LOGGING ### | ||
12542 | @@ -3601,7 +3601,7 @@ WARN: Checks disabled | ||
12543 | ### LOGGING ### | ||
12544 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12545 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12546 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12547 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12548 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12549 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12550 | ### END LOGGING ### | ||
12551 | @@ -3644,7 +3644,7 @@ WARN: Checks disabled | ||
12552 | ### LOGGING ### | ||
12553 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12554 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12555 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12556 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12557 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12558 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12559 | ### END LOGGING ### | ||
12560 | @@ -3687,7 +3687,7 @@ WARN: Checks disabled | ||
12561 | ### LOGGING ### | ||
12562 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12563 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12564 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12565 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12566 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12567 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12568 | ### END LOGGING ### | ||
12569 | @@ -3728,7 +3728,7 @@ WARN: Checks disabled | ||
12570 | ### LOGGING ### | ||
12571 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12572 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12573 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12574 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12575 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12576 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12577 | ### END LOGGING ### | ||
12578 | @@ -3763,7 +3763,7 @@ WARN: Checks disabled | ||
12579 | ### LOGGING ### | ||
12580 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12581 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12582 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12583 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12584 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12585 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12586 | ### END LOGGING ### | ||
12587 | @@ -3798,7 +3798,7 @@ WARN: Checks disabled | ||
12588 | ### LOGGING ### | ||
12589 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12590 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12591 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12592 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12593 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12594 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12595 | ### END LOGGING ### | ||
12596 | @@ -3833,7 +3833,7 @@ WARN: Checks disabled | ||
12597 | ### LOGGING ### | ||
12598 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12599 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12600 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12601 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12602 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12603 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12604 | ### END LOGGING ### | ||
12605 | @@ -3868,7 +3868,7 @@ WARN: Checks disabled | ||
12606 | ### LOGGING ### | ||
12607 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12608 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12609 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12610 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12611 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12612 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12613 | ### END LOGGING ### | ||
12614 | @@ -3903,7 +3903,7 @@ WARN: Checks disabled | ||
12615 | ### LOGGING ### | ||
12616 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12617 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12618 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12619 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12620 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12621 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12622 | ### END LOGGING ### | ||
12623 | @@ -3940,7 +3940,7 @@ WARN: Checks disabled | ||
12624 | ### LOGGING ### | ||
12625 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12626 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12627 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12628 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12629 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12630 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12631 | ### END LOGGING ### | ||
12632 | @@ -3976,7 +3976,7 @@ COMMIT | ||
12633 | ### LOGGING ### | ||
12634 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12635 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12636 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12637 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12638 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12639 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12640 | ### END LOGGING ### | ||
12641 | @@ -4014,7 +4014,7 @@ WARN: Checks disabled | ||
12642 | ### LOGGING ### | ||
12643 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12644 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12645 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12646 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12647 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12648 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12649 | ### END LOGGING ### | ||
12650 | @@ -4050,7 +4050,7 @@ COMMIT | ||
12651 | ### LOGGING ### | ||
12652 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12653 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12654 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12655 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12656 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12657 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12658 | ### END LOGGING ### | ||
12659 | @@ -4088,7 +4088,7 @@ WARN: Checks disabled | ||
12660 | ### LOGGING ### | ||
12661 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12662 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12663 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12664 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12665 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12666 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12667 | ### END LOGGING ### | ||
12668 | @@ -4124,7 +4124,7 @@ COMMIT | ||
12669 | ### LOGGING ### | ||
12670 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12671 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12672 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12673 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12674 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12675 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12676 | ### END LOGGING ### | ||
12677 | @@ -4162,7 +4162,7 @@ WARN: Checks disabled | ||
12678 | ### LOGGING ### | ||
12679 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12680 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12681 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12682 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12683 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12684 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12685 | ### END LOGGING ### | ||
12686 | @@ -4198,7 +4198,7 @@ COMMIT | ||
12687 | ### LOGGING ### | ||
12688 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12689 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12690 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12691 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12692 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12693 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12694 | ### END LOGGING ### | ||
12695 | @@ -4236,7 +4236,7 @@ WARN: Checks disabled | ||
12696 | ### LOGGING ### | ||
12697 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12698 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12699 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12700 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12701 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12702 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12703 | ### END LOGGING ### | ||
12704 | @@ -4272,7 +4272,7 @@ COMMIT | ||
12705 | ### LOGGING ### | ||
12706 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12707 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12708 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12709 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12710 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12711 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12712 | ### END LOGGING ### | ||
12713 | @@ -4310,7 +4310,7 @@ WARN: Checks disabled | ||
12714 | ### LOGGING ### | ||
12715 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12716 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12717 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12718 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12719 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12720 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12721 | ### END LOGGING ### | ||
12722 | @@ -4346,7 +4346,7 @@ COMMIT | ||
12723 | ### LOGGING ### | ||
12724 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12725 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12726 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12727 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12728 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12729 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12730 | ### END LOGGING ### | ||
12731 | @@ -4384,7 +4384,7 @@ WARN: Checks disabled | ||
12732 | ### LOGGING ### | ||
12733 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12734 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12735 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12736 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12737 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12738 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12739 | ### END LOGGING ### | ||
12740 | @@ -4420,7 +4420,7 @@ COMMIT | ||
12741 | ### LOGGING ### | ||
12742 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12743 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12744 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12745 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12746 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12747 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12748 | ### END LOGGING ### | ||
12749 | @@ -4458,7 +4458,7 @@ WARN: Checks disabled | ||
12750 | ### LOGGING ### | ||
12751 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12752 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12753 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12754 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12755 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12756 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12757 | ### END LOGGING ### | ||
12758 | @@ -4494,7 +4494,7 @@ COMMIT | ||
12759 | ### LOGGING ### | ||
12760 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12761 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12762 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12763 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12764 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12765 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12766 | ### END LOGGING ### | ||
12767 | @@ -4532,7 +4532,7 @@ WARN: Checks disabled | ||
12768 | ### LOGGING ### | ||
12769 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12770 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12771 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12772 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12773 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12774 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12775 | ### END LOGGING ### | ||
12776 | @@ -4568,7 +4568,7 @@ COMMIT | ||
12777 | ### LOGGING ### | ||
12778 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12779 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12780 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12781 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12782 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12783 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12784 | ### END LOGGING ### | ||
12785 | @@ -4606,7 +4606,7 @@ WARN: Checks disabled | ||
12786 | ### LOGGING ### | ||
12787 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12788 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12789 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12790 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12791 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12792 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12793 | ### END LOGGING ### | ||
12794 | @@ -4642,7 +4642,7 @@ COMMIT | ||
12795 | ### LOGGING ### | ||
12796 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12797 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12798 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12799 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12800 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12801 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12802 | ### END LOGGING ### | ||
12803 | @@ -4680,7 +4680,7 @@ WARN: Checks disabled | ||
12804 | ### LOGGING ### | ||
12805 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12806 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12807 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12808 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12809 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12810 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12811 | ### END LOGGING ### | ||
12812 | @@ -4716,7 +4716,7 @@ COMMIT | ||
12813 | ### LOGGING ### | ||
12814 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12815 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12816 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12817 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12818 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12819 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12820 | ### END LOGGING ### | ||
12821 | @@ -4754,7 +4754,7 @@ WARN: Checks disabled | ||
12822 | ### LOGGING ### | ||
12823 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12824 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12825 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12826 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12827 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12828 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12829 | ### END LOGGING ### | ||
12830 | @@ -4790,7 +4790,7 @@ COMMIT | ||
12831 | ### LOGGING ### | ||
12832 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12833 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12834 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12835 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12836 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12837 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12838 | ### END LOGGING ### | ||
12839 | @@ -4828,7 +4828,7 @@ WARN: Checks disabled | ||
12840 | ### LOGGING ### | ||
12841 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12842 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12843 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12844 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12845 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12846 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12847 | ### END LOGGING ### | ||
12848 | @@ -4864,7 +4864,7 @@ COMMIT | ||
12849 | ### LOGGING ### | ||
12850 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12851 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12852 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12853 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12854 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12855 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12856 | ### END LOGGING ### | ||
12857 | @@ -4902,7 +4902,7 @@ WARN: Checks disabled | ||
12858 | ### LOGGING ### | ||
12859 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12860 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12861 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12862 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12863 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12864 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12865 | ### END LOGGING ### | ||
12866 | @@ -4938,7 +4938,7 @@ COMMIT | ||
12867 | ### LOGGING ### | ||
12868 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12869 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12870 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12871 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12872 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12873 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12874 | ### END LOGGING ### | ||
12875 | @@ -4976,7 +4976,7 @@ WARN: Checks disabled | ||
12876 | ### LOGGING ### | ||
12877 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12878 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12879 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12880 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12881 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12882 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12883 | ### END LOGGING ### | ||
12884 | @@ -5012,7 +5012,7 @@ COMMIT | ||
12885 | ### LOGGING ### | ||
12886 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12887 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12888 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12889 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12890 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12891 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12892 | ### END LOGGING ### | ||
12893 | @@ -5050,7 +5050,7 @@ WARN: Checks disabled | ||
12894 | ### LOGGING ### | ||
12895 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12896 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12897 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12898 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12899 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12900 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12901 | ### END LOGGING ### | ||
12902 | @@ -5086,7 +5086,7 @@ COMMIT | ||
12903 | ### LOGGING ### | ||
12904 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12905 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12906 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12907 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12908 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12909 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12910 | ### END LOGGING ### | ||
12911 | @@ -5117,8 +5117,8 @@ WARN: Checks disabled | ||
12912 | ### RULES ### | ||
12913 | |||
12914 | ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in | ||
12915 | --A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --set | ||
12916 | --A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12917 | +-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set | ||
12918 | +-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12919 | -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept | ||
12920 | |||
12921 | ### END RULES ### | ||
12922 | @@ -5126,7 +5126,7 @@ WARN: Checks disabled | ||
12923 | ### LOGGING ### | ||
12924 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12925 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12926 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12927 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12928 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12929 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12930 | ### END LOGGING ### | ||
12931 | @@ -5163,8 +5163,8 @@ WARN: Checks disabled | ||
12932 | ### RULES ### | ||
12933 | |||
12934 | ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
12935 | --A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set | ||
12936 | --A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12937 | +-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set | ||
12938 | +-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12939 | -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept | ||
12940 | |||
12941 | ### END RULES ### | ||
12942 | @@ -5172,7 +5172,7 @@ WARN: Checks disabled | ||
12943 | ### LOGGING ### | ||
12944 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12945 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12946 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12947 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12948 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12949 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12950 | ### END LOGGING ### | ||
12951 | @@ -5209,8 +5209,8 @@ WARN: Checks disabled | ||
12952 | ### RULES ### | ||
12953 | |||
12954 | ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
12955 | --A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --set | ||
12956 | --A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12957 | +-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set | ||
12958 | +-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12959 | -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept | ||
12960 | |||
12961 | ### END RULES ### | ||
12962 | @@ -5218,7 +5218,7 @@ WARN: Checks disabled | ||
12963 | ### LOGGING ### | ||
12964 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12965 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12966 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12967 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12968 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12969 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12970 | ### END LOGGING ### | ||
12971 | @@ -5255,8 +5255,8 @@ WARN: Checks disabled | ||
12972 | ### RULES ### | ||
12973 | |||
12974 | ### tuple ### limit tcp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
12975 | --A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set | ||
12976 | --A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12977 | +-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set | ||
12978 | +-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12979 | -A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept | ||
12980 | |||
12981 | ### END RULES ### | ||
12982 | @@ -5264,7 +5264,7 @@ WARN: Checks disabled | ||
12983 | ### LOGGING ### | ||
12984 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12985 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12986 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12987 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
12988 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
12989 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
12990 | ### END LOGGING ### | ||
12991 | @@ -5301,8 +5301,8 @@ WARN: Checks disabled | ||
12992 | ### RULES ### | ||
12993 | |||
12994 | ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in | ||
12995 | --A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --set | ||
12996 | --A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12997 | +-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set | ||
12998 | +-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
12999 | -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept | ||
13000 | |||
13001 | ### END RULES ### | ||
13002 | @@ -5310,7 +5310,7 @@ WARN: Checks disabled | ||
13003 | ### LOGGING ### | ||
13004 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13005 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13006 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13007 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13008 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13009 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13010 | ### END LOGGING ### | ||
13011 | @@ -5347,8 +5347,8 @@ WARN: Checks disabled | ||
13012 | ### RULES ### | ||
13013 | |||
13014 | ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
13015 | --A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set | ||
13016 | --A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13017 | +-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set | ||
13018 | +-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13019 | -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept | ||
13020 | |||
13021 | ### END RULES ### | ||
13022 | @@ -5356,7 +5356,7 @@ WARN: Checks disabled | ||
13023 | ### LOGGING ### | ||
13024 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13025 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13026 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13027 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13028 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13029 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13030 | ### END LOGGING ### | ||
13031 | @@ -5393,8 +5393,8 @@ WARN: Checks disabled | ||
13032 | ### RULES ### | ||
13033 | |||
13034 | ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in | ||
13035 | --A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --set | ||
13036 | --A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13037 | +-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set | ||
13038 | +-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13039 | -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept | ||
13040 | |||
13041 | ### END RULES ### | ||
13042 | @@ -5402,7 +5402,7 @@ WARN: Checks disabled | ||
13043 | ### LOGGING ### | ||
13044 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13045 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13046 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13047 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13048 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13049 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13050 | ### END LOGGING ### | ||
13051 | @@ -5439,8 +5439,8 @@ WARN: Checks disabled | ||
13052 | ### RULES ### | ||
13053 | |||
13054 | ### tuple ### limit udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
13055 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set | ||
13056 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13057 | +-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set | ||
13058 | +-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13059 | -A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept | ||
13060 | |||
13061 | ### END RULES ### | ||
13062 | @@ -5448,7 +5448,7 @@ WARN: Checks disabled | ||
13063 | ### LOGGING ### | ||
13064 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13065 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13066 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13067 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13068 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13069 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13070 | ### END LOGGING ### | ||
13071 | @@ -5493,7 +5493,7 @@ WARN: Checks disabled | ||
13072 | ### LOGGING ### | ||
13073 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13074 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13075 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13076 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13077 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13078 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13079 | ### END LOGGING ### | ||
13080 | @@ -5529,7 +5529,7 @@ COMMIT | ||
13081 | ### LOGGING ### | ||
13082 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13083 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13084 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13085 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13086 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13087 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13088 | ### END LOGGING ### | ||
13089 | @@ -5568,7 +5568,7 @@ WARN: Checks disabled | ||
13090 | ### LOGGING ### | ||
13091 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13092 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13093 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13094 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13095 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13096 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13097 | ### END LOGGING ### | ||
13098 | @@ -5604,7 +5604,7 @@ COMMIT | ||
13099 | ### LOGGING ### | ||
13100 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13101 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13102 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13103 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13104 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13105 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13106 | ### END LOGGING ### | ||
13107 | @@ -5639,7 +5639,7 @@ WARN: Checks disabled | ||
13108 | ### LOGGING ### | ||
13109 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13110 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13111 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13112 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13113 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13114 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13115 | ### END LOGGING ### | ||
13116 | @@ -5672,7 +5672,7 @@ COMMIT | ||
13117 | ### LOGGING ### | ||
13118 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13119 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13120 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13121 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13122 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13123 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13124 | ### END LOGGING ### | ||
13125 | @@ -5710,7 +5710,7 @@ WARN: Checks disabled | ||
13126 | ### LOGGING ### | ||
13127 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13128 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13129 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13130 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13131 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13132 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13133 | ### END LOGGING ### | ||
13134 | @@ -5750,7 +5750,7 @@ WARN: Checks disabled | ||
13135 | ### LOGGING ### | ||
13136 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13137 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13138 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13139 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13140 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13141 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13142 | ### END LOGGING ### | ||
13143 | @@ -5794,7 +5794,7 @@ WARN: Checks disabled | ||
13144 | ### LOGGING ### | ||
13145 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13146 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13147 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13148 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13149 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13150 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13151 | ### END LOGGING ### | ||
13152 | @@ -5831,7 +5831,7 @@ COMMIT | ||
13153 | ### LOGGING ### | ||
13154 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13155 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13156 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13157 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13158 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13159 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13160 | ### END LOGGING ### | ||
13161 | @@ -5869,7 +5869,7 @@ WARN: Checks disabled | ||
13162 | ### LOGGING ### | ||
13163 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13164 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13165 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13166 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13167 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13168 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13169 | ### END LOGGING ### | ||
13170 | @@ -5905,7 +5905,7 @@ COMMIT | ||
13171 | ### LOGGING ### | ||
13172 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13173 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13174 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13175 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13176 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13177 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13178 | ### END LOGGING ### | ||
13179 | @@ -5943,7 +5943,7 @@ WARN: Checks disabled | ||
13180 | ### LOGGING ### | ||
13181 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13182 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13183 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13184 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13185 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13186 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13187 | ### END LOGGING ### | ||
13188 | @@ -5979,7 +5979,7 @@ COMMIT | ||
13189 | ### LOGGING ### | ||
13190 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13191 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13192 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13193 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13194 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13195 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13196 | ### END LOGGING ### | ||
13197 | @@ -6017,7 +6017,7 @@ WARN: Checks disabled | ||
13198 | ### LOGGING ### | ||
13199 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13200 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13201 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13202 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13203 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13204 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13205 | ### END LOGGING ### | ||
13206 | @@ -6053,7 +6053,7 @@ COMMIT | ||
13207 | ### LOGGING ### | ||
13208 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13209 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13210 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13211 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13212 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13213 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13214 | ### END LOGGING ### | ||
13215 | @@ -6091,7 +6091,7 @@ WARN: Checks disabled | ||
13216 | ### LOGGING ### | ||
13217 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13218 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13219 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13220 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13221 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13222 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13223 | ### END LOGGING ### | ||
13224 | @@ -6127,7 +6127,7 @@ COMMIT | ||
13225 | ### LOGGING ### | ||
13226 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13227 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13228 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13229 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13230 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13231 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13232 | ### END LOGGING ### | ||
13233 | @@ -6164,7 +6164,7 @@ WARN: Checks disabled | ||
13234 | ### LOGGING ### | ||
13235 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13236 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13237 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13238 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13239 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13240 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13241 | ### END LOGGING ### | ||
13242 | @@ -6199,7 +6199,7 @@ WARN: Checks disabled | ||
13243 | ### LOGGING ### | ||
13244 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13245 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13246 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13247 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13248 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13249 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13250 | ### END LOGGING ### | ||
13251 | @@ -6234,7 +6234,7 @@ WARN: Checks disabled | ||
13252 | ### LOGGING ### | ||
13253 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13254 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13255 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13256 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13257 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13258 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13259 | ### END LOGGING ### | ||
13260 | @@ -6295,7 +6295,7 @@ ipv4 rule in ipv4 section | ||
13261 | ### LOGGING ### | ||
13262 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13263 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13264 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13265 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13266 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13267 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13268 | ### END LOGGING ### | ||
13269 | @@ -6336,7 +6336,7 @@ COMMIT | ||
13270 | ### LOGGING ### | ||
13271 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13272 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13273 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13274 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13275 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13276 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13277 | ### END LOGGING ### | ||
13278 | @@ -6380,7 +6380,7 @@ ipv6 rule in ipv6 section | ||
13279 | ### LOGGING ### | ||
13280 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13281 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13282 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13283 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13284 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13285 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13286 | ### END LOGGING ### | ||
13287 | @@ -6425,7 +6425,7 @@ COMMIT | ||
13288 | ### LOGGING ### | ||
13289 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13290 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13291 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13292 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13293 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13294 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13295 | ### END LOGGING ### | ||
13296 | @@ -6487,7 +6487,7 @@ ipv4 rule in ipv6 section | ||
13297 | ### LOGGING ### | ||
13298 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13299 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13300 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13301 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13302 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13303 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13304 | ### END LOGGING ### | ||
13305 | @@ -6532,7 +6532,7 @@ COMMIT | ||
13306 | ### LOGGING ### | ||
13307 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13308 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13309 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13310 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13311 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13312 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13313 | ### END LOGGING ### | ||
13314 | @@ -6572,11 +6572,11 @@ COMMIT | ||
13315 | -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT | ||
13316 | |||
13317 | ### tuple ### allow_log any 8888 0.0.0.0/0 any 0.0.0.0/0 in | ||
13318 | --A ufw-user-logging-input -p tcp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13319 | +-A ufw-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13320 | -A ufw-user-logging-input -p tcp --dport 8888 -j RETURN | ||
13321 | -A ufw-user-input -p tcp --dport 8888 -j ufw-user-logging-input | ||
13322 | -A ufw-user-input -p tcp --dport 8888 -j ACCEPT | ||
13323 | --A ufw-user-logging-input -p udp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13324 | +-A ufw-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13325 | -A ufw-user-logging-input -p udp --dport 8888 -j RETURN | ||
13326 | -A ufw-user-input -p udp --dport 8888 -j ufw-user-logging-input | ||
13327 | -A ufw-user-input -p udp --dport 8888 -j ACCEPT | ||
13328 | @@ -6586,7 +6586,7 @@ COMMIT | ||
13329 | ### LOGGING ### | ||
13330 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13331 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13332 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13333 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13334 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13335 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13336 | ### END LOGGING ### | ||
13337 | @@ -6619,11 +6619,11 @@ COMMIT | ||
13338 | -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT | ||
13339 | |||
13340 | ### tuple ### allow_log any 8888 ::/0 any ::/0 in | ||
13341 | --A ufw6-user-logging-input -p tcp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13342 | +-A ufw6-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13343 | -A ufw6-user-logging-input -p tcp --dport 8888 -j RETURN | ||
13344 | -A ufw6-user-input -p tcp --dport 8888 -j ufw6-user-logging-input | ||
13345 | -A ufw6-user-input -p tcp --dport 8888 -j ACCEPT | ||
13346 | --A ufw6-user-logging-input -p udp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13347 | +-A ufw6-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13348 | -A ufw6-user-logging-input -p udp --dport 8888 -j RETURN | ||
13349 | -A ufw6-user-input -p udp --dport 8888 -j ufw6-user-logging-input | ||
13350 | -A ufw6-user-input -p udp --dport 8888 -j ACCEPT | ||
13351 | @@ -6637,7 +6637,7 @@ COMMIT | ||
13352 | ### LOGGING ### | ||
13353 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13354 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13355 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13356 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13357 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13358 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13359 | ### END LOGGING ### | ||
13360 | @@ -6681,7 +6681,7 @@ COMMIT | ||
13361 | ### LOGGING ### | ||
13362 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13363 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13364 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13365 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13366 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13367 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13368 | ### END LOGGING ### | ||
13369 | @@ -6714,7 +6714,7 @@ COMMIT | ||
13370 | ### LOGGING ### | ||
13371 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13372 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13373 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13374 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13375 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13376 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13377 | ### END LOGGING ### | ||
13378 | @@ -6768,7 +6768,7 @@ Interfaces | ||
13379 | ### LOGGING ### | ||
13380 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13381 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13382 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13383 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13384 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13385 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13386 | ### END LOGGING ### | ||
13387 | @@ -6810,7 +6810,7 @@ COMMIT | ||
13388 | ### LOGGING ### | ||
13389 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13390 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13391 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13392 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13393 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13394 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13395 | ### END LOGGING ### | ||
13396 | @@ -6854,7 +6854,7 @@ COMMIT | ||
13397 | ### LOGGING ### | ||
13398 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13399 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13400 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13401 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13402 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13403 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13404 | ### END LOGGING ### | ||
13405 | @@ -6887,7 +6887,7 @@ COMMIT | ||
13406 | ### LOGGING ### | ||
13407 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13408 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13409 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13410 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13411 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13412 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13413 | ### END LOGGING ### | ||
13414 | @@ -6940,7 +6940,7 @@ COMMIT | ||
13415 | ### LOGGING ### | ||
13416 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13417 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13418 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13419 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13420 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13421 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13422 | ### END LOGGING ### | ||
13423 | @@ -6982,7 +6982,7 @@ COMMIT | ||
13424 | ### LOGGING ### | ||
13425 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13426 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13427 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13428 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13429 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13430 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13431 | ### END LOGGING ### | ||
13432 | @@ -7026,7 +7026,7 @@ COMMIT | ||
13433 | ### LOGGING ### | ||
13434 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13435 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13436 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13437 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13438 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13439 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13440 | ### END LOGGING ### | ||
13441 | @@ -7059,7 +7059,7 @@ COMMIT | ||
13442 | ### LOGGING ### | ||
13443 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13444 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13445 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13446 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13447 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13448 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13449 | ### END LOGGING ### | ||
13450 | @@ -7094,7 +7094,7 @@ WARN: Checks disabled | ||
13451 | ### LOGGING ### | ||
13452 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13453 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13454 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13455 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13456 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13457 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13458 | ### END LOGGING ### | ||
13459 | @@ -7137,7 +7137,7 @@ WARN: Checks disabled | ||
13460 | ### LOGGING ### | ||
13461 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13462 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13463 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13464 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13465 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13466 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13467 | ### END LOGGING ### | ||
13468 | @@ -7180,7 +7180,7 @@ WARN: Checks disabled | ||
13469 | ### LOGGING ### | ||
13470 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13471 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13472 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13473 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13474 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13475 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13476 | ### END LOGGING ### | ||
13477 | @@ -7223,7 +7223,7 @@ WARN: Checks disabled | ||
13478 | ### LOGGING ### | ||
13479 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13480 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13481 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13482 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13483 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13484 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13485 | ### END LOGGING ### | ||
13486 | @@ -7264,7 +7264,7 @@ WARN: Checks disabled | ||
13487 | ### LOGGING ### | ||
13488 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13489 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13490 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13491 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13492 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13493 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13494 | ### END LOGGING ### | ||
13495 | @@ -7299,7 +7299,7 @@ WARN: Checks disabled | ||
13496 | ### LOGGING ### | ||
13497 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13498 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13499 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13500 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13501 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13502 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13503 | ### END LOGGING ### | ||
13504 | @@ -7334,7 +7334,7 @@ WARN: Checks disabled | ||
13505 | ### LOGGING ### | ||
13506 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13507 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13508 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13509 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13510 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13511 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13512 | ### END LOGGING ### | ||
13513 | @@ -7369,7 +7369,7 @@ WARN: Checks disabled | ||
13514 | ### LOGGING ### | ||
13515 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13516 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13517 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13518 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13519 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13520 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13521 | ### END LOGGING ### | ||
13522 | @@ -7406,7 +7406,7 @@ WARN: Checks disabled | ||
13523 | ### LOGGING ### | ||
13524 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13525 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13526 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13527 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13528 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13529 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13530 | ### END LOGGING ### | ||
13531 | @@ -7442,7 +7442,7 @@ COMMIT | ||
13532 | ### LOGGING ### | ||
13533 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13534 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13535 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13536 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13537 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13538 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13539 | ### END LOGGING ### | ||
13540 | @@ -7480,7 +7480,7 @@ WARN: Checks disabled | ||
13541 | ### LOGGING ### | ||
13542 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13543 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13544 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13545 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13546 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13547 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13548 | ### END LOGGING ### | ||
13549 | @@ -7516,7 +7516,7 @@ COMMIT | ||
13550 | ### LOGGING ### | ||
13551 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13552 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13553 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13554 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13555 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13556 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13557 | ### END LOGGING ### | ||
13558 | diff --git a/tests/root/bugs/result b/tests/root/bugs/result | ||
13559 | index e7ee4da..34bee1a 100644 | ||
13560 | --- a/tests/root/bugs/result | ||
13561 | +++ b/tests/root/bugs/result | ||
13562 | @@ -34,7 +34,7 @@ WARN: Checks disabled | ||
13563 | ### LOGGING ### | ||
13564 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13565 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13566 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13567 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13568 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13569 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13570 | ### END LOGGING ### | ||
13571 | diff --git a/tests/root/live/result b/tests/root/live/result | ||
13572 | index 78148f4..7b183c5 100644 | ||
13573 | --- a/tests/root/live/result | ||
13574 | +++ b/tests/root/live/result | ||
13575 | @@ -145,8 +145,8 @@ Anywhere ALLOW 192.168.0.0/16 | ||
13576 | -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT | ||
13577 | |||
13578 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
13579 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
13580 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13581 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
13582 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13583 | ### tuple ### allow any 53 ::/0 any ::/0 in | ||
13584 | -A ufw6-user-input -p tcp --dport 53 -j ACCEPT | ||
13585 | -A ufw6-user-input -p udp --dport 53 -j ACCEPT | ||
13586 | @@ -368,8 +368,8 @@ Anywhere ALLOW 192.168.0.0/16 | ||
13587 | -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT | ||
13588 | |||
13589 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
13590 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
13591 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13592 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
13593 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13594 | TESTING ARGS (delete allow/deny to/from) | ||
13595 | 48: delete allow 53 | ||
13596 | WARN: Checks disabled | ||
13597 | @@ -1057,8 +1057,8 @@ Status: active | ||
13598 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
13599 | -- | ||
13600 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 | ||
13601 | --A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13602 | --A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13603 | +-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13604 | +-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13605 | -- | ||
13606 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 | ||
13607 | -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
13608 | @@ -1072,8 +1072,8 @@ Status: active | ||
13609 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
13610 | -- | ||
13611 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 | ||
13612 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13613 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13614 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13615 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13616 | -- | ||
13617 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 | ||
13618 | -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13619 | @@ -1082,11 +1082,11 @@ Status: active | ||
13620 | -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13621 | |||
13622 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
13623 | --A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13624 | +-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13625 | -A ufw-user-logging-input -i eth0 -j RETURN | ||
13626 | -- | ||
13627 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 | ||
13628 | --A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13629 | +-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13630 | -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
13631 | -- | ||
13632 | ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 | ||
13633 | @@ -1109,7 +1109,7 @@ Status: active | ||
13634 | -A ufw6-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13635 | |||
13636 | ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 | ||
13637 | --A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13638 | +-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13639 | -A ufw6-user-logging-input -i eth0 -j RETURN | ||
13640 | -- | ||
13641 | ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth0 | ||
13642 | @@ -1312,8 +1312,8 @@ Status: active | ||
13643 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
13644 | -- | ||
13645 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 | ||
13646 | --A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13647 | --A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13648 | +-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13649 | +-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13650 | -- | ||
13651 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 | ||
13652 | -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
13653 | @@ -1327,8 +1327,8 @@ Status: active | ||
13654 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
13655 | -- | ||
13656 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 | ||
13657 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13658 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13659 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13660 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13661 | -- | ||
13662 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 | ||
13663 | -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13664 | @@ -1337,11 +1337,11 @@ Status: active | ||
13665 | -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13666 | |||
13667 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
13668 | --A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13669 | +-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13670 | -A ufw-user-logging-output -o eth0 -j RETURN | ||
13671 | -- | ||
13672 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 | ||
13673 | --A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13674 | +-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13675 | -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
13676 | -- | ||
13677 | ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 | ||
13678 | @@ -1364,7 +1364,7 @@ Status: active | ||
13679 | -A ufw6-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13680 | |||
13681 | ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 | ||
13682 | --A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13683 | +-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13684 | -A ufw6-user-logging-output -o eth0 -j RETURN | ||
13685 | -- | ||
13686 | ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth0 | ||
13687 | @@ -1556,8 +1556,8 @@ Status: active | ||
13688 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
13689 | -- | ||
13690 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 | ||
13691 | --A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13692 | --A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13693 | +-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13694 | +-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13695 | -- | ||
13696 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 | ||
13697 | -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
13698 | @@ -1571,8 +1571,8 @@ Status: active | ||
13699 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
13700 | -- | ||
13701 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 | ||
13702 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13703 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13704 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13705 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13706 | -- | ||
13707 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 | ||
13708 | -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13709 | @@ -1581,11 +1581,11 @@ Status: active | ||
13710 | -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13711 | |||
13712 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 | ||
13713 | --A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13714 | +-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13715 | -A ufw-user-logging-input -i eth0 -j RETURN | ||
13716 | -- | ||
13717 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 | ||
13718 | --A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13719 | +-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13720 | -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
13721 | -- | ||
13722 | ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 | ||
13723 | @@ -1777,8 +1777,8 @@ Status: active | ||
13724 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
13725 | -- | ||
13726 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 | ||
13727 | --A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13728 | --A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13729 | +-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13730 | +-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13731 | -- | ||
13732 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 | ||
13733 | -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
13734 | @@ -1792,8 +1792,8 @@ Status: active | ||
13735 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
13736 | -- | ||
13737 | ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 | ||
13738 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set | ||
13739 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13740 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
13741 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
13742 | -- | ||
13743 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 | ||
13744 | -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13745 | @@ -1802,11 +1802,11 @@ Status: active | ||
13746 | -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13747 | |||
13748 | ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 | ||
13749 | --A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13750 | +-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13751 | -A ufw-user-logging-output -o eth0 -j RETURN | ||
13752 | -- | ||
13753 | ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 | ||
13754 | --A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13755 | +-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13756 | -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN | ||
13757 | -- | ||
13758 | ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 | ||
13759 | diff --git a/tests/root/live_apps/result b/tests/root/live_apps/result | ||
13760 | index c0aa6e2..cb97ffb 100644 | ||
13761 | --- a/tests/root/live_apps/result | ||
13762 | +++ b/tests/root/live_apps/result | ||
13763 | @@ -1235,7 +1235,7 @@ Rule inserted | ||
13764 | ### LOGGING ### | ||
13765 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13766 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13767 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13768 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13769 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13770 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13771 | ### END LOGGING ### | ||
13772 | @@ -1318,7 +1318,7 @@ Rule deleted | ||
13773 | ### LOGGING ### | ||
13774 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13775 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13776 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13777 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13778 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13779 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13780 | ### END LOGGING ### | ||
13781 | @@ -1444,7 +1444,7 @@ Rule inserted | ||
13782 | ### LOGGING ### | ||
13783 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13784 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13785 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13786 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13787 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13788 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13789 | ### END LOGGING ### | ||
13790 | @@ -1543,7 +1543,7 @@ Rule deleted | ||
13791 | ### LOGGING ### | ||
13792 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13793 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13794 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13795 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13796 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13797 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13798 | ### END LOGGING ### | ||
13799 | @@ -1647,7 +1647,7 @@ Rule inserted (v6) | ||
13800 | ### LOGGING ### | ||
13801 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13802 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13803 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13804 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13805 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13806 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13807 | ### END LOGGING ### | ||
13808 | @@ -1696,7 +1696,7 @@ COMMIT | ||
13809 | ### LOGGING ### | ||
13810 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13811 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13812 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13813 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13814 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13815 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13816 | ### END LOGGING ### | ||
13817 | @@ -1755,7 +1755,7 @@ Rule deleted (v6) | ||
13818 | ### LOGGING ### | ||
13819 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13820 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13821 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13822 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13823 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13824 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13825 | ### END LOGGING ### | ||
13826 | @@ -1788,7 +1788,7 @@ COMMIT | ||
13827 | ### LOGGING ### | ||
13828 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13829 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13830 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13831 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13832 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13833 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13834 | ### END LOGGING ### | ||
13835 | @@ -1889,7 +1889,7 @@ Rule inserted | ||
13836 | ### LOGGING ### | ||
13837 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13838 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13839 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13840 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13841 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13842 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13843 | ### END LOGGING ### | ||
13844 | @@ -1932,7 +1932,7 @@ COMMIT | ||
13845 | ### LOGGING ### | ||
13846 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13847 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13848 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13849 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13850 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13851 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13852 | ### END LOGGING ### | ||
13853 | @@ -2005,7 +2005,7 @@ Rule deleted | ||
13854 | ### LOGGING ### | ||
13855 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13856 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13857 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13858 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13859 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13860 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13861 | ### END LOGGING ### | ||
13862 | @@ -2038,7 +2038,7 @@ COMMIT | ||
13863 | ### LOGGING ### | ||
13864 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13865 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13866 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13867 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13868 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13869 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13870 | ### END LOGGING ### | ||
13871 | @@ -2173,23 +2173,23 @@ Samba on eth0 LIMIT 10.0.0.1 | ||
13872 | |||
13873 | |||
13874 | ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 | ||
13875 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13876 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13877 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13878 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13879 | -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13880 | -- | ||
13881 | ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 | ||
13882 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13883 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13884 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13885 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13886 | -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13887 | -- | ||
13888 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 | ||
13889 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13890 | --A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13891 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13892 | +-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13893 | -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13894 | -- | ||
13895 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 | ||
13896 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13897 | --A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13898 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13899 | +-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13900 | -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13901 | 225: delete limit in on eth0 to 192.168.0.1 app Samba | ||
13902 | WARN: Checks disabled | ||
13903 | @@ -2447,23 +2447,23 @@ Samba LIMIT OUT 10.0.0.1 on eth0 | ||
13904 | |||
13905 | |||
13906 | ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 | ||
13907 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13908 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13909 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13910 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13911 | -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13912 | -- | ||
13913 | ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 | ||
13914 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13915 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13916 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13917 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13918 | -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13919 | -- | ||
13920 | ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 | ||
13921 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13922 | --A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13923 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13924 | +-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13925 | -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13926 | -- | ||
13927 | ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 | ||
13928 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13929 | --A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13930 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
13931 | +-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
13932 | -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
13933 | 259: delete limit out on eth0 to 192.168.0.1 app Samba | ||
13934 | WARN: Checks disabled | ||
13935 | diff --git a/tests/root/logging/result b/tests/root/logging/result | ||
13936 | index bbcc434..583ec46 100644 | ||
13937 | --- a/tests/root/logging/result | ||
13938 | +++ b/tests/root/logging/result | ||
13939 | @@ -35,23 +35,23 @@ contents of user*.rules: | ||
13940 | ### RULES ### | ||
13941 | |||
13942 | ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
13943 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13944 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13945 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
13946 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
13947 | -A ufw-user-input -p tcp --dport 23 -j ACCEPT | ||
13948 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13949 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13950 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
13951 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
13952 | -A ufw-user-input -p udp --dport 23 -j ACCEPT | ||
13953 | |||
13954 | ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
13955 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13956 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13957 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
13958 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
13959 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13960 | |||
13961 | ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
13962 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13963 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13964 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
13965 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
13966 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13967 | @@ -61,7 +61,7 @@ contents of user*.rules: | ||
13968 | ### LOGGING ### | ||
13969 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13970 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13971 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13972 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
13973 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
13974 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
13975 | ### END LOGGING ### | ||
13976 | @@ -90,29 +90,29 @@ COMMIT | ||
13977 | ### RULES ### | ||
13978 | |||
13979 | ### tuple ### allow_log any 23 ::/0 any ::/0 in | ||
13980 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13981 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13982 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
13983 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
13984 | -A ufw6-user-input -p tcp --dport 23 -j ACCEPT | ||
13985 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13986 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13987 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
13988 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
13989 | -A ufw6-user-input -p udp --dport 23 -j ACCEPT | ||
13990 | |||
13991 | ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in | ||
13992 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13993 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
13994 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
13995 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
13996 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
13997 | |||
13998 | ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
13999 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
14000 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
14001 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14002 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
14003 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
14004 | |||
14005 | ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
14006 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
14007 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " | ||
14008 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
14009 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
14010 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT | ||
14011 | @@ -122,7 +122,7 @@ COMMIT | ||
14012 | ### LOGGING ### | ||
14013 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14014 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14015 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14016 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14017 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14018 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14019 | ### END LOGGING ### | ||
14020 | @@ -167,7 +167,7 @@ contents of user*.rules: | ||
14021 | ### LOGGING ### | ||
14022 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14023 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14024 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14025 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14026 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14027 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14028 | ### END LOGGING ### | ||
14029 | @@ -200,7 +200,7 @@ COMMIT | ||
14030 | ### LOGGING ### | ||
14031 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14032 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14033 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14034 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14035 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14036 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14037 | ### END LOGGING ### | ||
14038 | @@ -261,7 +261,7 @@ contents of user*.rules: | ||
14039 | ### LOGGING ### | ||
14040 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14041 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14042 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14043 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14044 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14045 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14046 | ### END LOGGING ### | ||
14047 | @@ -322,7 +322,7 @@ COMMIT | ||
14048 | ### LOGGING ### | ||
14049 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14050 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14051 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14052 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14053 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14054 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14055 | ### END LOGGING ### | ||
14056 | @@ -367,7 +367,7 @@ contents of user*.rules: | ||
14057 | ### LOGGING ### | ||
14058 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14059 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14060 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14061 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14062 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14063 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14064 | ### END LOGGING ### | ||
14065 | @@ -400,7 +400,7 @@ COMMIT | ||
14066 | ### LOGGING ### | ||
14067 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14068 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14069 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14070 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14071 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14072 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14073 | ### END LOGGING ### | ||
14074 | @@ -435,23 +435,23 @@ contents of user*.rules: | ||
14075 | ### RULES ### | ||
14076 | |||
14077 | ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
14078 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14079 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14080 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
14081 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
14082 | -A ufw-user-input -p tcp --dport 23 -j DROP | ||
14083 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14084 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14085 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
14086 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
14087 | -A ufw-user-input -p udp --dport 23 -j DROP | ||
14088 | |||
14089 | ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14090 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14091 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14092 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14093 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
14094 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
14095 | |||
14096 | ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14097 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14098 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14099 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14100 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
14101 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
14102 | @@ -461,7 +461,7 @@ contents of user*.rules: | ||
14103 | ### LOGGING ### | ||
14104 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14105 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14106 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14107 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14108 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14109 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14110 | ### END LOGGING ### | ||
14111 | @@ -490,29 +490,29 @@ COMMIT | ||
14112 | ### RULES ### | ||
14113 | |||
14114 | ### tuple ### deny_log any 23 ::/0 any ::/0 in | ||
14115 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14116 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14117 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
14118 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
14119 | -A ufw6-user-input -p tcp --dport 23 -j DROP | ||
14120 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14121 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14122 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
14123 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
14124 | -A ufw6-user-input -p udp --dport 23 -j DROP | ||
14125 | |||
14126 | ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in | ||
14127 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14128 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14129 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14130 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
14131 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' | ||
14132 | |||
14133 | ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
14134 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14135 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14136 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14137 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
14138 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' | ||
14139 | |||
14140 | ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
14141 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14142 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14143 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
14144 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
14145 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP | ||
14146 | @@ -522,7 +522,7 @@ COMMIT | ||
14147 | ### LOGGING ### | ||
14148 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14149 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14150 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14151 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14152 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14153 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14154 | ### END LOGGING ### | ||
14155 | @@ -567,7 +567,7 @@ contents of user*.rules: | ||
14156 | ### LOGGING ### | ||
14157 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14158 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14159 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14160 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14161 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14162 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14163 | ### END LOGGING ### | ||
14164 | @@ -600,7 +600,7 @@ COMMIT | ||
14165 | ### LOGGING ### | ||
14166 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14167 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14168 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14169 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14170 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14171 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14172 | ### END LOGGING ### | ||
14173 | @@ -661,7 +661,7 @@ contents of user*.rules: | ||
14174 | ### LOGGING ### | ||
14175 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14176 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14177 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14178 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14179 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14180 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14181 | ### END LOGGING ### | ||
14182 | @@ -722,7 +722,7 @@ COMMIT | ||
14183 | ### LOGGING ### | ||
14184 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14185 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14186 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14187 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14188 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14189 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14190 | ### END LOGGING ### | ||
14191 | @@ -767,7 +767,7 @@ contents of user*.rules: | ||
14192 | ### LOGGING ### | ||
14193 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14194 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14195 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14196 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14197 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14198 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14199 | ### END LOGGING ### | ||
14200 | @@ -800,7 +800,7 @@ COMMIT | ||
14201 | ### LOGGING ### | ||
14202 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14203 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14204 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14205 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14206 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14207 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14208 | ### END LOGGING ### | ||
14209 | @@ -835,33 +835,33 @@ contents of user*.rules: | ||
14210 | ### RULES ### | ||
14211 | |||
14212 | ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
14213 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14214 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14215 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
14216 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
14217 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
14218 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14219 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14220 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14221 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
14222 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14223 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14224 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
14225 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
14226 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
14227 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14228 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14229 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14230 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
14231 | |||
14232 | ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14233 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14234 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14235 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14236 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
14237 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14238 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14239 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14240 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14241 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
14242 | |||
14243 | ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14244 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14245 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14246 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14247 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
14248 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14249 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14250 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14251 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14252 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
14253 | |||
14254 | ### END RULES ### | ||
14255 | @@ -869,7 +869,7 @@ contents of user*.rules: | ||
14256 | ### LOGGING ### | ||
14257 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14258 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14259 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14260 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14261 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14262 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14263 | ### END LOGGING ### | ||
14264 | @@ -902,7 +902,7 @@ COMMIT | ||
14265 | ### LOGGING ### | ||
14266 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14267 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14268 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14269 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14270 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14271 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14272 | ### END LOGGING ### | ||
14273 | @@ -947,7 +947,7 @@ contents of user*.rules: | ||
14274 | ### LOGGING ### | ||
14275 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14276 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14277 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14278 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14279 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14280 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14281 | ### END LOGGING ### | ||
14282 | @@ -980,7 +980,7 @@ COMMIT | ||
14283 | ### LOGGING ### | ||
14284 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14285 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14286 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14287 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14288 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14289 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14290 | ### END LOGGING ### | ||
14291 | @@ -1018,30 +1018,30 @@ contents of user*.rules: | ||
14292 | -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14293 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
14294 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
14295 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set | ||
14296 | --A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14297 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14298 | +-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14299 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept | ||
14300 | -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14301 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
14302 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
14303 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set | ||
14304 | --A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14305 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14306 | +-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14307 | -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept | ||
14308 | |||
14309 | ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14310 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14311 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14312 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
14313 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14314 | --A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14315 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14316 | +-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14317 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
14318 | |||
14319 | ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14320 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " | ||
14321 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14322 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
14323 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14324 | --A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14325 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' | ||
14326 | +-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' | ||
14327 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' | ||
14328 | |||
14329 | ### END RULES ### | ||
14330 | @@ -1049,7 +1049,7 @@ contents of user*.rules: | ||
14331 | ### LOGGING ### | ||
14332 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14333 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14334 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14335 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14336 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14337 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14338 | ### END LOGGING ### | ||
14339 | @@ -1082,7 +1082,7 @@ COMMIT | ||
14340 | ### LOGGING ### | ||
14341 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14342 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14343 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14344 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14345 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14346 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14347 | ### END LOGGING ### | ||
14348 | @@ -1127,7 +1127,7 @@ contents of user*.rules: | ||
14349 | ### LOGGING ### | ||
14350 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14351 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14352 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14353 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14354 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14355 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14356 | ### END LOGGING ### | ||
14357 | @@ -1160,7 +1160,7 @@ COMMIT | ||
14358 | ### LOGGING ### | ||
14359 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14360 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14361 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14362 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14363 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14364 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14365 | ### END LOGGING ### | ||
14366 | @@ -1195,23 +1195,23 @@ contents of user*.rules: | ||
14367 | ### RULES ### | ||
14368 | |||
14369 | ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in | ||
14370 | --A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14371 | +-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14372 | -A ufw-user-logging-input -p tcp --dport 23 -j RETURN | ||
14373 | -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input | ||
14374 | -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
14375 | --A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14376 | +-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14377 | -A ufw-user-logging-input -p udp --dport 23 -j RETURN | ||
14378 | -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input | ||
14379 | -A ufw-user-input -p udp --dport 23 -j REJECT | ||
14380 | |||
14381 | ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14382 | --A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14383 | +-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14384 | -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14385 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input | ||
14386 | -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
14387 | |||
14388 | ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
14389 | --A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14390 | +-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14391 | -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14392 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input | ||
14393 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
14394 | @@ -1221,7 +1221,7 @@ contents of user*.rules: | ||
14395 | ### LOGGING ### | ||
14396 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14397 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14398 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14399 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14400 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14401 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14402 | ### END LOGGING ### | ||
14403 | @@ -1250,29 +1250,29 @@ COMMIT | ||
14404 | ### RULES ### | ||
14405 | |||
14406 | ### tuple ### reject_log any 23 ::/0 any ::/0 in | ||
14407 | --A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14408 | +-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14409 | -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN | ||
14410 | -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input | ||
14411 | -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset | ||
14412 | --A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14413 | +-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14414 | -A ufw6-user-logging-input -p udp --dport 23 -j RETURN | ||
14415 | -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input | ||
14416 | -A ufw6-user-input -p udp --dport 23 -j REJECT | ||
14417 | |||
14418 | ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in | ||
14419 | --A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14420 | +-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14421 | -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN | ||
14422 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input | ||
14423 | -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' | ||
14424 | |||
14425 | ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in | ||
14426 | --A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14427 | +-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14428 | -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN | ||
14429 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input | ||
14430 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' | ||
14431 | |||
14432 | ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in | ||
14433 | --A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14434 | +-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " | ||
14435 | -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN | ||
14436 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input | ||
14437 | -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset | ||
14438 | @@ -1282,7 +1282,7 @@ COMMIT | ||
14439 | ### LOGGING ### | ||
14440 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14441 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14442 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14443 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14444 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14445 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14446 | ### END LOGGING ### | ||
14447 | @@ -1327,7 +1327,7 @@ contents of user*.rules: | ||
14448 | ### LOGGING ### | ||
14449 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14450 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14451 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14452 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14453 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14454 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14455 | ### END LOGGING ### | ||
14456 | @@ -1360,7 +1360,7 @@ COMMIT | ||
14457 | ### LOGGING ### | ||
14458 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14459 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14460 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14461 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14462 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14463 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14464 | ### END LOGGING ### | ||
14465 | @@ -1421,7 +1421,7 @@ contents of user*.rules: | ||
14466 | ### LOGGING ### | ||
14467 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14468 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14469 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14470 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14471 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14472 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14473 | ### END LOGGING ### | ||
14474 | @@ -1482,7 +1482,7 @@ COMMIT | ||
14475 | ### LOGGING ### | ||
14476 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14477 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14478 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14479 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14480 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14481 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14482 | ### END LOGGING ### | ||
14483 | @@ -1527,7 +1527,7 @@ contents of user*.rules: | ||
14484 | ### LOGGING ### | ||
14485 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14486 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14487 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14488 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14489 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14490 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14491 | ### END LOGGING ### | ||
14492 | @@ -1560,7 +1560,7 @@ COMMIT | ||
14493 | ### LOGGING ### | ||
14494 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14495 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14496 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14497 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14498 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14499 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14500 | ### END LOGGING ### | ||
14501 | @@ -1590,7 +1590,7 @@ contents of user*.rules: | ||
14502 | ### LOGGING ### | ||
14503 | -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14504 | -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14505 | --I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14506 | +-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14507 | -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14508 | -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14509 | ### END LOGGING ### | ||
14510 | @@ -1623,7 +1623,7 @@ COMMIT | ||
14511 | ### LOGGING ### | ||
14512 | -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14513 | -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14514 | --I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14515 | +-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 | ||
14516 | -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 | ||
14517 | -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 | ||
14518 | ### END LOGGING ### | ||
14519 | diff --git a/tests/root/valid/result b/tests/root/valid/result | ||
14520 | index 3a493da..320a728 100644 | ||
14521 | --- a/tests/root/valid/result | ||
14522 | +++ b/tests/root/valid/result | ||
14523 | @@ -234,8 +234,8 @@ Rules updated | ||
14524 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14525 | |||
14526 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14527 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14528 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14529 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14530 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14531 | 27: deny 53 | ||
14532 | WARN: Checks disabled | ||
14533 | Rules updated | ||
14534 | @@ -255,8 +255,8 @@ Rules updated | ||
14535 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14536 | |||
14537 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14538 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14539 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14540 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14541 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14542 | 28: allow 80/tcp | ||
14543 | WARN: Checks disabled | ||
14544 | Rules updated | ||
14545 | @@ -276,8 +276,8 @@ Rules updated | ||
14546 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14547 | |||
14548 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14549 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14550 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14551 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14552 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14553 | 29: allow from 10.0.0.0/8 | ||
14554 | WARN: Checks disabled | ||
14555 | Rules updated | ||
14556 | @@ -297,8 +297,8 @@ Rules updated | ||
14557 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14558 | |||
14559 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14560 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14561 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14562 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14563 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14564 | -- | ||
14565 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14566 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14567 | @@ -322,8 +322,8 @@ Rules updated | ||
14568 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14569 | |||
14570 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14571 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14572 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14573 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14574 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14575 | -- | ||
14576 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14577 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14578 | @@ -350,8 +350,8 @@ Rules updated | ||
14579 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14580 | |||
14581 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14582 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14583 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14584 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14585 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14586 | -- | ||
14587 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14588 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14589 | @@ -381,8 +381,8 @@ Rules updated | ||
14590 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14591 | |||
14592 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14593 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14594 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14595 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14596 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14597 | -- | ||
14598 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14599 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14600 | @@ -415,8 +415,8 @@ Rules updated | ||
14601 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14602 | |||
14603 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14604 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14605 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14606 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14607 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14608 | -- | ||
14609 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14610 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14611 | @@ -452,8 +452,8 @@ Rules updated | ||
14612 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
14613 | |||
14614 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14615 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14616 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14617 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14618 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14619 | -- | ||
14620 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
14621 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
14622 | @@ -1173,8 +1173,8 @@ Rules updated | ||
14623 | |||
14624 | |||
14625 | ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in | ||
14626 | --A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14627 | --A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14628 | +-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14629 | +-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14630 | -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept | ||
14631 | |||
14632 | ### END RULES ### | ||
14633 | @@ -1189,8 +1189,8 @@ Rules updated | ||
14634 | |||
14635 | |||
14636 | ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in | ||
14637 | --A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --set | ||
14638 | --A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14639 | +-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14640 | +-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14641 | -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept | ||
14642 | |||
14643 | ### END RULES ### | ||
14644 | @@ -1205,8 +1205,8 @@ Rules updated | ||
14645 | |||
14646 | |||
14647 | ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in | ||
14648 | --A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14649 | --A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14650 | +-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14651 | +-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14652 | -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept | ||
14653 | |||
14654 | ### END RULES ### | ||
14655 | @@ -1221,11 +1221,11 @@ Rules updated | ||
14656 | |||
14657 | |||
14658 | ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in | ||
14659 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14660 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14661 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14662 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14663 | -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
14664 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14665 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14666 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14667 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14668 | 151: delete limit from 192.168.0.1 port 80 | ||
14669 | WARN: Checks disabled | ||
14670 | Rules updated | ||
14671 | @@ -1237,11 +1237,11 @@ Rules updated | ||
14672 | |||
14673 | |||
14674 | ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in | ||
14675 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
14676 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14677 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
14678 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14679 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept | ||
14680 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
14681 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14682 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
14683 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14684 | 153: delete limit to 10.0.0.1 port 25 | ||
14685 | WARN: Checks disabled | ||
14686 | Rules updated | ||
14687 | @@ -1253,11 +1253,11 @@ Rules updated | ||
14688 | |||
14689 | |||
14690 | ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in | ||
14691 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14692 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14693 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14694 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14695 | -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
14696 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14697 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14698 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14699 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14700 | 155: delete limit to 10.0.0.1 from 192.168.0.1 port 80 | ||
14701 | WARN: Checks disabled | ||
14702 | Rules updated | ||
14703 | @@ -1269,11 +1269,11 @@ Rules updated | ||
14704 | |||
14705 | |||
14706 | ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in | ||
14707 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14708 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14709 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14710 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14711 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept | ||
14712 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14713 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14714 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14715 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14716 | 157: delete limit to 10.0.0.1 port 25 from 192.168.0.1 | ||
14717 | WARN: Checks disabled | ||
14718 | Rules updated | ||
14719 | @@ -1285,11 +1285,11 @@ Rules updated | ||
14720 | |||
14721 | |||
14722 | ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in | ||
14723 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14724 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14725 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14726 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14727 | -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept | ||
14728 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14729 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14730 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14731 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14732 | 159: delete limit to 10.0.0.1 port 25 from 192.168.0.1 port 80 | ||
14733 | WARN: Checks disabled | ||
14734 | Rules updated | ||
14735 | @@ -1301,8 +1301,8 @@ Rules updated | ||
14736 | |||
14737 | |||
14738 | ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in | ||
14739 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14740 | --A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14741 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14742 | +-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14743 | 161: delete limit from 192.168.0.1 port 80 proto udp | ||
14744 | WARN: Checks disabled | ||
14745 | Rules updated | ||
14746 | @@ -1314,8 +1314,8 @@ Rules updated | ||
14747 | |||
14748 | |||
14749 | ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in | ||
14750 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
14751 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14752 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
14753 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14754 | 163: delete limit to 10.0.0.1 port 25 proto udp | ||
14755 | WARN: Checks disabled | ||
14756 | Rules updated | ||
14757 | @@ -1327,8 +1327,8 @@ Rules updated | ||
14758 | |||
14759 | |||
14760 | ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in | ||
14761 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14762 | --A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14763 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14764 | +-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14765 | 165: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp | ||
14766 | WARN: Checks disabled | ||
14767 | Rules updated | ||
14768 | @@ -1340,8 +1340,8 @@ Rules updated | ||
14769 | |||
14770 | |||
14771 | ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in | ||
14772 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14773 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14774 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14775 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14776 | 167: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 | ||
14777 | WARN: Checks disabled | ||
14778 | Rules updated | ||
14779 | @@ -1353,8 +1353,8 @@ Rules updated | ||
14780 | |||
14781 | |||
14782 | ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in | ||
14783 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14784 | --A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14785 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14786 | +-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14787 | 169: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 | ||
14788 | WARN: Checks disabled | ||
14789 | Rules updated | ||
14790 | @@ -1366,8 +1366,8 @@ Rules updated | ||
14791 | |||
14792 | |||
14793 | ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in | ||
14794 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14795 | --A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14796 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14797 | +-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14798 | 171: delete limit from 192.168.0.1 port 80 proto tcp | ||
14799 | WARN: Checks disabled | ||
14800 | Rules updated | ||
14801 | @@ -1379,8 +1379,8 @@ Rules updated | ||
14802 | |||
14803 | |||
14804 | ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in | ||
14805 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set | ||
14806 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14807 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set | ||
14808 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14809 | 173: delete limit to 10.0.0.1 port 25 proto tcp | ||
14810 | WARN: Checks disabled | ||
14811 | Rules updated | ||
14812 | @@ -1392,8 +1392,8 @@ Rules updated | ||
14813 | |||
14814 | |||
14815 | ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in | ||
14816 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14817 | --A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14818 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14819 | +-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14820 | 175: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp | ||
14821 | WARN: Checks disabled | ||
14822 | Rules updated | ||
14823 | @@ -1405,8 +1405,8 @@ Rules updated | ||
14824 | |||
14825 | |||
14826 | ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in | ||
14827 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set | ||
14828 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14829 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14830 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14831 | 177: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 | ||
14832 | WARN: Checks disabled | ||
14833 | Rules updated | ||
14834 | @@ -1418,8 +1418,8 @@ Rules updated | ||
14835 | |||
14836 | |||
14837 | ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in | ||
14838 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set | ||
14839 | --A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14840 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
14841 | +-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14842 | 179: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 | ||
14843 | WARN: Checks disabled | ||
14844 | Rules updated | ||
14845 | diff --git a/tests/root/valid6/result b/tests/root/valid6/result | ||
14846 | index dc76378..74fcd86 100644 | ||
14847 | --- a/tests/root/valid6/result | ||
14848 | +++ b/tests/root/valid6/result | ||
14849 | @@ -1670,8 +1670,8 @@ Rules updated | ||
14850 | |||
14851 | |||
14852 | ### tuple ### limit ah any 10.0.0.1 any 0.0.0.0/0 in | ||
14853 | --A ufw-user-input -p ah -d 10.0.0.1 -m state --state NEW -m recent --set | ||
14854 | --A ufw-user-input -p ah -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14855 | +-A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set | ||
14856 | +-A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14857 | 249: delete limit to 10.0.0.1 proto ah | ||
14858 | WARN: Checks disabled | ||
14859 | Rules updated | ||
14860 | diff --git a/tests/root_kern/limit6/result b/tests/root_kern/limit6/result | ||
14861 | index 008d993..7a3a1ad 100644 | ||
14862 | --- a/tests/root_kern/limit6/result | ||
14863 | +++ b/tests/root_kern/limit6/result | ||
14864 | @@ -40,27 +40,27 @@ Anywhere (v6) LIMIT 24/udp | ||
14865 | |||
14866 | |||
14867 | ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
14868 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14869 | --A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14870 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14871 | +-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14872 | -- | ||
14873 | ### tuple ### limit udp any 0.0.0.0/0 24 0.0.0.0/0 in | ||
14874 | --A ufw-user-input -p udp --sport 24 -m state --state NEW -m recent --set | ||
14875 | --A ufw-user-input -p udp --sport 24 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14876 | +-A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set | ||
14877 | +-A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14878 | -- | ||
14879 | ### tuple ### limit any 23 0.0.0.0/0 any 0.0.0.0/0 in_eth1 | ||
14880 | --A ufw-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --set | ||
14881 | --A ufw-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14882 | +-A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14883 | +-A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
14884 | ### tuple ### limit tcp 22 ::/0 any ::/0 in | ||
14885 | --A ufw6-user-input -p tcp --dport 22 -m state --state NEW -m recent --set | ||
14886 | --A ufw6-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14887 | +-A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
14888 | +-A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14889 | -- | ||
14890 | ### tuple ### limit udp any ::/0 24 ::/0 in | ||
14891 | --A ufw6-user-input -p udp --sport 24 -m state --state NEW -m recent --set | ||
14892 | --A ufw6-user-input -p udp --sport 24 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14893 | +-A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set | ||
14894 | +-A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14895 | -- | ||
14896 | ### tuple ### limit any 23 ::/0 any ::/0 in_eth1 | ||
14897 | --A ufw6-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --set | ||
14898 | --A ufw6-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14899 | +-A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set | ||
14900 | +-A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit | ||
14901 | TESTING ARGS (delete allow/deny to/from) | ||
14902 | 6: delete limit 22/tcp | ||
14903 | WARN: Checks disabled | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch b/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch new file mode 100644 index 000000000..4184e33f4 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch | |||
@@ -0,0 +1,93 @@ | |||
1 | support ./setup.py build (LP: #819600) | ||
2 | |||
3 | Written by Jamie Strandboge <jamie@canonical.com> | ||
4 | |||
5 | The patch was imported from git://git.launchpad.net/ufw | ||
6 | commit id 10dc74cdc0948e4038d2921e7428cbf2896df98c | ||
7 | |||
8 | Removed ChangeLog patch due to backport status of this patch. | ||
9 | Modified for statement to match the one in 0.33 setup.py | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
13 | |||
14 | diff --git a/setup.py b/setup.py | ||
15 | index 730c568..4e1ec9a 100644 | ||
16 | --- a/setup.py | ||
17 | +++ b/setup.py | ||
18 | @@ -64,37 +64,44 @@ class Install(_install, object): | ||
19 | real_sharedir = os.path.join(real_prefix, 'share', 'ufw') | ||
20 | |||
21 | # Update the modules' paths | ||
22 | - for file in [ 'common.py', 'util.py' ]: | ||
23 | - print("Updating " + file) | ||
24 | - subprocess.call(["sed", | ||
25 | - "-i", | ||
26 | - "s%#CONFIG_PREFIX#%" + real_confdir + "%g", | ||
27 | - os.path.join('staging', file)]) | ||
28 | - | ||
29 | - subprocess.call(["sed", | ||
30 | - "-i", | ||
31 | - "s%#STATE_PREFIX#%" + real_statedir + "%g", | ||
32 | - os.path.join('staging', file)]) | ||
33 | - | ||
34 | - subprocess.call(["sed", | ||
35 | - "-i", | ||
36 | - "s%#PREFIX#%" + real_prefix + "%g", | ||
37 | - os.path.join('staging', file)]) | ||
38 | - | ||
39 | - subprocess.call(["sed", | ||
40 | - "-i", | ||
41 | - "s%#IPTABLES_DIR#%" + iptables_dir + "%g", | ||
42 | - os.path.join('staging', file)]) | ||
43 | - | ||
44 | - subprocess.call(["sed", | ||
45 | - "-i", | ||
46 | - "s%#SHARE_DIR#%" + real_sharedir + "%g", | ||
47 | - os.path.join('staging', file)]) | ||
48 | - | ||
49 | - subprocess.call(["sed", | ||
50 | - "-i.jjm", | ||
51 | - "s%/sbin/iptables%" + iptables_exe + "%g", | ||
52 | - os.path.join('staging', file)]) | ||
53 | + for fn in [ 'common.py', 'util.py' ]: | ||
54 | + # 'staging' is used with just 'install' but build_lib is used when | ||
55 | + # using 'build'. We could probably override 'def build()' but this | ||
56 | + # at least works | ||
57 | + for d in [os.path.join(self.build_lib, "ufw"), 'staging']: | ||
58 | + f = os.path.join(d, fn) | ||
59 | + if not os.path.exists(f): | ||
60 | + continue | ||
61 | + print("Updating " + f) | ||
62 | + subprocess.call(["sed", | ||
63 | + "-i", | ||
64 | + "s%#CONFIG_PREFIX#%" + real_confdir + "%g", | ||
65 | + f]) | ||
66 | + | ||
67 | + subprocess.call(["sed", | ||
68 | + "-i", | ||
69 | + "s%#STATE_PREFIX#%" + real_statedir + "%g", | ||
70 | + f]) | ||
71 | + | ||
72 | + subprocess.call(["sed", | ||
73 | + "-i", | ||
74 | + "s%#PREFIX#%" + real_prefix + "%g", | ||
75 | + f]) | ||
76 | + | ||
77 | + subprocess.call(["sed", | ||
78 | + "-i", | ||
79 | + "s%#IPTABLES_DIR#%" + iptables_dir + "%g", | ||
80 | + f]) | ||
81 | + | ||
82 | + subprocess.call(["sed", | ||
83 | + "-i", | ||
84 | + "s%#SHARE_DIR#%" + real_sharedir + "%g", | ||
85 | + f]) | ||
86 | + | ||
87 | + subprocess.call(["sed", | ||
88 | + "-i.jjm", | ||
89 | + "s%/sbin/iptables%" + iptables_exe + "%g", | ||
90 | + f]) | ||
91 | |||
92 | # Now byte-compile everything | ||
93 | super(Install, self).run() | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch b/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch new file mode 100644 index 000000000..5f9e68df8 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch | |||
@@ -0,0 +1,2895 @@ | |||
1 | adjust runtime tests to use daytime/port 13 instead of ssh/port 22 everywhere | ||
2 | |||
3 | and adjust to use daytime/port 13 instead of http/port 80 and https/port 443 in | ||
4 | good/logging and ipv6/bad_args6 (Closes: 849628) | ||
5 | |||
6 | Patch from git://git.launchpad.net/ufw | ||
7 | Commit f1ecc2475f8612f1ea87bd43a088d39009145dd8 | ||
8 | |||
9 | Written by Jamie Strandboge <jamie@ubuntu.com> | ||
10 | |||
11 | Removed code not present (tests/live_route). | ||
12 | Omitted result output that did not seem to change. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
16 | |||
17 | diff --git a/tests/root/bugs/result b/tests/root/bugs/result | ||
18 | index 34bee1a..d1fab59 100644 | ||
19 | --- a/tests/root/bugs/result | ||
20 | +++ b/tests/root/bugs/result | ||
21 | @@ -94,7 +94,7 @@ Could not delete non-existent rule | ||
22 | |||
23 | |||
24 | iptables -L -n: | ||
25 | -ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* 'dapp_Apache' */ | ||
26 | +ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* 'dapp_Apache' */ | ||
27 | |||
28 | Chain ufw-user-limit (0 references) | ||
29 | 10: delete allow Apache | ||
30 | @@ -254,7 +254,7 @@ WARN: Checks disabled | ||
31 | Status: active | ||
32 | |||
33 | |||
34 | -37: delete allow 22 | ||
35 | +37: delete allow 13 | ||
36 | WARN: Checks disabled | ||
37 | Could not delete non-existent rule | ||
38 | Could not delete non-existent rule (v6) | ||
39 | @@ -266,7 +266,7 @@ Could not delete non-existent rule | ||
40 | Could not delete non-existent rule (v6) | ||
41 | |||
42 | |||
43 | -39: delete allow to 127.0.0.1 port 22 | ||
44 | +39: delete allow to 127.0.0.1 port 13 | ||
45 | WARN: Checks disabled | ||
46 | Could not delete non-existent rule | ||
47 | |||
48 | @@ -276,7 +276,7 @@ WARN: Checks disabled | ||
49 | Could not delete non-existent rule | ||
50 | |||
51 | |||
52 | -41: delete allow to ::1 port 22 | ||
53 | +41: delete allow to ::1 port 13 | ||
54 | WARN: Checks disabled | ||
55 | Could not delete non-existent rule (v6) | ||
56 | |||
57 | diff --git a/tests/root/bugs/runtest.sh b/tests/root/bugs/runtest.sh | ||
58 | index 0c4db9b..4bd68d7 100755 | ||
59 | --- a/tests/root/bugs/runtest.sh | ||
60 | +++ b/tests/root/bugs/runtest.sh | ||
61 | @@ -93,11 +93,11 @@ sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw | ||
62 | do_cmd "0" nostats disable | ||
63 | do_cmd "0" nostats enable | ||
64 | do_cmd "0" status | ||
65 | -do_cmd "0" delete allow 22 | ||
66 | +do_cmd "0" delete allow 13 | ||
67 | do_cmd "0" delete allow Apache | ||
68 | -do_cmd "0" delete allow to 127.0.0.1 port 22 | ||
69 | +do_cmd "0" delete allow to 127.0.0.1 port 13 | ||
70 | do_cmd "0" delete allow to 127.0.0.1 app Apache | ||
71 | -do_cmd "0" delete allow to ::1 port 22 | ||
72 | +do_cmd "0" delete allow to ::1 port 13 | ||
73 | do_cmd "0" delete allow to ::1 app Apache | ||
74 | do_cmd "0" status | ||
75 | |||
76 | diff --git a/tests/root/live/result b/tests/root/live/result | ||
77 | index 7b183c5..e862327 100644 | ||
78 | --- a/tests/root/live/result | ||
79 | +++ b/tests/root/live/result | ||
80 | @@ -71,7 +71,7 @@ WARN: Checks disabled | ||
81 | Rule added | ||
82 | |||
83 | |||
84 | -14: limit 22/tcp | ||
85 | +14: limit 13/tcp | ||
86 | WARN: Checks disabled | ||
87 | Rule added | ||
88 | Skipping unsupported IPv6 'limit' rule | ||
89 | @@ -103,7 +103,7 @@ Anywhere ALLOW 172.16.0.0/12 | ||
90 | Anywhere ALLOW 192.168.0.0/16 | ||
91 | 514/udp DENY 1.2.3.4 | ||
92 | 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp | ||
93 | -22/tcp LIMIT Anywhere | ||
94 | +13/tcp LIMIT Anywhere | ||
95 | 53 ALLOW Anywhere (v6) | ||
96 | 23/tcp ALLOW Anywhere (v6) | ||
97 | 25/tcp ALLOW Anywhere (v6) | ||
98 | @@ -144,9 +144,9 @@ Anywhere ALLOW 192.168.0.0/16 | ||
99 | ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in | ||
100 | -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT | ||
101 | |||
102 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
103 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
104 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
105 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
106 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
107 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
108 | ### tuple ### allow any 53 ::/0 any ::/0 in | ||
109 | -A ufw6-user-input -p tcp --dport 53 -j ACCEPT | ||
110 | -A ufw6-user-input -p udp --dport 53 -j ACCEPT | ||
111 | @@ -221,7 +221,7 @@ WARN: Checks disabled | ||
112 | Rule deleted | ||
113 | |||
114 | |||
115 | -28: delete limit 22/tcp | ||
116 | +28: delete limit 13/tcp | ||
117 | WARN: Checks disabled | ||
118 | Rule deleted | ||
119 | Skipping unsupported IPv6 'limit' rule | ||
120 | @@ -311,7 +311,7 @@ WARN: Checks disabled | ||
121 | Rule added | ||
122 | |||
123 | |||
124 | -46: limit 22/tcp | ||
125 | +46: limit 13/tcp | ||
126 | WARN: Checks disabled | ||
127 | Rule added | ||
128 | |||
129 | @@ -332,7 +332,7 @@ Anywhere ALLOW 172.16.0.0/12 | ||
130 | Anywhere ALLOW 192.168.0.0/16 | ||
131 | 514/udp DENY 1.2.3.4 | ||
132 | 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp | ||
133 | -22/tcp LIMIT Anywhere | ||
134 | +13/tcp LIMIT Anywhere | ||
135 | |||
136 | |||
137 | |||
138 | @@ -367,9 +367,9 @@ Anywhere ALLOW 192.168.0.0/16 | ||
139 | ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in | ||
140 | -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT | ||
141 | |||
142 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
143 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
144 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
145 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
146 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
147 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
148 | TESTING ARGS (delete allow/deny to/from) | ||
149 | 48: delete allow 53 | ||
150 | WARN: Checks disabled | ||
151 | @@ -421,7 +421,7 @@ WARN: Checks disabled | ||
152 | Rule deleted | ||
153 | |||
154 | |||
155 | -58: delete limit 22/tcp | ||
156 | +58: delete limit 13/tcp | ||
157 | WARN: Checks disabled | ||
158 | Rule deleted | ||
159 | |||
160 | @@ -667,7 +667,7 @@ WARN: Checks disabled | ||
161 | Rule added | ||
162 | |||
163 | |||
164 | -99: limit 22/tcp | ||
165 | +99: limit 13/tcp | ||
166 | WARN: Checks disabled | ||
167 | Rule added | ||
168 | Skipping unsupported IPv6 'limit' rule | ||
169 | @@ -699,7 +699,7 @@ Status: active | ||
170 | [ 8] Anywhere ALLOW IN 192.168.0.0/16 | ||
171 | [ 9] 514/udp DENY IN 1.2.3.4 | ||
172 | [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp | ||
173 | -[11] 22/tcp LIMIT IN Anywhere | ||
174 | +[11] 13/tcp LIMIT IN Anywhere | ||
175 | [12] 53 ALLOW IN Anywhere (v6) | ||
176 | [13] 23/tcp ALLOW IN Anywhere (v6) | ||
177 | [14] 25/tcp ALLOW IN Anywhere (v6) | ||
178 | @@ -763,7 +763,7 @@ WARN: Checks disabled | ||
179 | Rule deleted | ||
180 | |||
181 | |||
182 | -113: delete limit 22/tcp | ||
183 | +113: delete limit 13/tcp | ||
184 | WARN: Checks disabled | ||
185 | Rule deleted | ||
186 | Skipping unsupported IPv6 'limit' rule | ||
187 | @@ -841,7 +841,7 @@ WARN: Checks disabled | ||
188 | Rule added | ||
189 | |||
190 | |||
191 | -129: limit 22/tcp | ||
192 | +129: limit 13/tcp | ||
193 | WARN: Checks disabled | ||
194 | Rule added | ||
195 | |||
196 | @@ -862,7 +862,7 @@ Status: active | ||
197 | [ 8] Anywhere ALLOW IN 192.168.0.0/16 | ||
198 | [ 9] 514/udp DENY IN 1.2.3.4 | ||
199 | [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp | ||
200 | -[11] 22/tcp LIMIT IN Anywhere | ||
201 | +[11] 13/tcp LIMIT IN Anywhere | ||
202 | |||
203 | |||
204 | |||
205 | @@ -916,7 +916,7 @@ WARN: Checks disabled | ||
206 | Rule deleted | ||
207 | |||
208 | |||
209 | -141: delete limit 22/tcp | ||
210 | +141: delete limit 13/tcp | ||
211 | WARN: Checks disabled | ||
212 | Rule deleted | ||
213 | |||
214 | @@ -943,7 +943,7 @@ Rule added (v6) | ||
215 | 146: deny in on eth1:1 | ||
216 | |||
217 | |||
218 | -147: reject in on eth1 to 192.168.0.1 port 22 | ||
219 | +147: reject in on eth1 to 192.168.0.1 port 13 | ||
220 | WARN: Checks disabled | ||
221 | Rule added | ||
222 | |||
223 | @@ -958,7 +958,7 @@ WARN: Checks disabled | ||
224 | Rule added | ||
225 | |||
226 | |||
227 | -150: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
228 | +150: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
229 | WARN: Checks disabled | ||
230 | Rule added | ||
231 | |||
232 | @@ -968,7 +968,7 @@ WARN: Checks disabled | ||
233 | Rule added | ||
234 | |||
235 | |||
236 | -152: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
237 | +152: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
238 | WARN: Checks disabled | ||
239 | Rule added | ||
240 | |||
241 | @@ -1002,12 +1002,12 @@ Status: active | ||
242 | To Action From | ||
243 | -- ------ ---- | ||
244 | [ 1] Anywhere on eth1 ALLOW IN Anywhere | ||
245 | -[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere | ||
246 | +[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere | ||
247 | [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 | ||
248 | [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 | ||
249 | -[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 | ||
250 | +[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 | ||
251 | [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 | ||
252 | -[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 | ||
253 | +[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 | ||
254 | [ 8] Anywhere on eth0 ALLOW IN Anywhere (log) | ||
255 | [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) | ||
256 | [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) | ||
257 | @@ -1031,12 +1031,12 @@ Status: active | ||
258 | To Action From | ||
259 | -- ------ ---- | ||
260 | [ 1] Anywhere on eth1 ALLOW IN Anywhere | ||
261 | -[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere | ||
262 | +[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere | ||
263 | [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 | ||
264 | [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 | ||
265 | -[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 | ||
266 | +[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 | ||
267 | [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 | ||
268 | -[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 | ||
269 | +[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 | ||
270 | [ 8] Samba on eth2 ALLOW IN Anywhere | ||
271 | [ 9] Anywhere on eth0 ALLOW IN Anywhere (log) | ||
272 | [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) | ||
273 | @@ -1052,9 +1052,9 @@ Status: active | ||
274 | ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 | ||
275 | -A ufw-user-input -i eth1 -j ACCEPT | ||
276 | |||
277 | -### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1 | ||
278 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset | ||
279 | --A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
280 | +### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1 | ||
281 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset | ||
282 | +-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT | ||
283 | -- | ||
284 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 | ||
285 | -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
286 | @@ -1063,17 +1063,17 @@ Status: active | ||
287 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 | ||
288 | -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
289 | |||
290 | -### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1 | ||
291 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
292 | --A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
293 | +### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1 | ||
294 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
295 | +-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
296 | -- | ||
297 | ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 | ||
298 | -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset | ||
299 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
300 | -- | ||
301 | -### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 | ||
302 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
303 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
304 | +### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1 | ||
305 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
306 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
307 | -- | ||
308 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 | ||
309 | -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
310 | @@ -1124,7 +1124,7 @@ Rule deleted | ||
311 | Rule deleted (v6) | ||
312 | |||
313 | |||
314 | -161: delete reject in on eth1 to 192.168.0.1 port 22 | ||
315 | +161: delete reject in on eth1 to 192.168.0.1 port 13 | ||
316 | WARN: Checks disabled | ||
317 | Rule deleted | ||
318 | |||
319 | @@ -1139,7 +1139,7 @@ WARN: Checks disabled | ||
320 | Rule deleted | ||
321 | |||
322 | |||
323 | -164: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
324 | +164: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
325 | WARN: Checks disabled | ||
326 | Rule deleted | ||
327 | |||
328 | @@ -1149,7 +1149,7 @@ WARN: Checks disabled | ||
329 | Rule deleted | ||
330 | |||
331 | |||
332 | -166: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
333 | +166: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
334 | WARN: Checks disabled | ||
335 | Rule deleted | ||
336 | |||
337 | @@ -1198,7 +1198,7 @@ Rule added (v6) | ||
338 | 175: deny out on eth1:1 | ||
339 | |||
340 | |||
341 | -176: reject out on eth1 to 192.168.0.1 port 22 | ||
342 | +176: reject out on eth1 to 192.168.0.1 port 13 | ||
343 | WARN: Checks disabled | ||
344 | Rule added | ||
345 | |||
346 | @@ -1213,7 +1213,7 @@ WARN: Checks disabled | ||
347 | Rule added | ||
348 | |||
349 | |||
350 | -179: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
351 | +179: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
352 | WARN: Checks disabled | ||
353 | Rule added | ||
354 | |||
355 | @@ -1223,7 +1223,7 @@ WARN: Checks disabled | ||
356 | Rule added | ||
357 | |||
358 | |||
359 | -181: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
360 | +181: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
361 | WARN: Checks disabled | ||
362 | Rule added | ||
363 | |||
364 | @@ -1257,12 +1257,12 @@ Status: active | ||
365 | To Action From | ||
366 | -- ------ ---- | ||
367 | [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) | ||
368 | -[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) | ||
369 | +[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) | ||
370 | [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
371 | [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) | ||
372 | -[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) | ||
373 | +[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) | ||
374 | [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) | ||
375 | -[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
376 | +[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
377 | [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) | ||
378 | [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) | ||
379 | [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) | ||
380 | @@ -1286,12 +1286,12 @@ Status: active | ||
381 | To Action From | ||
382 | -- ------ ---- | ||
383 | [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) | ||
384 | -[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) | ||
385 | +[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) | ||
386 | [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
387 | [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) | ||
388 | -[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) | ||
389 | +[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) | ||
390 | [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) | ||
391 | -[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
392 | +[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
393 | [ 8] Samba ALLOW OUT Anywhere on eth2 (out) | ||
394 | [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) | ||
395 | [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) | ||
396 | @@ -1307,9 +1307,9 @@ Status: active | ||
397 | ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 | ||
398 | -A ufw-user-output -o eth1 -j ACCEPT | ||
399 | |||
400 | -### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1 | ||
401 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset | ||
402 | --A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
403 | +### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1 | ||
404 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset | ||
405 | +-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT | ||
406 | -- | ||
407 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 | ||
408 | -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
409 | @@ -1318,17 +1318,17 @@ Status: active | ||
410 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 | ||
411 | -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
412 | |||
413 | -### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1 | ||
414 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
415 | --A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
416 | +### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1 | ||
417 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
418 | +-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
419 | -- | ||
420 | ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 | ||
421 | -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset | ||
422 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
423 | -- | ||
424 | -### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 | ||
425 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
426 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
427 | +### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1 | ||
428 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
429 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
430 | -- | ||
431 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 | ||
432 | -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
433 | @@ -1379,7 +1379,7 @@ Rule deleted | ||
434 | Rule deleted (v6) | ||
435 | |||
436 | |||
437 | -190: delete reject out on eth1 to 192.168.0.1 port 22 | ||
438 | +190: delete reject out on eth1 to 192.168.0.1 port 13 | ||
439 | WARN: Checks disabled | ||
440 | Rule deleted | ||
441 | |||
442 | @@ -1394,7 +1394,7 @@ WARN: Checks disabled | ||
443 | Rule deleted | ||
444 | |||
445 | |||
446 | -193: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
447 | +193: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
448 | WARN: Checks disabled | ||
449 | Rule deleted | ||
450 | |||
451 | @@ -1404,7 +1404,7 @@ WARN: Checks disabled | ||
452 | Rule deleted | ||
453 | |||
454 | |||
455 | -195: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
456 | +195: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
457 | WARN: Checks disabled | ||
458 | Rule deleted | ||
459 | |||
460 | @@ -1452,7 +1452,7 @@ Rule added | ||
461 | 204: deny in on eth1:1 | ||
462 | |||
463 | |||
464 | -205: reject in on eth1 to 192.168.0.1 port 22 | ||
465 | +205: reject in on eth1 to 192.168.0.1 port 13 | ||
466 | WARN: Checks disabled | ||
467 | Rule added | ||
468 | |||
469 | @@ -1467,7 +1467,7 @@ WARN: Checks disabled | ||
470 | Rule added | ||
471 | |||
472 | |||
473 | -208: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
474 | +208: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
475 | WARN: Checks disabled | ||
476 | Rule added | ||
477 | |||
478 | @@ -1477,7 +1477,7 @@ WARN: Checks disabled | ||
479 | Rule added | ||
480 | |||
481 | |||
482 | -210: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
483 | +210: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
484 | WARN: Checks disabled | ||
485 | Rule added | ||
486 | |||
487 | @@ -1509,12 +1509,12 @@ Status: active | ||
488 | To Action From | ||
489 | -- ------ ---- | ||
490 | [ 1] Anywhere on eth1 ALLOW IN Anywhere | ||
491 | -[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere | ||
492 | +[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere | ||
493 | [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 | ||
494 | [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 | ||
495 | -[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 | ||
496 | +[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 | ||
497 | [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 | ||
498 | -[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 | ||
499 | +[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 | ||
500 | [ 8] Anywhere on eth0 ALLOW IN Anywhere (log) | ||
501 | [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) | ||
502 | [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) | ||
503 | @@ -1534,12 +1534,12 @@ Status: active | ||
504 | To Action From | ||
505 | -- ------ ---- | ||
506 | [ 1] Anywhere on eth1 ALLOW IN Anywhere | ||
507 | -[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere | ||
508 | +[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere | ||
509 | [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 | ||
510 | [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 | ||
511 | -[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1 | ||
512 | +[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 | ||
513 | [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 | ||
514 | -[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80 | ||
515 | +[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 | ||
516 | [ 8] Samba on eth2 ALLOW IN Anywhere | ||
517 | [ 9] Anywhere on eth0 ALLOW IN Anywhere (log) | ||
518 | [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) | ||
519 | @@ -1551,9 +1551,9 @@ Status: active | ||
520 | ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 | ||
521 | -A ufw-user-input -i eth1 -j ACCEPT | ||
522 | |||
523 | -### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1 | ||
524 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset | ||
525 | --A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
526 | +### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1 | ||
527 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset | ||
528 | +-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT | ||
529 | -- | ||
530 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 | ||
531 | -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
532 | @@ -1562,17 +1562,17 @@ Status: active | ||
533 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 | ||
534 | -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
535 | |||
536 | -### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1 | ||
537 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
538 | --A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
539 | +### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1 | ||
540 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
541 | +-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
542 | -- | ||
543 | ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 | ||
544 | -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset | ||
545 | -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
546 | -- | ||
547 | -### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1 | ||
548 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
549 | --A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
550 | +### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1 | ||
551 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
552 | +-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
553 | -- | ||
554 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 | ||
555 | -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
556 | @@ -1603,7 +1603,7 @@ WARN: Checks disabled | ||
557 | Rule deleted | ||
558 | |||
559 | |||
560 | -219: delete reject in on eth1 to 192.168.0.1 port 22 | ||
561 | +219: delete reject in on eth1 to 192.168.0.1 port 13 | ||
562 | WARN: Checks disabled | ||
563 | Rule deleted | ||
564 | |||
565 | @@ -1618,7 +1618,7 @@ WARN: Checks disabled | ||
566 | Rule deleted | ||
567 | |||
568 | |||
569 | -222: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
570 | +222: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
571 | WARN: Checks disabled | ||
572 | Rule deleted | ||
573 | |||
574 | @@ -1628,7 +1628,7 @@ WARN: Checks disabled | ||
575 | Rule deleted | ||
576 | |||
577 | |||
578 | -224: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
579 | +224: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
580 | WARN: Checks disabled | ||
581 | Rule deleted | ||
582 | |||
583 | @@ -1673,7 +1673,7 @@ Rule added | ||
584 | 233: deny out on eth1:1 | ||
585 | |||
586 | |||
587 | -234: reject out on eth1 to 192.168.0.1 port 22 | ||
588 | +234: reject out on eth1 to 192.168.0.1 port 13 | ||
589 | WARN: Checks disabled | ||
590 | Rule added | ||
591 | |||
592 | @@ -1688,7 +1688,7 @@ WARN: Checks disabled | ||
593 | Rule added | ||
594 | |||
595 | |||
596 | -237: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
597 | +237: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
598 | WARN: Checks disabled | ||
599 | Rule added | ||
600 | |||
601 | @@ -1698,7 +1698,7 @@ WARN: Checks disabled | ||
602 | Rule added | ||
603 | |||
604 | |||
605 | -239: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
606 | +239: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
607 | WARN: Checks disabled | ||
608 | Rule added | ||
609 | |||
610 | @@ -1730,12 +1730,12 @@ Status: active | ||
611 | To Action From | ||
612 | -- ------ ---- | ||
613 | [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) | ||
614 | -[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) | ||
615 | +[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) | ||
616 | [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
617 | [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) | ||
618 | -[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) | ||
619 | +[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) | ||
620 | [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) | ||
621 | -[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
622 | +[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
623 | [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) | ||
624 | [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) | ||
625 | [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) | ||
626 | @@ -1755,12 +1755,12 @@ Status: active | ||
627 | To Action From | ||
628 | -- ------ ---- | ||
629 | [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) | ||
630 | -[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out) | ||
631 | +[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) | ||
632 | [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
633 | [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) | ||
634 | -[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out) | ||
635 | +[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) | ||
636 | [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) | ||
637 | -[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
638 | +[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) | ||
639 | [ 8] Samba ALLOW OUT Anywhere on eth2 (out) | ||
640 | [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) | ||
641 | [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) | ||
642 | @@ -1772,9 +1772,9 @@ Status: active | ||
643 | ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 | ||
644 | -A ufw-user-output -o eth1 -j ACCEPT | ||
645 | |||
646 | -### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1 | ||
647 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset | ||
648 | --A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT | ||
649 | +### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1 | ||
650 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset | ||
651 | +-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT | ||
652 | -- | ||
653 | ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 | ||
654 | -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
655 | @@ -1783,17 +1783,17 @@ Status: active | ||
656 | ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 | ||
657 | -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT | ||
658 | |||
659 | -### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1 | ||
660 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
661 | --A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP | ||
662 | +### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1 | ||
663 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
664 | +-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP | ||
665 | -- | ||
666 | ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 | ||
667 | -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset | ||
668 | -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT | ||
669 | -- | ||
670 | -### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1 | ||
671 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
672 | --A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
673 | +### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1 | ||
674 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set | ||
675 | +-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
676 | -- | ||
677 | ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 | ||
678 | -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
679 | @@ -1824,7 +1824,7 @@ WARN: Checks disabled | ||
680 | Rule deleted | ||
681 | |||
682 | |||
683 | -248: delete reject out on eth1 to 192.168.0.1 port 22 | ||
684 | +248: delete reject out on eth1 to 192.168.0.1 port 13 | ||
685 | WARN: Checks disabled | ||
686 | Rule deleted | ||
687 | |||
688 | @@ -1839,7 +1839,7 @@ WARN: Checks disabled | ||
689 | Rule deleted | ||
690 | |||
691 | |||
692 | -251: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
693 | +251: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
694 | WARN: Checks disabled | ||
695 | Rule deleted | ||
696 | |||
697 | @@ -1849,7 +1849,7 @@ WARN: Checks disabled | ||
698 | Rule deleted | ||
699 | |||
700 | |||
701 | -253: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
702 | +253: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
703 | WARN: Checks disabled | ||
704 | Rule deleted | ||
705 | |||
706 | @@ -2591,7 +2591,7 @@ Verify secondary chains | ||
707 | 494: disable | ||
708 | |||
709 | |||
710 | -495: allow 22/tcp | ||
711 | +495: allow 13/tcp | ||
712 | |||
713 | |||
714 | 496: enable | ||
715 | @@ -2675,7 +2675,7 @@ Verify secondary chains | ||
716 | 522: enable | ||
717 | |||
718 | |||
719 | -523: delete allow 22/tcp | ||
720 | +523: delete allow 13/tcp | ||
721 | |||
722 | |||
723 | Reset test | ||
724 | @@ -3033,7 +3033,7 @@ Setting IPV6 to yes | ||
725 | 588: enable | ||
726 | |||
727 | |||
728 | -589: limit 22/tcp | ||
729 | +589: limit 13/tcp | ||
730 | |||
731 | |||
732 | 590: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp | ||
733 | @@ -3045,12 +3045,12 @@ Setting IPV6 to yes | ||
734 | 592: show added | ||
735 | WARN: Checks disabled | ||
736 | Added user rules (see 'ufw status' for running firewall): | ||
737 | -ufw limit 22/tcp | ||
738 | +ufw limit 13/tcp | ||
739 | ufw deny Samba | ||
740 | ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp | ||
741 | |||
742 | |||
743 | -593: delete limit 22/tcp | ||
744 | +593: delete limit 13/tcp | ||
745 | |||
746 | |||
747 | 594: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp | ||
748 | @@ -3072,7 +3072,7 @@ Setting IPV6 to no | ||
749 | 598: enable | ||
750 | |||
751 | |||
752 | -599: limit 22/tcp | ||
753 | +599: limit 13/tcp | ||
754 | |||
755 | |||
756 | 600: deny Samba | ||
757 | @@ -3081,11 +3081,11 @@ Setting IPV6 to no | ||
758 | 601: show added | ||
759 | WARN: Checks disabled | ||
760 | Added user rules (see 'ufw status' for running firewall): | ||
761 | -ufw limit 22/tcp | ||
762 | +ufw limit 13/tcp | ||
763 | ufw deny Samba | ||
764 | |||
765 | |||
766 | -602: delete limit 22/tcp | ||
767 | +602: delete limit 13/tcp | ||
768 | |||
769 | |||
770 | 603: delete deny Samba | ||
771 | diff --git a/tests/root/live/runtest.sh b/tests/root/live/runtest.sh | ||
772 | index 3dd4e35..228e3e6 100755 | ||
773 | --- a/tests/root/live/runtest.sh | ||
774 | +++ b/tests/root/live/runtest.sh | ||
775 | @@ -43,7 +43,7 @@ do | ||
776 | do_cmd "0" allow from 192.168.0.0/16 | ||
777 | do_cmd "0" deny proto udp from 1.2.3.4 to any port 514 | ||
778 | do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 | ||
779 | - do_cmd "0" limit 22/tcp | ||
780 | + do_cmd "0" limit 13/tcp | ||
781 | if [ "$ipv6" = "yes" ]; then | ||
782 | do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25 | ||
783 | do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 | ||
784 | @@ -63,7 +63,7 @@ do | ||
785 | do_cmd "0" delete allow from 192.168.0.0/16 | ||
786 | do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514 | ||
787 | do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 | ||
788 | - do_cmd "0" delete limit 22/tcp | ||
789 | + do_cmd "0" delete limit 13/tcp | ||
790 | if [ "$ipv6" = "yes" ]; then | ||
791 | do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25 | ||
792 | do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 | ||
793 | @@ -132,7 +132,7 @@ do | ||
794 | do_cmd "0" allow from 192.168.0.0/16 | ||
795 | do_cmd "0" deny proto udp from 1.2.3.4 to any port 514 | ||
796 | do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 | ||
797 | - do_cmd "0" limit 22/tcp | ||
798 | + do_cmd "0" limit 13/tcp | ||
799 | if [ "$ipv6" = "yes" ]; then | ||
800 | do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25 | ||
801 | do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 | ||
802 | @@ -149,7 +149,7 @@ do | ||
803 | do_cmd "0" delete allow from 192.168.0.0/16 | ||
804 | do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514 | ||
805 | do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 | ||
806 | - do_cmd "0" delete limit 22/tcp | ||
807 | + do_cmd "0" delete limit 13/tcp | ||
808 | if [ "$ipv6" = "yes" ]; then | ||
809 | do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25 | ||
810 | do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 | ||
811 | @@ -168,12 +168,12 @@ do | ||
812 | |||
813 | do_cmd "0" allow $i on eth1 | ||
814 | do_cmd "1" null deny $i on eth1:1 | ||
815 | - do_cmd "0" reject $i on eth1 to 192.168.0.1 port 22 | ||
816 | + do_cmd "0" reject $i on eth1 to 192.168.0.1 port 13 | ||
817 | do_cmd "0" limit $i on eth1 from 10.0.0.1 port 80 | ||
818 | do_cmd "0" allow $i on eth1 to 192.168.0.1 from 10.0.0.1 | ||
819 | - do_cmd "0" deny $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
820 | + do_cmd "0" deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
821 | do_cmd "0" reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80 | ||
822 | - do_cmd "0" limit $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
823 | + do_cmd "0" limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
824 | |||
825 | do_cmd "0" allow $i on eth0 log | ||
826 | do_cmd "0" allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp | ||
827 | @@ -189,12 +189,12 @@ do | ||
828 | |||
829 | # delete what we added | ||
830 | do_cmd "0" delete allow $i on eth1 | ||
831 | - do_cmd "0" delete reject $i on eth1 to 192.168.0.1 port 22 | ||
832 | + do_cmd "0" delete reject $i on eth1 to 192.168.0.1 port 13 | ||
833 | do_cmd "0" delete limit $i on eth1 from 10.0.0.1 port 80 | ||
834 | do_cmd "0" delete allow $i on eth1 to 192.168.0.1 from 10.0.0.1 | ||
835 | - do_cmd "0" delete deny $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 | ||
836 | + do_cmd "0" delete deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 | ||
837 | do_cmd "0" delete reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80 | ||
838 | - do_cmd "0" delete limit $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80 | ||
839 | + do_cmd "0" delete limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 | ||
840 | |||
841 | do_cmd "0" delete allow $i on eth0 log | ||
842 | do_cmd "0" delete allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp | ||
843 | @@ -312,7 +312,7 @@ do_cmd "0" nostats disable | ||
844 | echo "'Resource temporarily unavailable' test" >> $TESTTMP/result | ||
845 | do_cmd "0" nostats disable | ||
846 | $TESTSTATE/ufw-init flush-all >/dev/null | ||
847 | -do_cmd "0" nostats allow 22/tcp | ||
848 | +do_cmd "0" nostats allow 13/tcp | ||
849 | do_cmd "0" nostats enable | ||
850 | $TESTSTATE/ufw-init stop >/dev/null | ||
851 | for i in `seq 1 25`; do | ||
852 | @@ -327,7 +327,7 @@ for i in `seq 1 25`; do | ||
853 | let count=count+1 | ||
854 | done | ||
855 | do_cmd "0" nostats enable | ||
856 | -do_cmd "0" nostats delete allow 22/tcp | ||
857 | +do_cmd "0" nostats delete allow 13/tcp | ||
858 | |||
859 | echo "Reset test" >> $TESTTMP/result | ||
860 | do_cmd "0" nostats enable | ||
861 | @@ -445,13 +445,13 @@ do | ||
862 | sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw | ||
863 | do_cmd "0" nostats disable | ||
864 | do_cmd "0" nostats enable | ||
865 | - do_cmd "0" nostats limit 22/tcp | ||
866 | + do_cmd "0" nostats limit 13/tcp | ||
867 | if [ "$ipv6" = "yes" ]; then | ||
868 | do_cmd "0" nostats allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp | ||
869 | fi | ||
870 | do_cmd "0" nostats deny Samba | ||
871 | do_cmd "0" show added | ||
872 | - do_cmd "0" nostats delete limit 22/tcp | ||
873 | + do_cmd "0" nostats delete limit 13/tcp | ||
874 | if [ "$ipv6" = "yes" ]; then | ||
875 | do_cmd "0" nostats delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp | ||
876 | fi | ||
877 | diff --git a/tests/root/live_apps/result b/tests/root/live_apps/result | ||
878 | index cb97ffb..1d9338e 100644 | ||
879 | --- a/tests/root/live_apps/result | ||
880 | +++ b/tests/root/live_apps/result | ||
881 | @@ -31,7 +31,7 @@ Rule added | ||
882 | Rule added (v6) | ||
883 | |||
884 | |||
885 | -6: allow to any app Samba from any port 22 | ||
886 | +6: allow to any app Samba from any port 13 | ||
887 | WARN: Checks disabled | ||
888 | Rule added | ||
889 | Rule added (v6) | ||
890 | @@ -58,7 +58,7 @@ WARN: Checks disabled | ||
891 | Rule added (v6) | ||
892 | |||
893 | |||
894 | -11: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22 | ||
895 | +11: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 | ||
896 | WARN: Checks disabled | ||
897 | Rule added (v6) | ||
898 | |||
899 | @@ -78,18 +78,18 @@ Apache ALLOW Anywhere | ||
900 | Samba ALLOW Anywhere | ||
901 | Anywhere ALLOW Samba | ||
902 | Samba ALLOW Bind9 | ||
903 | -Samba ALLOW 22 | ||
904 | +Samba ALLOW 13 | ||
905 | Apache ALLOW 88 | ||
906 | Apache (v6) ALLOW Anywhere (v6) | ||
907 | Samba (v6) ALLOW Anywhere (v6) | ||
908 | Anywhere (v6) ALLOW Samba (v6) | ||
909 | Samba (v6) ALLOW Bind9 (v6) | ||
910 | -Samba (v6) ALLOW 22 | ||
911 | +Samba (v6) ALLOW 13 | ||
912 | Apache (v6) ALLOW 88 | ||
913 | 2001:db8::/32 Samba ALLOW Anywhere (v6) | ||
914 | Anywhere (v6) ALLOW 2001:db8::/32 Samba | ||
915 | 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 | ||
916 | -2001:db8::/32 Samba ALLOW 2001:db8::/32 22 | ||
917 | +2001:db8::/32 Samba ALLOW 2001:db8::/32 13 | ||
918 | 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 | ||
919 | |||
920 | |||
921 | @@ -110,8 +110,8 @@ Anywhere ALLOW IN 137,138/udp (Samba) | ||
922 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
923 | 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
924 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
925 | -137,138/udp (Samba) ALLOW IN 22/udp | ||
926 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
927 | +137,138/udp (Samba) ALLOW IN 13/udp | ||
928 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
929 | 80/tcp (Apache) ALLOW IN 88/tcp | ||
930 | 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) | ||
931 | 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6) | ||
932 | @@ -120,8 +120,8 @@ Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6)) | ||
933 | Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) | ||
934 | 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) | ||
935 | 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) | ||
936 | -137,138/udp (Samba (v6)) ALLOW IN 22/udp | ||
937 | -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp | ||
938 | +137,138/udp (Samba (v6)) ALLOW IN 13/udp | ||
939 | +139,445/tcp (Samba (v6)) ALLOW IN 13/tcp | ||
940 | 80/tcp (Apache (v6)) ALLOW IN 88/tcp | ||
941 | 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) | ||
942 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) | ||
943 | @@ -129,8 +129,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) | ||
944 | Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) | ||
945 | 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) | ||
946 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) | ||
947 | -2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 22/udp | ||
948 | -2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp | ||
949 | +2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp | ||
950 | +2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp | ||
951 | 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp | ||
952 | |||
953 | |||
954 | @@ -159,7 +159,7 @@ Rule deleted | ||
955 | Rule deleted (v6) | ||
956 | |||
957 | |||
958 | -19: delete allow to any app Samba from any port 22 | ||
959 | +19: delete allow to any app Samba from any port 13 | ||
960 | WARN: Checks disabled | ||
961 | Rule deleted | ||
962 | Rule deleted (v6) | ||
963 | @@ -186,7 +186,7 @@ WARN: Checks disabled | ||
964 | Rule deleted (v6) | ||
965 | |||
966 | |||
967 | -24: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22 | ||
968 | +24: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 | ||
969 | WARN: Checks disabled | ||
970 | Rule deleted (v6) | ||
971 | |||
972 | @@ -228,7 +228,7 @@ WARN: Checks disabled | ||
973 | Rule added | ||
974 | |||
975 | |||
976 | -33: allow to any app Samba from any port 22 | ||
977 | +33: allow to any app Samba from any port 13 | ||
978 | WARN: Checks disabled | ||
979 | Rule added | ||
980 | |||
981 | @@ -253,7 +253,7 @@ WARN: Checks disabled | ||
982 | Rule added | ||
983 | |||
984 | |||
985 | -38: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22 | ||
986 | +38: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 | ||
987 | WARN: Checks disabled | ||
988 | Rule added | ||
989 | |||
990 | @@ -273,12 +273,12 @@ Apache ALLOW Anywhere | ||
991 | Samba ALLOW Anywhere | ||
992 | Anywhere ALLOW Samba | ||
993 | Samba ALLOW Bind9 | ||
994 | -Samba ALLOW 22 | ||
995 | +Samba ALLOW 13 | ||
996 | Apache ALLOW 88 | ||
997 | 192.168.2.0/24 Samba ALLOW Anywhere | ||
998 | Anywhere ALLOW 192.168.2.0/24 Samba | ||
999 | 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 | ||
1000 | -192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22 | ||
1001 | +192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 | ||
1002 | 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 | ||
1003 | |||
1004 | |||
1005 | @@ -299,8 +299,8 @@ Anywhere ALLOW IN 137,138/udp (Samba) | ||
1006 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
1007 | 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
1008 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
1009 | -137,138/udp (Samba) ALLOW IN 22/udp | ||
1010 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
1011 | +137,138/udp (Samba) ALLOW IN 13/udp | ||
1012 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
1013 | 80/tcp (Apache) ALLOW IN 88/tcp | ||
1014 | 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere | ||
1015 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere | ||
1016 | @@ -308,8 +308,8 @@ Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba) | ||
1017 | Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) | ||
1018 | 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) | ||
1019 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) | ||
1020 | -192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp | ||
1021 | -192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp | ||
1022 | +192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp | ||
1023 | +192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp | ||
1024 | 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp | ||
1025 | |||
1026 | |||
1027 | @@ -334,7 +334,7 @@ WARN: Checks disabled | ||
1028 | Rule deleted | ||
1029 | |||
1030 | |||
1031 | -46: delete allow to any app Samba from any port 22 | ||
1032 | +46: delete allow to any app Samba from any port 13 | ||
1033 | WARN: Checks disabled | ||
1034 | Rule deleted | ||
1035 | |||
1036 | @@ -359,7 +359,7 @@ WARN: Checks disabled | ||
1037 | Rule deleted | ||
1038 | |||
1039 | |||
1040 | -51: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22 | ||
1041 | +51: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 | ||
1042 | WARN: Checks disabled | ||
1043 | Rule deleted | ||
1044 | |||
1045 | @@ -406,7 +406,7 @@ Rule added | ||
1046 | Rule added (v6) | ||
1047 | |||
1048 | |||
1049 | -60: allow to any app Samba from any port 22 | ||
1050 | +60: allow to any app Samba from any port 13 | ||
1051 | WARN: Checks disabled | ||
1052 | Rule added | ||
1053 | Rule added (v6) | ||
1054 | @@ -433,7 +433,7 @@ WARN: Checks disabled | ||
1055 | Rule added (v6) | ||
1056 | |||
1057 | |||
1058 | -65: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22 | ||
1059 | +65: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 | ||
1060 | WARN: Checks disabled | ||
1061 | Rule added (v6) | ||
1062 | |||
1063 | @@ -453,18 +453,18 @@ Apache ALLOW Anywhere | ||
1064 | Samba ALLOW Anywhere | ||
1065 | Anywhere ALLOW Samba | ||
1066 | Samba ALLOW Bind9 | ||
1067 | -Samba ALLOW 22 | ||
1068 | +Samba ALLOW 13 | ||
1069 | Apache ALLOW 88 | ||
1070 | Apache (v6) ALLOW Anywhere (v6) | ||
1071 | Samba (v6) ALLOW Anywhere (v6) | ||
1072 | Anywhere (v6) ALLOW Samba (v6) | ||
1073 | Samba (v6) ALLOW Bind9 (v6) | ||
1074 | -Samba (v6) ALLOW 22 | ||
1075 | +Samba (v6) ALLOW 13 | ||
1076 | Apache (v6) ALLOW 88 | ||
1077 | 2001:db8::/32 Samba ALLOW Anywhere (v6) | ||
1078 | Anywhere (v6) ALLOW 2001:db8::/32 Samba | ||
1079 | 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 | ||
1080 | -2001:db8::/32 Samba ALLOW 2001:db8::/32 22 | ||
1081 | +2001:db8::/32 Samba ALLOW 2001:db8::/32 13 | ||
1082 | 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 | ||
1083 | |||
1084 | |||
1085 | @@ -485,8 +485,8 @@ Anywhere ALLOW IN 137,138/udp (Samba) | ||
1086 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
1087 | 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
1088 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
1089 | -137,138/udp (Samba) ALLOW IN 22/udp | ||
1090 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
1091 | +137,138/udp (Samba) ALLOW IN 13/udp | ||
1092 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
1093 | 80/tcp (Apache) ALLOW IN 88/tcp | ||
1094 | 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) | ||
1095 | 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6) | ||
1096 | @@ -495,8 +495,8 @@ Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6)) | ||
1097 | Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) | ||
1098 | 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) | ||
1099 | 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) | ||
1100 | -137,138/udp (Samba (v6)) ALLOW IN 22/udp | ||
1101 | -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp | ||
1102 | +137,138/udp (Samba (v6)) ALLOW IN 13/udp | ||
1103 | +139,445/tcp (Samba (v6)) ALLOW IN 13/tcp | ||
1104 | 80/tcp (Apache (v6)) ALLOW IN 88/tcp | ||
1105 | 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) | ||
1106 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) | ||
1107 | @@ -504,8 +504,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) | ||
1108 | Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) | ||
1109 | 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) | ||
1110 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) | ||
1111 | -2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 22/udp | ||
1112 | -2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp | ||
1113 | +2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp | ||
1114 | +2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp | ||
1115 | 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp | ||
1116 | |||
1117 | |||
1118 | @@ -532,18 +532,18 @@ Apache ALLOW Anywhere | ||
1119 | Samba ALLOW Anywhere | ||
1120 | Anywhere ALLOW Samba | ||
1121 | Samba ALLOW Bind9 | ||
1122 | -Samba ALLOW 22 | ||
1123 | +Samba ALLOW 13 | ||
1124 | Apache ALLOW 88 | ||
1125 | Apache (v6) ALLOW Anywhere (v6) | ||
1126 | Samba (v6) ALLOW Anywhere (v6) | ||
1127 | Anywhere (v6) ALLOW Samba (v6) | ||
1128 | Samba (v6) ALLOW Bind9 (v6) | ||
1129 | -Samba (v6) ALLOW 22 | ||
1130 | +Samba (v6) ALLOW 13 | ||
1131 | Apache (v6) ALLOW 88 | ||
1132 | 2001:db8::/32 Samba ALLOW Anywhere (v6) | ||
1133 | Anywhere (v6) ALLOW 2001:db8::/32 Samba | ||
1134 | 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 | ||
1135 | -2001:db8::/32 Samba ALLOW 2001:db8::/32 22 | ||
1136 | +2001:db8::/32 Samba ALLOW 2001:db8::/32 13 | ||
1137 | 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 | ||
1138 | |||
1139 | |||
1140 | @@ -564,8 +564,8 @@ Anywhere ALLOW IN 138,9999/udp (Samba) | ||
1141 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
1142 | 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
1143 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
1144 | -138,9999/udp (Samba) ALLOW IN 22/udp | ||
1145 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
1146 | +138,9999/udp (Samba) ALLOW IN 13/udp | ||
1147 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
1148 | 8888/tcp (Apache) ALLOW IN 88/tcp | ||
1149 | 8888/tcp (Apache (v6)) ALLOW IN Anywhere (v6) | ||
1150 | 138,9999/udp (Samba (v6)) ALLOW IN Anywhere (v6) | ||
1151 | @@ -574,8 +574,8 @@ Anywhere (v6) ALLOW IN 138,9999/udp (Samba (v6)) | ||
1152 | Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) | ||
1153 | 138,9999/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) | ||
1154 | 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) | ||
1155 | -138,9999/udp (Samba (v6)) ALLOW IN 22/udp | ||
1156 | -139,445/tcp (Samba (v6)) ALLOW IN 22/tcp | ||
1157 | +138,9999/udp (Samba (v6)) ALLOW IN 13/udp | ||
1158 | +139,445/tcp (Samba (v6)) ALLOW IN 13/tcp | ||
1159 | 8888/tcp (Apache (v6)) ALLOW IN 88/tcp | ||
1160 | 2001:db8::/32 138,9999/udp (Samba) ALLOW IN Anywhere (v6) | ||
1161 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) | ||
1162 | @@ -583,8 +583,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 138,9999/udp (Samba) | ||
1163 | Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) | ||
1164 | 2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) | ||
1165 | 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) | ||
1166 | -2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 22/udp | ||
1167 | -2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp | ||
1168 | +2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 13/udp | ||
1169 | +2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp | ||
1170 | 2001:db8::/32 8888/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp | ||
1171 | |||
1172 | |||
1173 | @@ -613,7 +613,7 @@ Rule deleted | ||
1174 | Rule deleted (v6) | ||
1175 | |||
1176 | |||
1177 | -77: delete allow to any app Samba from any port 22 | ||
1178 | +77: delete allow to any app Samba from any port 13 | ||
1179 | WARN: Checks disabled | ||
1180 | Rule deleted | ||
1181 | Rule deleted (v6) | ||
1182 | @@ -640,7 +640,7 @@ WARN: Checks disabled | ||
1183 | Rule deleted (v6) | ||
1184 | |||
1185 | |||
1186 | -82: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22 | ||
1187 | +82: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 | ||
1188 | WARN: Checks disabled | ||
1189 | Rule deleted (v6) | ||
1190 | |||
1191 | @@ -682,7 +682,7 @@ WARN: Checks disabled | ||
1192 | Rule added | ||
1193 | |||
1194 | |||
1195 | -91: allow to any app Samba from any port 22 | ||
1196 | +91: allow to any app Samba from any port 13 | ||
1197 | WARN: Checks disabled | ||
1198 | Rule added | ||
1199 | |||
1200 | @@ -707,7 +707,7 @@ WARN: Checks disabled | ||
1201 | Rule added | ||
1202 | |||
1203 | |||
1204 | -96: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22 | ||
1205 | +96: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 | ||
1206 | WARN: Checks disabled | ||
1207 | Rule added | ||
1208 | |||
1209 | @@ -727,12 +727,12 @@ Apache ALLOW Anywhere | ||
1210 | Samba ALLOW Anywhere | ||
1211 | Anywhere ALLOW Samba | ||
1212 | Samba ALLOW Bind9 | ||
1213 | -Samba ALLOW 22 | ||
1214 | +Samba ALLOW 13 | ||
1215 | Apache ALLOW 88 | ||
1216 | 192.168.2.0/24 Samba ALLOW Anywhere | ||
1217 | Anywhere ALLOW 192.168.2.0/24 Samba | ||
1218 | 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 | ||
1219 | -192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22 | ||
1220 | +192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 | ||
1221 | 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 | ||
1222 | |||
1223 | |||
1224 | @@ -753,8 +753,8 @@ Anywhere ALLOW IN 137,138/udp (Samba) | ||
1225 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
1226 | 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
1227 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
1228 | -137,138/udp (Samba) ALLOW IN 22/udp | ||
1229 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
1230 | +137,138/udp (Samba) ALLOW IN 13/udp | ||
1231 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
1232 | 80/tcp (Apache) ALLOW IN 88/tcp | ||
1233 | 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere | ||
1234 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere | ||
1235 | @@ -762,8 +762,8 @@ Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba) | ||
1236 | Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) | ||
1237 | 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) | ||
1238 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) | ||
1239 | -192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp | ||
1240 | -192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp | ||
1241 | +192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp | ||
1242 | +192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp | ||
1243 | 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp | ||
1244 | |||
1245 | |||
1246 | @@ -790,12 +790,12 @@ Apache ALLOW Anywhere | ||
1247 | Samba ALLOW Anywhere | ||
1248 | Anywhere ALLOW Samba | ||
1249 | Samba ALLOW Bind9 | ||
1250 | -Samba ALLOW 22 | ||
1251 | +Samba ALLOW 13 | ||
1252 | Apache ALLOW 88 | ||
1253 | 192.168.2.0/24 Samba ALLOW Anywhere | ||
1254 | Anywhere ALLOW 192.168.2.0/24 Samba | ||
1255 | 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 | ||
1256 | -192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22 | ||
1257 | +192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 | ||
1258 | 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 | ||
1259 | |||
1260 | |||
1261 | @@ -816,8 +816,8 @@ Anywhere ALLOW IN 138,9999/udp (Samba) | ||
1262 | Anywhere ALLOW IN 139,445/tcp (Samba) | ||
1263 | 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9) | ||
1264 | 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) | ||
1265 | -138,9999/udp (Samba) ALLOW IN 22/udp | ||
1266 | -139,445/tcp (Samba) ALLOW IN 22/tcp | ||
1267 | +138,9999/udp (Samba) ALLOW IN 13/udp | ||
1268 | +139,445/tcp (Samba) ALLOW IN 13/tcp | ||
1269 | 8888/tcp (Apache) ALLOW IN 88/tcp | ||
1270 | 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN Anywhere | ||
1271 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere | ||
1272 | @@ -825,8 +825,8 @@ Anywhere ALLOW IN 192.168.2.0/24 138,9999/udp (Samba) | ||
1273 | Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) | ||
1274 | 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) | ||
1275 | 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) | ||
1276 | -192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp | ||
1277 | -192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp | ||
1278 | +192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp | ||
1279 | +192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp | ||
1280 | 192.168.2.0/24 8888/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp | ||
1281 | |||
1282 | |||
1283 | @@ -851,7 +851,7 @@ WARN: Checks disabled | ||
1284 | Rule deleted | ||
1285 | |||
1286 | |||
1287 | -108: delete allow to any app Samba from any port 22 | ||
1288 | +108: delete allow to any app Samba from any port 13 | ||
1289 | WARN: Checks disabled | ||
1290 | Rule deleted | ||
1291 | |||
1292 | @@ -876,7 +876,7 @@ WARN: Checks disabled | ||
1293 | Rule deleted | ||
1294 | |||
1295 | |||
1296 | -113: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22 | ||
1297 | +113: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 | ||
1298 | WARN: Checks disabled | ||
1299 | Rule deleted | ||
1300 | |||
1301 | @@ -1356,7 +1356,7 @@ WARN: Checks disabled | ||
1302 | Rule added | ||
1303 | |||
1304 | |||
1305 | -164: allow 22 | ||
1306 | +164: allow 13 | ||
1307 | WARN: Checks disabled | ||
1308 | Rule added | ||
1309 | |||
1310 | @@ -1435,9 +1435,9 @@ Rule inserted | ||
1311 | ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in | ||
1312 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1313 | |||
1314 | -### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1315 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1316 | --A ufw-user-input -p udp --dport 22 -j ACCEPT | ||
1317 | +### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1318 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1319 | +-A ufw-user-input -p udp --dport 13 -j ACCEPT | ||
1320 | |||
1321 | ### END RULES ### | ||
1322 | |||
1323 | @@ -1488,7 +1488,7 @@ WARN: Checks disabled | ||
1324 | Rule deleted | ||
1325 | |||
1326 | |||
1327 | -173: delete allow 22 | ||
1328 | +173: delete allow 13 | ||
1329 | WARN: Checks disabled | ||
1330 | Rule deleted | ||
1331 | |||
1332 | @@ -1799,7 +1799,7 @@ Rule added | ||
1333 | Rule added (v6) | ||
1334 | |||
1335 | |||
1336 | -192: allow 22 | ||
1337 | +192: allow 13 | ||
1338 | WARN: Checks disabled | ||
1339 | Rule added | ||
1340 | Rule added (v6) | ||
1341 | @@ -1880,9 +1880,9 @@ Rule inserted | ||
1342 | ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in | ||
1343 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1344 | |||
1345 | -### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1346 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1347 | --A ufw-user-input -p udp --dport 22 -j ACCEPT | ||
1348 | +### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1349 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1350 | +-A ufw-user-input -p udp --dport 13 -j ACCEPT | ||
1351 | |||
1352 | ### END RULES ### | ||
1353 | |||
1354 | @@ -1923,9 +1923,9 @@ COMMIT | ||
1355 | ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in | ||
1356 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1357 | |||
1358 | -### tuple ### allow any 22 ::/0 any ::/0 in | ||
1359 | --A ufw6-user-input -p tcp --dport 22 -j ACCEPT | ||
1360 | --A ufw6-user-input -p udp --dport 22 -j ACCEPT | ||
1361 | +### tuple ### allow any 13 ::/0 any ::/0 in | ||
1362 | +-A ufw6-user-input -p tcp --dport 13 -j ACCEPT | ||
1363 | +-A ufw6-user-input -p udp --dport 13 -j ACCEPT | ||
1364 | |||
1365 | ### END RULES ### | ||
1366 | |||
1367 | @@ -1949,7 +1949,7 @@ Rule deleted | ||
1368 | Rule deleted (v6) | ||
1369 | |||
1370 | |||
1371 | -201: delete allow 22 | ||
1372 | +201: delete allow 13 | ||
1373 | WARN: Checks disabled | ||
1374 | Rule deleted | ||
1375 | Rule deleted (v6) | ||
1376 | @@ -2606,7 +2606,7 @@ Setting IPV6 to yes | ||
1377 | 278: allow Samba | ||
1378 | |||
1379 | |||
1380 | -279: allow 22/tcp | ||
1381 | +279: allow 13/tcp | ||
1382 | |||
1383 | |||
1384 | ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
1385 | @@ -2621,8 +2621,8 @@ Setting IPV6 to yes | ||
1386 | ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
1387 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1388 | |||
1389 | -### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1390 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1391 | +### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1392 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1393 | |||
1394 | ### tuple ### allow udp any ::/0 137,138 ::/0 - Samba in | ||
1395 | -A ufw6-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' | ||
1396 | @@ -2636,8 +2636,8 @@ Setting IPV6 to yes | ||
1397 | ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in | ||
1398 | -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1399 | |||
1400 | -### tuple ### allow tcp 22 ::/0 any ::/0 in | ||
1401 | --A ufw6-user-input -p tcp --dport 22 -j ACCEPT | ||
1402 | +### tuple ### allow tcp 13 ::/0 any ::/0 in | ||
1403 | +-A ufw6-user-input -p tcp --dport 13 -j ACCEPT | ||
1404 | |||
1405 | 280: --force delete 6 | ||
1406 | |||
1407 | @@ -2706,7 +2706,7 @@ Setting IPV6 to no | ||
1408 | 289: allow Samba | ||
1409 | |||
1410 | |||
1411 | -290: allow 22/tcp | ||
1412 | +290: allow 13/tcp | ||
1413 | |||
1414 | |||
1415 | ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in | ||
1416 | @@ -2721,8 +2721,8 @@ Setting IPV6 to no | ||
1417 | ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in | ||
1418 | -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' | ||
1419 | |||
1420 | -### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1421 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1422 | +### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1423 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1424 | |||
1425 | 291: --force delete 3 | ||
1426 | |||
1427 | diff --git a/tests/root/live_apps/runtest.sh b/tests/root/live_apps/runtest.sh | ||
1428 | index 04bbde3..5feb86c 100755 | ||
1429 | --- a/tests/root/live_apps/runtest.sh | ||
1430 | +++ b/tests/root/live_apps/runtest.sh | ||
1431 | @@ -51,7 +51,7 @@ do | ||
1432 | do_cmd "0" allow to $loc app Samba | ||
1433 | do_cmd "0" allow from $loc app Samba | ||
1434 | do_cmd "0" allow to $loc app Samba from $loc app Bind9 | ||
1435 | - do_cmd "0" allow to $loc app Samba from $loc port 22 | ||
1436 | + do_cmd "0" allow to $loc app Samba from $loc port 13 | ||
1437 | do_cmd "0" allow to $loc app Apache from $loc port 88 | ||
1438 | done | ||
1439 | do_cmd "0" status | ||
1440 | @@ -78,7 +78,7 @@ do | ||
1441 | do_cmd "0" delete allow to $loc app Samba | ||
1442 | do_cmd "0" delete allow from $loc app Samba | ||
1443 | do_cmd "0" delete allow to $loc app Samba from $loc app Bind9 | ||
1444 | - do_cmd "0" delete allow to $loc app Samba from $loc port 22 | ||
1445 | + do_cmd "0" delete allow to $loc app Samba from $loc port 13 | ||
1446 | do_cmd "0" delete allow to $loc app Apache from $loc port 88 | ||
1447 | done | ||
1448 | do_cmd "0" status | ||
1449 | @@ -188,7 +188,7 @@ for ipv6 in no yes ; do | ||
1450 | cat $TESTSTATE/user6.rules >> $TESTTMP/result | ||
1451 | |||
1452 | do_cmd "0" allow Samba | ||
1453 | - do_cmd "0" allow 22 | ||
1454 | + do_cmd "0" allow 13 | ||
1455 | do_cmd "0" insert 2 allow from any to any app Samba | ||
1456 | do_cmd "0" insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba | ||
1457 | do_cmd "0" insert 2 allow from 192.168.0.1 to any app Samba | ||
1458 | @@ -209,7 +209,7 @@ for ipv6 in no yes ; do | ||
1459 | } | ||
1460 | |||
1461 | do_cmd "0" delete allow Samba | ||
1462 | - do_cmd "0" delete allow 22 | ||
1463 | + do_cmd "0" delete allow 13 | ||
1464 | do_cmd "0" delete allow from any to any app Samba | ||
1465 | do_cmd "0" delete allow from 192.168.0.1 to 10.0.0.1 app Samba | ||
1466 | do_cmd "0" delete allow from 192.168.0.1 to any app Samba | ||
1467 | @@ -258,7 +258,7 @@ do | ||
1468 | |||
1469 | do_cmd "0" nostats allow from any app Samba | ||
1470 | do_cmd "0" nostats allow Samba | ||
1471 | - do_cmd "0" nostats allow 22/tcp | ||
1472 | + do_cmd "0" nostats allow 13/tcp | ||
1473 | |||
1474 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
1475 | if [ "$ipv6" = "yes" ]; then | ||
1476 | @@ -267,16 +267,16 @@ do | ||
1477 | |||
1478 | if [ "$ipv6" = "yes" ]; then | ||
1479 | do_cmd "0" null --force delete 6 | ||
1480 | - grep -v -q "^### tuple ### allow any 22 " $TESTSTATE/user6.rules || { | ||
1481 | - echo "Failed: Found port '22' in user6.rules" >> $TESTTMP/result | ||
1482 | + grep -v -q "^### tuple ### allow any 13 " $TESTSTATE/user6.rules || { | ||
1483 | + echo "Failed: Found port '13' in user6.rules" >> $TESTTMP/result | ||
1484 | exit 1 | ||
1485 | } | ||
1486 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
1487 | fi | ||
1488 | |||
1489 | do_cmd "0" null --force delete 3 | ||
1490 | - grep -v -q "^### tuple ### allow any 22 " $TESTSTATE/user.rules || { | ||
1491 | - echo "Failed: Found port '22' in user.rules" >> $TESTTMP/result | ||
1492 | + grep -v -q "^### tuple ### allow any 13 " $TESTSTATE/user.rules || { | ||
1493 | + echo "Failed: Found port '13' in user.rules" >> $TESTTMP/result | ||
1494 | exit 1 | ||
1495 | } | ||
1496 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
1497 | diff --git a/tests/root/valid/result b/tests/root/valid/result | ||
1498 | index 320a728..752b6f2 100644 | ||
1499 | --- a/tests/root/valid/result | ||
1500 | +++ b/tests/root/valid/result | ||
1501 | @@ -215,7 +215,7 @@ Rules updated | ||
1502 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1503 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1504 | |||
1505 | -26: limit 22/tcp | ||
1506 | +26: limit 13/tcp | ||
1507 | WARN: Checks disabled | ||
1508 | Rules updated | ||
1509 | |||
1510 | @@ -233,9 +233,9 @@ Rules updated | ||
1511 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1512 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1513 | |||
1514 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1515 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1516 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1517 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1518 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1519 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1520 | 27: deny 53 | ||
1521 | WARN: Checks disabled | ||
1522 | Rules updated | ||
1523 | @@ -254,9 +254,9 @@ Rules updated | ||
1524 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1525 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1526 | |||
1527 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1528 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1529 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1530 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1531 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1532 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1533 | 28: allow 80/tcp | ||
1534 | WARN: Checks disabled | ||
1535 | Rules updated | ||
1536 | @@ -275,9 +275,9 @@ Rules updated | ||
1537 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1538 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1539 | |||
1540 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1541 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1542 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1543 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1544 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1545 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1546 | 29: allow from 10.0.0.0/8 | ||
1547 | WARN: Checks disabled | ||
1548 | Rules updated | ||
1549 | @@ -296,9 +296,9 @@ Rules updated | ||
1550 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1551 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1552 | |||
1553 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1554 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1555 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1556 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1557 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1558 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1559 | -- | ||
1560 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1561 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1562 | @@ -321,9 +321,9 @@ Rules updated | ||
1563 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1564 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1565 | |||
1566 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1567 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1568 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1569 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1570 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1571 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1572 | -- | ||
1573 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1574 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1575 | @@ -349,9 +349,9 @@ Rules updated | ||
1576 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1577 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1578 | |||
1579 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1580 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1581 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1582 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1583 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1584 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1585 | -- | ||
1586 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1587 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1588 | @@ -380,9 +380,9 @@ Rules updated | ||
1589 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1590 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1591 | |||
1592 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1593 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1594 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1595 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1596 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1597 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1598 | -- | ||
1599 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1600 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1601 | @@ -414,9 +414,9 @@ Rules updated | ||
1602 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1603 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1604 | |||
1605 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1606 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1607 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1608 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1609 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1610 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1611 | -- | ||
1612 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1613 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1614 | @@ -451,9 +451,9 @@ Rules updated | ||
1615 | ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in | ||
1616 | -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP | ||
1617 | |||
1618 | -### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1619 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set | ||
1620 | --A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1621 | +### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1622 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set | ||
1623 | +-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit | ||
1624 | -- | ||
1625 | ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in | ||
1626 | -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT | ||
1627 | @@ -483,7 +483,7 @@ WARN: Checks disabled | ||
1628 | Rules updated | ||
1629 | |||
1630 | |||
1631 | -37: delete limit 22/tcp | ||
1632 | +37: delete limit 13/tcp | ||
1633 | WARN: Checks disabled | ||
1634 | Rules updated | ||
1635 | |||
1636 | @@ -659,41 +659,41 @@ WARN: Checks disabled | ||
1637 | Rules updated | ||
1638 | |||
1639 | |||
1640 | -66: allow ssh | ||
1641 | +66: allow daytime | ||
1642 | WARN: Checks disabled | ||
1643 | Rules updated | ||
1644 | |||
1645 | |||
1646 | -### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1647 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1648 | --A ufw-user-input -p udp --dport 22 -j ACCEPT | ||
1649 | -67: delete allow ssh | ||
1650 | +### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1651 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1652 | +-A ufw-user-input -p udp --dport 13 -j ACCEPT | ||
1653 | +67: delete allow daytime | ||
1654 | WARN: Checks disabled | ||
1655 | Rules updated | ||
1656 | |||
1657 | |||
1658 | -68: allow ssh/tcp | ||
1659 | +68: allow daytime/tcp | ||
1660 | WARN: Checks disabled | ||
1661 | Rules updated | ||
1662 | |||
1663 | |||
1664 | -### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1665 | --A ufw-user-input -p tcp --dport 22 -j ACCEPT | ||
1666 | +### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1667 | +-A ufw-user-input -p tcp --dport 13 -j ACCEPT | ||
1668 | |||
1669 | -69: delete allow ssh/tcp | ||
1670 | +69: delete allow daytime/tcp | ||
1671 | WARN: Checks disabled | ||
1672 | Rules updated | ||
1673 | |||
1674 | |||
1675 | -70: allow ssh/udp | ||
1676 | +70: allow daytime/udp | ||
1677 | WARN: Checks disabled | ||
1678 | Rules updated | ||
1679 | |||
1680 | |||
1681 | -### tuple ### allow udp 22 0.0.0.0/0 any 0.0.0.0/0 in | ||
1682 | --A ufw-user-input -p udp --dport 22 -j ACCEPT | ||
1683 | +### tuple ### allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in | ||
1684 | +-A ufw-user-input -p udp --dport 13 -j ACCEPT | ||
1685 | |||
1686 | -71: delete allow ssh/udp | ||
1687 | +71: delete allow daytime/udp | ||
1688 | WARN: Checks disabled | ||
1689 | Rules updated | ||
1690 | |||
1691 | @@ -1679,28 +1679,28 @@ WARN: Checks disabled | ||
1692 | Rules updated | ||
1693 | |||
1694 | |||
1695 | -219: allow to any port smtp from any port ssh | ||
1696 | +219: allow to any port smtp from any port daytime | ||
1697 | WARN: Checks disabled | ||
1698 | Rules updated | ||
1699 | |||
1700 | |||
1701 | -### tuple ### allow tcp 25 0.0.0.0/0 22 0.0.0.0/0 in | ||
1702 | --A ufw-user-input -p tcp --dport 25 --sport 22 -j ACCEPT | ||
1703 | +### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in | ||
1704 | +-A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT | ||
1705 | |||
1706 | -220: delete allow to any port smtp from any port ssh | ||
1707 | +220: delete allow to any port smtp from any port daytime | ||
1708 | WARN: Checks disabled | ||
1709 | Rules updated | ||
1710 | |||
1711 | |||
1712 | -221: allow to any port ssh from any port smtp | ||
1713 | +221: allow to any port daytime from any port smtp | ||
1714 | WARN: Checks disabled | ||
1715 | Rules updated | ||
1716 | |||
1717 | |||
1718 | -### tuple ### allow tcp 22 0.0.0.0/0 25 0.0.0.0/0 in | ||
1719 | --A ufw-user-input -p tcp --dport 22 --sport 25 -j ACCEPT | ||
1720 | +### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in | ||
1721 | +-A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT | ||
1722 | |||
1723 | -222: delete allow to any port ssh from any port smtp | ||
1724 | +222: delete allow to any port daytime from any port smtp | ||
1725 | WARN: Checks disabled | ||
1726 | Rules updated | ||
1727 | |||
1728 | @@ -1744,28 +1744,28 @@ WARN: Checks disabled | ||
1729 | Rules updated | ||
1730 | |||
1731 | |||
1732 | -229: allow to any port tftp from any port ssh | ||
1733 | +229: allow to any port tftp from any port daytime | ||
1734 | WARN: Checks disabled | ||
1735 | Rules updated | ||
1736 | |||
1737 | |||
1738 | -### tuple ### allow udp 69 0.0.0.0/0 22 0.0.0.0/0 in | ||
1739 | --A ufw-user-input -p udp --dport 69 --sport 22 -j ACCEPT | ||
1740 | +### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in | ||
1741 | +-A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT | ||
1742 | |||
1743 | -230: delete allow to any port tftp from any port ssh | ||
1744 | +230: delete allow to any port tftp from any port daytime | ||
1745 | WARN: Checks disabled | ||
1746 | Rules updated | ||
1747 | |||
1748 | |||
1749 | -231: allow to any port ssh from any port tftp | ||
1750 | +231: allow to any port daytime from any port tftp | ||
1751 | WARN: Checks disabled | ||
1752 | Rules updated | ||
1753 | |||
1754 | |||
1755 | -### tuple ### allow udp 22 0.0.0.0/0 69 0.0.0.0/0 in | ||
1756 | --A ufw-user-input -p udp --dport 22 --sport 69 -j ACCEPT | ||
1757 | +### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in | ||
1758 | +-A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT | ||
1759 | |||
1760 | -232: delete allow to any port ssh from any port tftp | ||
1761 | +232: delete allow to any port daytime from any port tftp | ||
1762 | WARN: Checks disabled | ||
1763 | Rules updated | ||
1764 | |||
1765 | @@ -1796,41 +1796,41 @@ WARN: Checks disabled | ||
1766 | Rules updated | ||
1767 | |||
1768 | |||
1769 | -237: allow to any port ssh from any port 23 | ||
1770 | +237: allow to any port daytime from any port 23 | ||
1771 | WARN: Checks disabled | ||
1772 | Rules updated | ||
1773 | |||
1774 | |||
1775 | -### tuple ### allow any 22 0.0.0.0/0 23 0.0.0.0/0 in | ||
1776 | --A ufw-user-input -p tcp --dport 22 --sport 23 -j ACCEPT | ||
1777 | --A ufw-user-input -p udp --dport 22 --sport 23 -j ACCEPT | ||
1778 | -238: delete allow to any port ssh from any port 23 | ||
1779 | +### tuple ### allow any 13 0.0.0.0/0 23 0.0.0.0/0 in | ||
1780 | +-A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT | ||
1781 | +-A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT | ||
1782 | +238: delete allow to any port daytime from any port 23 | ||
1783 | WARN: Checks disabled | ||
1784 | Rules updated | ||
1785 | |||
1786 | |||
1787 | -239: allow to any port 23 from any port ssh | ||
1788 | +239: allow to any port 23 from any port daytime | ||
1789 | WARN: Checks disabled | ||
1790 | Rules updated | ||
1791 | |||
1792 | |||
1793 | -### tuple ### allow any 23 0.0.0.0/0 22 0.0.0.0/0 in | ||
1794 | --A ufw-user-input -p tcp --dport 23 --sport 22 -j ACCEPT | ||
1795 | --A ufw-user-input -p udp --dport 23 --sport 22 -j ACCEPT | ||
1796 | -240: delete allow to any port 23 from any port ssh | ||
1797 | +### tuple ### allow any 23 0.0.0.0/0 13 0.0.0.0/0 in | ||
1798 | +-A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT | ||
1799 | +-A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT | ||
1800 | +240: delete allow to any port 23 from any port daytime | ||
1801 | WARN: Checks disabled | ||
1802 | Rules updated | ||
1803 | |||
1804 | |||
1805 | -241: allow to any port ssh from any port domain | ||
1806 | +241: allow to any port daytime from any port domain | ||
1807 | WARN: Checks disabled | ||
1808 | Rules updated | ||
1809 | |||
1810 | |||
1811 | -### tuple ### allow any 22 0.0.0.0/0 53 0.0.0.0/0 in | ||
1812 | --A ufw-user-input -p tcp --dport 22 --sport 53 -j ACCEPT | ||
1813 | --A ufw-user-input -p udp --dport 22 --sport 53 -j ACCEPT | ||
1814 | -242: delete allow to any port ssh from any port domain | ||
1815 | +### tuple ### allow any 13 0.0.0.0/0 53 0.0.0.0/0 in | ||
1816 | +-A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT | ||
1817 | +-A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT | ||
1818 | +242: delete allow to any port daytime from any port domain | ||
1819 | WARN: Checks disabled | ||
1820 | Rules updated | ||
1821 | |||
1822 | @@ -1848,28 +1848,28 @@ WARN: Checks disabled | ||
1823 | Rules updated | ||
1824 | |||
1825 | |||
1826 | -245: allow to any port smtp from any port ssh proto tcp | ||
1827 | +245: allow to any port smtp from any port daytime proto tcp | ||
1828 | WARN: Checks disabled | ||
1829 | Rules updated | ||
1830 | |||
1831 | |||
1832 | -### tuple ### allow tcp 25 0.0.0.0/0 22 0.0.0.0/0 in | ||
1833 | --A ufw-user-input -p tcp --dport 25 --sport 22 -j ACCEPT | ||
1834 | +### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in | ||
1835 | +-A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT | ||
1836 | |||
1837 | -246: delete allow to any port smtp from any port ssh proto tcp | ||
1838 | +246: delete allow to any port smtp from any port daytime proto tcp | ||
1839 | WARN: Checks disabled | ||
1840 | Rules updated | ||
1841 | |||
1842 | |||
1843 | -247: allow to any port ssh from any port smtp proto tcp | ||
1844 | +247: allow to any port daytime from any port smtp proto tcp | ||
1845 | WARN: Checks disabled | ||
1846 | Rules updated | ||
1847 | |||
1848 | |||
1849 | -### tuple ### allow tcp 22 0.0.0.0/0 25 0.0.0.0/0 in | ||
1850 | --A ufw-user-input -p tcp --dport 22 --sport 25 -j ACCEPT | ||
1851 | +### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in | ||
1852 | +-A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT | ||
1853 | |||
1854 | -248: delete allow to any port ssh from any port smtp proto tcp | ||
1855 | +248: delete allow to any port daytime from any port smtp proto tcp | ||
1856 | WARN: Checks disabled | ||
1857 | Rules updated | ||
1858 | |||
1859 | @@ -1913,28 +1913,28 @@ WARN: Checks disabled | ||
1860 | Rules updated | ||
1861 | |||
1862 | |||
1863 | -255: allow to any port tftp from any port ssh proto udp | ||
1864 | +255: allow to any port tftp from any port daytime proto udp | ||
1865 | WARN: Checks disabled | ||
1866 | Rules updated | ||
1867 | |||
1868 | |||
1869 | -### tuple ### allow udp 69 0.0.0.0/0 22 0.0.0.0/0 in | ||
1870 | --A ufw-user-input -p udp --dport 69 --sport 22 -j ACCEPT | ||
1871 | +### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in | ||
1872 | +-A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT | ||
1873 | |||
1874 | -256: delete allow to any port tftp from any port ssh proto udp | ||
1875 | +256: delete allow to any port tftp from any port daytime proto udp | ||
1876 | WARN: Checks disabled | ||
1877 | Rules updated | ||
1878 | |||
1879 | |||
1880 | -257: allow to any port ssh from any port tftp proto udp | ||
1881 | +257: allow to any port daytime from any port tftp proto udp | ||
1882 | WARN: Checks disabled | ||
1883 | Rules updated | ||
1884 | |||
1885 | |||
1886 | -### tuple ### allow udp 22 0.0.0.0/0 69 0.0.0.0/0 in | ||
1887 | --A ufw-user-input -p udp --dport 22 --sport 69 -j ACCEPT | ||
1888 | +### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in | ||
1889 | +-A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT | ||
1890 | |||
1891 | -258: delete allow to any port ssh from any port tftp proto udp | ||
1892 | +258: delete allow to any port daytime from any port tftp proto udp | ||
1893 | WARN: Checks disabled | ||
1894 | Rules updated | ||
1895 | |||
1896 | @@ -1965,80 +1965,80 @@ WARN: Checks disabled | ||
1897 | Rules updated | ||
1898 | |||
1899 | |||
1900 | -263: allow to any port ssh from any port 23 proto tcp | ||
1901 | +263: allow to any port daytime from any port 23 proto tcp | ||
1902 | WARN: Checks disabled | ||
1903 | Rules updated | ||
1904 | |||
1905 | |||
1906 | -### tuple ### allow tcp 22 0.0.0.0/0 23 0.0.0.0/0 in | ||
1907 | --A ufw-user-input -p tcp --dport 22 --sport 23 -j ACCEPT | ||
1908 | +### tuple ### allow tcp 13 0.0.0.0/0 23 0.0.0.0/0 in | ||
1909 | +-A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT | ||
1910 | |||
1911 | -264: delete allow to any port ssh from any port 23 proto tcp | ||
1912 | +264: delete allow to any port daytime from any port 23 proto tcp | ||
1913 | WARN: Checks disabled | ||
1914 | Rules updated | ||
1915 | |||
1916 | |||
1917 | -265: allow to any port 23 from any port ssh proto tcp | ||
1918 | +265: allow to any port 23 from any port daytime proto tcp | ||
1919 | WARN: Checks disabled | ||
1920 | Rules updated | ||
1921 | |||
1922 | |||
1923 | -### tuple ### allow tcp 23 0.0.0.0/0 22 0.0.0.0/0 in | ||
1924 | --A ufw-user-input -p tcp --dport 23 --sport 22 -j ACCEPT | ||
1925 | +### tuple ### allow tcp 23 0.0.0.0/0 13 0.0.0.0/0 in | ||
1926 | +-A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT | ||
1927 | |||
1928 | -266: delete allow to any port 23 from any port ssh proto tcp | ||
1929 | +266: delete allow to any port 23 from any port daytime proto tcp | ||
1930 | WARN: Checks disabled | ||
1931 | Rules updated | ||
1932 | |||
1933 | |||
1934 | -267: allow to any port ssh from any port domain proto tcp | ||
1935 | +267: allow to any port daytime from any port domain proto tcp | ||
1936 | WARN: Checks disabled | ||
1937 | Rules updated | ||
1938 | |||
1939 | |||
1940 | -### tuple ### allow tcp 22 0.0.0.0/0 53 0.0.0.0/0 in | ||
1941 | --A ufw-user-input -p tcp --dport 22 --sport 53 -j ACCEPT | ||
1942 | +### tuple ### allow tcp 13 0.0.0.0/0 53 0.0.0.0/0 in | ||
1943 | +-A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT | ||
1944 | |||
1945 | -268: delete allow to any port ssh from any port domain proto tcp | ||
1946 | +268: delete allow to any port daytime from any port domain proto tcp | ||
1947 | WARN: Checks disabled | ||
1948 | Rules updated | ||
1949 | |||
1950 | |||
1951 | -269: allow to any port ssh from any port 23 proto udp | ||
1952 | +269: allow to any port daytime from any port 23 proto udp | ||
1953 | WARN: Checks disabled | ||
1954 | Rules updated | ||
1955 | |||
1956 | |||
1957 | -### tuple ### allow udp 22 0.0.0.0/0 23 0.0.0.0/0 in | ||
1958 | --A ufw-user-input -p udp --dport 22 --sport 23 -j ACCEPT | ||
1959 | +### tuple ### allow udp 13 0.0.0.0/0 23 0.0.0.0/0 in | ||
1960 | +-A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT | ||
1961 | |||
1962 | -270: delete allow to any port ssh from any port 23 proto udp | ||
1963 | +270: delete allow to any port daytime from any port 23 proto udp | ||
1964 | WARN: Checks disabled | ||
1965 | Rules updated | ||
1966 | |||
1967 | |||
1968 | -271: allow to any port 23 from any port ssh proto udp | ||
1969 | +271: allow to any port 23 from any port daytime proto udp | ||
1970 | WARN: Checks disabled | ||
1971 | Rules updated | ||
1972 | |||
1973 | |||
1974 | -### tuple ### allow udp 23 0.0.0.0/0 22 0.0.0.0/0 in | ||
1975 | --A ufw-user-input -p udp --dport 23 --sport 22 -j ACCEPT | ||
1976 | +### tuple ### allow udp 23 0.0.0.0/0 13 0.0.0.0/0 in | ||
1977 | +-A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT | ||
1978 | |||
1979 | -272: delete allow to any port 23 from any port ssh proto udp | ||
1980 | +272: delete allow to any port 23 from any port daytime proto udp | ||
1981 | WARN: Checks disabled | ||
1982 | Rules updated | ||
1983 | |||
1984 | |||
1985 | -273: allow to any port ssh from any port domain proto udp | ||
1986 | +273: allow to any port daytime from any port domain proto udp | ||
1987 | WARN: Checks disabled | ||
1988 | Rules updated | ||
1989 | |||
1990 | |||
1991 | -### tuple ### allow udp 22 0.0.0.0/0 53 0.0.0.0/0 in | ||
1992 | --A ufw-user-input -p udp --dport 22 --sport 53 -j ACCEPT | ||
1993 | +### tuple ### allow udp 13 0.0.0.0/0 53 0.0.0.0/0 in | ||
1994 | +-A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT | ||
1995 | |||
1996 | -274: delete allow to any port ssh from any port domain proto udp | ||
1997 | +274: delete allow to any port daytime from any port domain proto udp | ||
1998 | WARN: Checks disabled | ||
1999 | Rules updated | ||
2000 | |||
2001 | @@ -2196,41 +2196,41 @@ WARN: Checks disabled | ||
2002 | Rules updated | ||
2003 | |||
2004 | |||
2005 | -297: allow to 192.168.0.1 port 80:83,22 proto tcp | ||
2006 | +297: allow to 192.168.0.1 port 80:83,13 proto tcp | ||
2007 | WARN: Checks disabled | ||
2008 | Rules updated | ||
2009 | |||
2010 | |||
2011 | -### tuple ### allow tcp 22,80:83 192.168.0.1 any 0.0.0.0/0 in | ||
2012 | --A ufw-user-input -p tcp -m multiport --dports 22,80:83 -d 192.168.0.1 -j ACCEPT | ||
2013 | +### tuple ### allow tcp 13,80:83 192.168.0.1 any 0.0.0.0/0 in | ||
2014 | +-A ufw-user-input -p tcp -m multiport --dports 13,80:83 -d 192.168.0.1 -j ACCEPT | ||
2015 | |||
2016 | -298: delete allow to 192.168.0.1 port 80:83,22 proto tcp | ||
2017 | +298: delete allow to 192.168.0.1 port 80:83,13 proto tcp | ||
2018 | WARN: Checks disabled | ||
2019 | Rules updated | ||
2020 | |||
2021 | |||
2022 | -299: allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp | ||
2023 | +299: allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp | ||
2024 | WARN: Checks disabled | ||
2025 | Rules updated | ||
2026 | |||
2027 | |||
2028 | -### tuple ### allow tcp 22 192.168.0.2 35:39 192.168.0.1 in | ||
2029 | --A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT | ||
2030 | +### tuple ### allow tcp 13 192.168.0.2 35:39 192.168.0.1 in | ||
2031 | +-A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT | ||
2032 | |||
2033 | -300: delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp | ||
2034 | +300: delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp | ||
2035 | WARN: Checks disabled | ||
2036 | Rules updated | ||
2037 | |||
2038 | |||
2039 | -301: allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2040 | +301: allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2041 | WARN: Checks disabled | ||
2042 | Rules updated | ||
2043 | |||
2044 | |||
2045 | -### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 24:26 0.0.0.0/0 in | ||
2046 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT | ||
2047 | +### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in | ||
2048 | +-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT | ||
2049 | |||
2050 | -302: delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2051 | +302: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2052 | WARN: Checks disabled | ||
2053 | Rules updated | ||
2054 | |||
2055 | @@ -2274,15 +2274,15 @@ WARN: Checks disabled | ||
2056 | Rules updated | ||
2057 | |||
2058 | |||
2059 | -309: deny 23,21,15:19,22/udp | ||
2060 | +309: deny 23,21,15:19,13/udp | ||
2061 | WARN: Checks disabled | ||
2062 | Rules updated | ||
2063 | |||
2064 | |||
2065 | -### tuple ### deny udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
2066 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j DROP | ||
2067 | +### tuple ### deny udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
2068 | +-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP | ||
2069 | |||
2070 | -310: delete deny 23,21,15:19,22/udp | ||
2071 | +310: delete deny 23,21,15:19,13/udp | ||
2072 | WARN: Checks disabled | ||
2073 | Rules updated | ||
2074 | |||
2075 | diff --git a/tests/root/valid/runtest.sh b/tests/root/valid/runtest.sh | ||
2076 | index aa03d99..feeacba 100755 | ||
2077 | --- a/tests/root/valid/runtest.sh | ||
2078 | +++ b/tests/root/valid/runtest.sh | ||
2079 | @@ -76,7 +76,7 @@ do_cmd "0" deny to any port 80 proto tcp | ||
2080 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2081 | do_cmd "0" deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp | ||
2082 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2083 | -do_cmd "0" limit 22/tcp | ||
2084 | +do_cmd "0" limit 13/tcp | ||
2085 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2086 | do_cmd "0" deny 53 | ||
2087 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2088 | @@ -97,7 +97,7 @@ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2089 | |||
2090 | do_cmd "0" delete allow 25/tcp | ||
2091 | do_cmd "0" delete deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp | ||
2092 | -do_cmd "0" delete limit 22/tcp | ||
2093 | +do_cmd "0" delete limit 13/tcp | ||
2094 | do_cmd "0" delete deny 53 | ||
2095 | do_cmd "0" delete allow 80/tcp | ||
2096 | do_cmd "0" delete allow from 10.0.0.0/8 | ||
2097 | @@ -160,19 +160,19 @@ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2098 | do_cmd "0" delete allow tftp/udp | ||
2099 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2100 | |||
2101 | -do_cmd "0" allow ssh | ||
2102 | +do_cmd "0" allow daytime | ||
2103 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2104 | -do_cmd "0" delete allow ssh | ||
2105 | +do_cmd "0" delete allow daytime | ||
2106 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2107 | |||
2108 | -do_cmd "0" allow ssh/tcp | ||
2109 | +do_cmd "0" allow daytime/tcp | ||
2110 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2111 | -do_cmd "0" delete allow ssh/tcp | ||
2112 | +do_cmd "0" delete allow daytime/tcp | ||
2113 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2114 | |||
2115 | -do_cmd "0" allow ssh/udp | ||
2116 | +do_cmd "0" allow daytime/udp | ||
2117 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2118 | -do_cmd "0" delete allow ssh/udp | ||
2119 | +do_cmd "0" delete allow daytime/udp | ||
2120 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2121 | |||
2122 | |||
2123 | @@ -250,13 +250,13 @@ do_cmd "0" allow to any port smtp from any port smtp | ||
2124 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2125 | do_cmd "0" delete allow to any port smtp from any port smtp | ||
2126 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2127 | -do_cmd "0" allow to any port smtp from any port ssh | ||
2128 | +do_cmd "0" allow to any port smtp from any port daytime | ||
2129 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2130 | -do_cmd "0" delete allow to any port smtp from any port ssh | ||
2131 | +do_cmd "0" delete allow to any port smtp from any port daytime | ||
2132 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2133 | -do_cmd "0" allow to any port ssh from any port smtp | ||
2134 | +do_cmd "0" allow to any port daytime from any port smtp | ||
2135 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2136 | -do_cmd "0" delete allow to any port ssh from any port smtp | ||
2137 | +do_cmd "0" delete allow to any port daytime from any port smtp | ||
2138 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2139 | do_cmd "0" allow to any port smtp from any port 23 | ||
2140 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2141 | @@ -270,13 +270,13 @@ do_cmd "0" allow to any port tftp from any port tftp | ||
2142 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2143 | do_cmd "0" delete allow to any port tftp from any port tftp | ||
2144 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2145 | -do_cmd "0" allow to any port tftp from any port ssh | ||
2146 | +do_cmd "0" allow to any port tftp from any port daytime | ||
2147 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2148 | -do_cmd "0" delete allow to any port tftp from any port ssh | ||
2149 | +do_cmd "0" delete allow to any port tftp from any port daytime | ||
2150 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2151 | -do_cmd "0" allow to any port ssh from any port tftp | ||
2152 | +do_cmd "0" allow to any port daytime from any port tftp | ||
2153 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2154 | -do_cmd "0" delete allow to any port ssh from any port tftp | ||
2155 | +do_cmd "0" delete allow to any port daytime from any port tftp | ||
2156 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2157 | do_cmd "0" allow to any port tftp from any port 23 | ||
2158 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2159 | @@ -286,30 +286,30 @@ do_cmd "0" allow to any port 23 from any port tftp | ||
2160 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2161 | do_cmd "0" delete allow to any port 23 from any port tftp | ||
2162 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2163 | -do_cmd "0" allow to any port ssh from any port 23 | ||
2164 | +do_cmd "0" allow to any port daytime from any port 23 | ||
2165 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2166 | -do_cmd "0" delete allow to any port ssh from any port 23 | ||
2167 | +do_cmd "0" delete allow to any port daytime from any port 23 | ||
2168 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2169 | -do_cmd "0" allow to any port 23 from any port ssh | ||
2170 | +do_cmd "0" allow to any port 23 from any port daytime | ||
2171 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2172 | -do_cmd "0" delete allow to any port 23 from any port ssh | ||
2173 | +do_cmd "0" delete allow to any port 23 from any port daytime | ||
2174 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2175 | -do_cmd "0" allow to any port ssh from any port domain | ||
2176 | +do_cmd "0" allow to any port daytime from any port domain | ||
2177 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2178 | -do_cmd "0" delete allow to any port ssh from any port domain | ||
2179 | +do_cmd "0" delete allow to any port daytime from any port domain | ||
2180 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2181 | |||
2182 | do_cmd "0" allow to any port smtp from any port smtp proto tcp | ||
2183 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2184 | do_cmd "0" delete allow to any port smtp from any port smtp proto tcp | ||
2185 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2186 | -do_cmd "0" allow to any port smtp from any port ssh proto tcp | ||
2187 | +do_cmd "0" allow to any port smtp from any port daytime proto tcp | ||
2188 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2189 | -do_cmd "0" delete allow to any port smtp from any port ssh proto tcp | ||
2190 | +do_cmd "0" delete allow to any port smtp from any port daytime proto tcp | ||
2191 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2192 | -do_cmd "0" allow to any port ssh from any port smtp proto tcp | ||
2193 | +do_cmd "0" allow to any port daytime from any port smtp proto tcp | ||
2194 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2195 | -do_cmd "0" delete allow to any port ssh from any port smtp proto tcp | ||
2196 | +do_cmd "0" delete allow to any port daytime from any port smtp proto tcp | ||
2197 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2198 | do_cmd "0" allow to any port smtp from any port 23 proto tcp | ||
2199 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2200 | @@ -323,13 +323,13 @@ do_cmd "0" allow to any port tftp from any port tftp proto udp | ||
2201 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2202 | do_cmd "0" delete allow to any port tftp from any port tftp proto udp | ||
2203 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2204 | -do_cmd "0" allow to any port tftp from any port ssh proto udp | ||
2205 | +do_cmd "0" allow to any port tftp from any port daytime proto udp | ||
2206 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2207 | -do_cmd "0" delete allow to any port tftp from any port ssh proto udp | ||
2208 | +do_cmd "0" delete allow to any port tftp from any port daytime proto udp | ||
2209 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2210 | -do_cmd "0" allow to any port ssh from any port tftp proto udp | ||
2211 | +do_cmd "0" allow to any port daytime from any port tftp proto udp | ||
2212 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2213 | -do_cmd "0" delete allow to any port ssh from any port tftp proto udp | ||
2214 | +do_cmd "0" delete allow to any port daytime from any port tftp proto udp | ||
2215 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2216 | do_cmd "0" allow to any port tftp from any port 23 proto udp | ||
2217 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2218 | @@ -339,29 +339,29 @@ do_cmd "0" allow to any port 23 from any port tftp proto udp | ||
2219 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2220 | do_cmd "0" delete allow to any port 23 from any port tftp proto udp | ||
2221 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2222 | -do_cmd "0" allow to any port ssh from any port 23 proto tcp | ||
2223 | +do_cmd "0" allow to any port daytime from any port 23 proto tcp | ||
2224 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2225 | -do_cmd "0" delete allow to any port ssh from any port 23 proto tcp | ||
2226 | +do_cmd "0" delete allow to any port daytime from any port 23 proto tcp | ||
2227 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2228 | -do_cmd "0" allow to any port 23 from any port ssh proto tcp | ||
2229 | +do_cmd "0" allow to any port 23 from any port daytime proto tcp | ||
2230 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2231 | -do_cmd "0" delete allow to any port 23 from any port ssh proto tcp | ||
2232 | +do_cmd "0" delete allow to any port 23 from any port daytime proto tcp | ||
2233 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2234 | -do_cmd "0" allow to any port ssh from any port domain proto tcp | ||
2235 | +do_cmd "0" allow to any port daytime from any port domain proto tcp | ||
2236 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2237 | -do_cmd "0" delete allow to any port ssh from any port domain proto tcp | ||
2238 | +do_cmd "0" delete allow to any port daytime from any port domain proto tcp | ||
2239 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2240 | -do_cmd "0" allow to any port ssh from any port 23 proto udp | ||
2241 | +do_cmd "0" allow to any port daytime from any port 23 proto udp | ||
2242 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2243 | -do_cmd "0" delete allow to any port ssh from any port 23 proto udp | ||
2244 | +do_cmd "0" delete allow to any port daytime from any port 23 proto udp | ||
2245 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2246 | -do_cmd "0" allow to any port 23 from any port ssh proto udp | ||
2247 | +do_cmd "0" allow to any port 23 from any port daytime proto udp | ||
2248 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2249 | -do_cmd "0" delete allow to any port 23 from any port ssh proto udp | ||
2250 | +do_cmd "0" delete allow to any port 23 from any port daytime proto udp | ||
2251 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2252 | -do_cmd "0" allow to any port ssh from any port domain proto udp | ||
2253 | +do_cmd "0" allow to any port daytime from any port domain proto udp | ||
2254 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2255 | -do_cmd "0" delete allow to any port ssh from any port domain proto udp | ||
2256 | +do_cmd "0" delete allow to any port daytime from any port domain proto udp | ||
2257 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2258 | |||
2259 | echo "TESTING NETMASK" >> $TESTTMP/result | ||
2260 | @@ -413,17 +413,17 @@ do_cmd "0" allow to 192.168.0.1 port 80:83 proto tcp | ||
2261 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2262 | do_cmd "0" delete allow to 192.168.0.1 port 80:83 proto tcp | ||
2263 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2264 | -do_cmd "0" allow to 192.168.0.1 port 80:83,22 proto tcp | ||
2265 | +do_cmd "0" allow to 192.168.0.1 port 80:83,13 proto tcp | ||
2266 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2267 | -do_cmd "0" delete allow to 192.168.0.1 port 80:83,22 proto tcp | ||
2268 | +do_cmd "0" delete allow to 192.168.0.1 port 80:83,13 proto tcp | ||
2269 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2270 | -do_cmd "0" allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp | ||
2271 | +do_cmd "0" allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp | ||
2272 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2273 | -do_cmd "0" delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp | ||
2274 | +do_cmd "0" delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp | ||
2275 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2276 | -do_cmd "0" allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2277 | +do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2278 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2279 | -do_cmd "0" delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2280 | +do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2281 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2282 | do_cmd "0" allow 34,35/tcp | ||
2283 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2284 | @@ -437,9 +437,9 @@ do_cmd "0" deny 35:39/udp | ||
2285 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2286 | do_cmd "0" delete deny 35:39/udp | ||
2287 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2288 | -do_cmd "0" deny 23,21,15:19,22/udp | ||
2289 | +do_cmd "0" deny 23,21,15:19,13/udp | ||
2290 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2291 | -do_cmd "0" delete deny 23,21,15:19,22/udp | ||
2292 | +do_cmd "0" delete deny 23,21,15:19,13/udp | ||
2293 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2294 | |||
2295 | cleanup | ||
2296 | diff --git a/tests/root/valid6/result b/tests/root/valid6/result | ||
2297 | index 74fcd86..f568a2f 100644 | ||
2298 | --- a/tests/root/valid6/result | ||
2299 | +++ b/tests/root/valid6/result | ||
2300 | @@ -1049,31 +1049,31 @@ Rules updated | ||
2301 | Rules updated (v6) | ||
2302 | |||
2303 | |||
2304 | -164: allow to any port smtp from any port ssh | ||
2305 | +164: allow to any port smtp from any port daytime | ||
2306 | WARN: Checks disabled | ||
2307 | Rules updated | ||
2308 | Rules updated (v6) | ||
2309 | |||
2310 | |||
2311 | -### tuple ### allow tcp 25 ::/0 22 ::/0 in | ||
2312 | --A ufw6-user-input -p tcp --dport 25 --sport 22 -j ACCEPT | ||
2313 | +### tuple ### allow tcp 25 ::/0 13 ::/0 in | ||
2314 | +-A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT | ||
2315 | |||
2316 | -165: delete allow to any port smtp from any port ssh | ||
2317 | +165: delete allow to any port smtp from any port daytime | ||
2318 | WARN: Checks disabled | ||
2319 | Rules updated | ||
2320 | Rules updated (v6) | ||
2321 | |||
2322 | |||
2323 | -166: allow to any port ssh from any port smtp | ||
2324 | +166: allow to any port daytime from any port smtp | ||
2325 | WARN: Checks disabled | ||
2326 | Rules updated | ||
2327 | Rules updated (v6) | ||
2328 | |||
2329 | |||
2330 | -### tuple ### allow tcp 22 ::/0 25 ::/0 in | ||
2331 | --A ufw6-user-input -p tcp --dport 22 --sport 25 -j ACCEPT | ||
2332 | +### tuple ### allow tcp 13 ::/0 25 ::/0 in | ||
2333 | +-A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT | ||
2334 | |||
2335 | -167: delete allow to any port ssh from any port smtp | ||
2336 | +167: delete allow to any port daytime from any port smtp | ||
2337 | WARN: Checks disabled | ||
2338 | Rules updated | ||
2339 | Rules updated (v6) | ||
2340 | @@ -1124,31 +1124,31 @@ Rules updated | ||
2341 | Rules updated (v6) | ||
2342 | |||
2343 | |||
2344 | -174: allow to any port tftp from any port ssh | ||
2345 | +174: allow to any port tftp from any port daytime | ||
2346 | WARN: Checks disabled | ||
2347 | Rules updated | ||
2348 | Rules updated (v6) | ||
2349 | |||
2350 | |||
2351 | -### tuple ### allow udp 69 ::/0 22 ::/0 in | ||
2352 | --A ufw6-user-input -p udp --dport 69 --sport 22 -j ACCEPT | ||
2353 | +### tuple ### allow udp 69 ::/0 13 ::/0 in | ||
2354 | +-A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT | ||
2355 | |||
2356 | -175: delete allow to any port tftp from any port ssh | ||
2357 | +175: delete allow to any port tftp from any port daytime | ||
2358 | WARN: Checks disabled | ||
2359 | Rules updated | ||
2360 | Rules updated (v6) | ||
2361 | |||
2362 | |||
2363 | -176: allow to any port ssh from any port tftp | ||
2364 | +176: allow to any port daytime from any port tftp | ||
2365 | WARN: Checks disabled | ||
2366 | Rules updated | ||
2367 | Rules updated (v6) | ||
2368 | |||
2369 | |||
2370 | -### tuple ### allow udp 22 ::/0 69 ::/0 in | ||
2371 | --A ufw6-user-input -p udp --dport 22 --sport 69 -j ACCEPT | ||
2372 | +### tuple ### allow udp 13 ::/0 69 ::/0 in | ||
2373 | +-A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT | ||
2374 | |||
2375 | -177: delete allow to any port ssh from any port tftp | ||
2376 | +177: delete allow to any port daytime from any port tftp | ||
2377 | WARN: Checks disabled | ||
2378 | Rules updated | ||
2379 | Rules updated (v6) | ||
2380 | @@ -1184,46 +1184,46 @@ Rules updated | ||
2381 | Rules updated (v6) | ||
2382 | |||
2383 | |||
2384 | -182: allow to any port ssh from any port 23 | ||
2385 | +182: allow to any port daytime from any port 23 | ||
2386 | WARN: Checks disabled | ||
2387 | Rules updated | ||
2388 | Rules updated (v6) | ||
2389 | |||
2390 | |||
2391 | -### tuple ### allow any 22 ::/0 23 ::/0 in | ||
2392 | --A ufw6-user-input -p tcp --dport 22 --sport 23 -j ACCEPT | ||
2393 | --A ufw6-user-input -p udp --dport 22 --sport 23 -j ACCEPT | ||
2394 | -183: delete allow to any port ssh from any port 23 | ||
2395 | +### tuple ### allow any 13 ::/0 23 ::/0 in | ||
2396 | +-A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT | ||
2397 | +-A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT | ||
2398 | +183: delete allow to any port daytime from any port 23 | ||
2399 | WARN: Checks disabled | ||
2400 | Rules updated | ||
2401 | Rules updated (v6) | ||
2402 | |||
2403 | |||
2404 | -184: allow to any port 23 from any port ssh | ||
2405 | +184: allow to any port 23 from any port daytime | ||
2406 | WARN: Checks disabled | ||
2407 | Rules updated | ||
2408 | Rules updated (v6) | ||
2409 | |||
2410 | |||
2411 | -### tuple ### allow any 23 ::/0 22 ::/0 in | ||
2412 | --A ufw6-user-input -p tcp --dport 23 --sport 22 -j ACCEPT | ||
2413 | --A ufw6-user-input -p udp --dport 23 --sport 22 -j ACCEPT | ||
2414 | -185: delete allow to any port 23 from any port ssh | ||
2415 | +### tuple ### allow any 23 ::/0 13 ::/0 in | ||
2416 | +-A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT | ||
2417 | +-A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT | ||
2418 | +185: delete allow to any port 23 from any port daytime | ||
2419 | WARN: Checks disabled | ||
2420 | Rules updated | ||
2421 | Rules updated (v6) | ||
2422 | |||
2423 | |||
2424 | -186: allow to any port ssh from any port domain | ||
2425 | +186: allow to any port daytime from any port domain | ||
2426 | WARN: Checks disabled | ||
2427 | Rules updated | ||
2428 | Rules updated (v6) | ||
2429 | |||
2430 | |||
2431 | -### tuple ### allow any 22 ::/0 53 ::/0 in | ||
2432 | --A ufw6-user-input -p tcp --dport 22 --sport 53 -j ACCEPT | ||
2433 | --A ufw6-user-input -p udp --dport 22 --sport 53 -j ACCEPT | ||
2434 | -187: delete allow to any port ssh from any port domain | ||
2435 | +### tuple ### allow any 13 ::/0 53 ::/0 in | ||
2436 | +-A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT | ||
2437 | +-A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT | ||
2438 | +187: delete allow to any port daytime from any port domain | ||
2439 | WARN: Checks disabled | ||
2440 | Rules updated | ||
2441 | Rules updated (v6) | ||
2442 | @@ -1244,31 +1244,31 @@ Rules updated | ||
2443 | Rules updated (v6) | ||
2444 | |||
2445 | |||
2446 | -190: allow to any port smtp from any port ssh proto tcp | ||
2447 | +190: allow to any port smtp from any port daytime proto tcp | ||
2448 | WARN: Checks disabled | ||
2449 | Rules updated | ||
2450 | Rules updated (v6) | ||
2451 | |||
2452 | |||
2453 | -### tuple ### allow tcp 25 ::/0 22 ::/0 in | ||
2454 | --A ufw6-user-input -p tcp --dport 25 --sport 22 -j ACCEPT | ||
2455 | +### tuple ### allow tcp 25 ::/0 13 ::/0 in | ||
2456 | +-A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT | ||
2457 | |||
2458 | -191: delete allow to any port smtp from any port ssh proto tcp | ||
2459 | +191: delete allow to any port smtp from any port daytime proto tcp | ||
2460 | WARN: Checks disabled | ||
2461 | Rules updated | ||
2462 | Rules updated (v6) | ||
2463 | |||
2464 | |||
2465 | -192: allow to any port ssh from any port smtp proto tcp | ||
2466 | +192: allow to any port daytime from any port smtp proto tcp | ||
2467 | WARN: Checks disabled | ||
2468 | Rules updated | ||
2469 | Rules updated (v6) | ||
2470 | |||
2471 | |||
2472 | -### tuple ### allow tcp 22 ::/0 25 ::/0 in | ||
2473 | --A ufw6-user-input -p tcp --dport 22 --sport 25 -j ACCEPT | ||
2474 | +### tuple ### allow tcp 13 ::/0 25 ::/0 in | ||
2475 | +-A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT | ||
2476 | |||
2477 | -193: delete allow to any port ssh from any port smtp proto tcp | ||
2478 | +193: delete allow to any port daytime from any port smtp proto tcp | ||
2479 | WARN: Checks disabled | ||
2480 | Rules updated | ||
2481 | Rules updated (v6) | ||
2482 | @@ -1319,31 +1319,31 @@ Rules updated | ||
2483 | Rules updated (v6) | ||
2484 | |||
2485 | |||
2486 | -200: allow to any port tftp from any port ssh proto udp | ||
2487 | +200: allow to any port tftp from any port daytime proto udp | ||
2488 | WARN: Checks disabled | ||
2489 | Rules updated | ||
2490 | Rules updated (v6) | ||
2491 | |||
2492 | |||
2493 | -### tuple ### allow udp 69 ::/0 22 ::/0 in | ||
2494 | --A ufw6-user-input -p udp --dport 69 --sport 22 -j ACCEPT | ||
2495 | +### tuple ### allow udp 69 ::/0 13 ::/0 in | ||
2496 | +-A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT | ||
2497 | |||
2498 | -201: delete allow to any port tftp from any port ssh proto udp | ||
2499 | +201: delete allow to any port tftp from any port daytime proto udp | ||
2500 | WARN: Checks disabled | ||
2501 | Rules updated | ||
2502 | Rules updated (v6) | ||
2503 | |||
2504 | |||
2505 | -202: allow to any port ssh from any port tftp proto udp | ||
2506 | +202: allow to any port daytime from any port tftp proto udp | ||
2507 | WARN: Checks disabled | ||
2508 | Rules updated | ||
2509 | Rules updated (v6) | ||
2510 | |||
2511 | |||
2512 | -### tuple ### allow udp 22 ::/0 69 ::/0 in | ||
2513 | --A ufw6-user-input -p udp --dport 22 --sport 69 -j ACCEPT | ||
2514 | +### tuple ### allow udp 13 ::/0 69 ::/0 in | ||
2515 | +-A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT | ||
2516 | |||
2517 | -203: delete allow to any port ssh from any port tftp proto udp | ||
2518 | +203: delete allow to any port daytime from any port tftp proto udp | ||
2519 | WARN: Checks disabled | ||
2520 | Rules updated | ||
2521 | Rules updated (v6) | ||
2522 | @@ -1379,91 +1379,91 @@ Rules updated | ||
2523 | Rules updated (v6) | ||
2524 | |||
2525 | |||
2526 | -208: allow to any port ssh from any port 23 proto tcp | ||
2527 | +208: allow to any port daytime from any port 23 proto tcp | ||
2528 | WARN: Checks disabled | ||
2529 | Rules updated | ||
2530 | Rules updated (v6) | ||
2531 | |||
2532 | |||
2533 | -### tuple ### allow tcp 22 ::/0 23 ::/0 in | ||
2534 | --A ufw6-user-input -p tcp --dport 22 --sport 23 -j ACCEPT | ||
2535 | +### tuple ### allow tcp 13 ::/0 23 ::/0 in | ||
2536 | +-A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT | ||
2537 | |||
2538 | -209: delete allow to any port ssh from any port 23 proto tcp | ||
2539 | +209: delete allow to any port daytime from any port 23 proto tcp | ||
2540 | WARN: Checks disabled | ||
2541 | Rules updated | ||
2542 | Rules updated (v6) | ||
2543 | |||
2544 | |||
2545 | -210: allow to any port 23 from any port ssh proto tcp | ||
2546 | +210: allow to any port 23 from any port daytime proto tcp | ||
2547 | WARN: Checks disabled | ||
2548 | Rules updated | ||
2549 | Rules updated (v6) | ||
2550 | |||
2551 | |||
2552 | -### tuple ### allow tcp 23 ::/0 22 ::/0 in | ||
2553 | --A ufw6-user-input -p tcp --dport 23 --sport 22 -j ACCEPT | ||
2554 | +### tuple ### allow tcp 23 ::/0 13 ::/0 in | ||
2555 | +-A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT | ||
2556 | |||
2557 | -211: delete allow to any port 23 from any port ssh proto tcp | ||
2558 | +211: delete allow to any port 23 from any port daytime proto tcp | ||
2559 | WARN: Checks disabled | ||
2560 | Rules updated | ||
2561 | Rules updated (v6) | ||
2562 | |||
2563 | |||
2564 | -212: allow to any port ssh from any port domain proto tcp | ||
2565 | +212: allow to any port daytime from any port domain proto tcp | ||
2566 | WARN: Checks disabled | ||
2567 | Rules updated | ||
2568 | Rules updated (v6) | ||
2569 | |||
2570 | |||
2571 | -### tuple ### allow tcp 22 ::/0 53 ::/0 in | ||
2572 | --A ufw6-user-input -p tcp --dport 22 --sport 53 -j ACCEPT | ||
2573 | +### tuple ### allow tcp 13 ::/0 53 ::/0 in | ||
2574 | +-A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT | ||
2575 | |||
2576 | -213: delete allow to any port ssh from any port domain proto tcp | ||
2577 | +213: delete allow to any port daytime from any port domain proto tcp | ||
2578 | WARN: Checks disabled | ||
2579 | Rules updated | ||
2580 | Rules updated (v6) | ||
2581 | |||
2582 | |||
2583 | -214: allow to any port ssh from any port 23 proto udp | ||
2584 | +214: allow to any port daytime from any port 23 proto udp | ||
2585 | WARN: Checks disabled | ||
2586 | Rules updated | ||
2587 | Rules updated (v6) | ||
2588 | |||
2589 | |||
2590 | -### tuple ### allow udp 22 ::/0 23 ::/0 in | ||
2591 | --A ufw6-user-input -p udp --dport 22 --sport 23 -j ACCEPT | ||
2592 | +### tuple ### allow udp 13 ::/0 23 ::/0 in | ||
2593 | +-A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT | ||
2594 | |||
2595 | -215: delete allow to any port ssh from any port 23 proto udp | ||
2596 | +215: delete allow to any port daytime from any port 23 proto udp | ||
2597 | WARN: Checks disabled | ||
2598 | Rules updated | ||
2599 | Rules updated (v6) | ||
2600 | |||
2601 | |||
2602 | -216: allow to any port 23 from any port ssh proto udp | ||
2603 | +216: allow to any port 23 from any port daytime proto udp | ||
2604 | WARN: Checks disabled | ||
2605 | Rules updated | ||
2606 | Rules updated (v6) | ||
2607 | |||
2608 | |||
2609 | -### tuple ### allow udp 23 ::/0 22 ::/0 in | ||
2610 | --A ufw6-user-input -p udp --dport 23 --sport 22 -j ACCEPT | ||
2611 | +### tuple ### allow udp 23 ::/0 13 ::/0 in | ||
2612 | +-A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT | ||
2613 | |||
2614 | -217: delete allow to any port 23 from any port ssh proto udp | ||
2615 | +217: delete allow to any port 23 from any port daytime proto udp | ||
2616 | WARN: Checks disabled | ||
2617 | Rules updated | ||
2618 | Rules updated (v6) | ||
2619 | |||
2620 | |||
2621 | -218: allow to any port ssh from any port domain proto udp | ||
2622 | +218: allow to any port daytime from any port domain proto udp | ||
2623 | WARN: Checks disabled | ||
2624 | Rules updated | ||
2625 | Rules updated (v6) | ||
2626 | |||
2627 | |||
2628 | -### tuple ### allow udp 22 ::/0 53 ::/0 in | ||
2629 | --A ufw6-user-input -p udp --dport 22 --sport 53 -j ACCEPT | ||
2630 | +### tuple ### allow udp 13 ::/0 53 ::/0 in | ||
2631 | +-A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT | ||
2632 | |||
2633 | -219: delete allow to any port ssh from any port domain proto udp | ||
2634 | +219: delete allow to any port daytime from any port domain proto udp | ||
2635 | WARN: Checks disabled | ||
2636 | Rules updated | ||
2637 | Rules updated (v6) | ||
2638 | @@ -1575,63 +1575,63 @@ WARN: Checks disabled | ||
2639 | Rules updated (v6) | ||
2640 | |||
2641 | |||
2642 | -236: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp | ||
2643 | +236: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp | ||
2644 | WARN: Checks disabled | ||
2645 | Rules updated (v6) | ||
2646 | |||
2647 | |||
2648 | -### tuple ### allow tcp 22,80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in | ||
2649 | --A ufw6-user-input -p tcp -m multiport --dports 22,80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT | ||
2650 | +### tuple ### allow tcp 13,80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in | ||
2651 | +-A ufw6-user-input -p tcp -m multiport --dports 13,80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT | ||
2652 | |||
2653 | -237: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp | ||
2654 | +237: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp | ||
2655 | WARN: Checks disabled | ||
2656 | Rules updated (v6) | ||
2657 | |||
2658 | |||
2659 | -238: allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp | ||
2660 | +238: allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp | ||
2661 | WARN: Checks disabled | ||
2662 | Rules updated (v6) | ||
2663 | |||
2664 | |||
2665 | -### tuple ### allow tcp 22 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in | ||
2666 | --A ufw6-user-input -p tcp -m multiport --dports 22 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT | ||
2667 | +### tuple ### allow tcp 13 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in | ||
2668 | +-A ufw6-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT | ||
2669 | |||
2670 | -239: delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp | ||
2671 | +239: delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp | ||
2672 | WARN: Checks disabled | ||
2673 | Rules updated (v6) | ||
2674 | |||
2675 | |||
2676 | -240: allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2677 | +240: allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2678 | WARN: Checks disabled | ||
2679 | Rules updated | ||
2680 | Rules updated (v6) | ||
2681 | |||
2682 | |||
2683 | -### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 24:26 0.0.0.0/0 in | ||
2684 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT | ||
2685 | +### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in | ||
2686 | +-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT | ||
2687 | |||
2688 | -### tuple ### allow udp 15:19,21,22,23 ::/0 24:26 ::/0 in | ||
2689 | --A ufw6-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT | ||
2690 | +### tuple ### allow udp 13,15:19,21,23 ::/0 24:26 ::/0 in | ||
2691 | +-A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT | ||
2692 | |||
2693 | -241: delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2694 | +241: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2695 | WARN: Checks disabled | ||
2696 | Rules updated | ||
2697 | Rules updated (v6) | ||
2698 | |||
2699 | |||
2700 | -242: allow 23,21,15:19,22/udp | ||
2701 | +242: allow 23,21,15:19,13/udp | ||
2702 | WARN: Checks disabled | ||
2703 | Rules updated | ||
2704 | Rules updated (v6) | ||
2705 | |||
2706 | |||
2707 | -### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
2708 | --A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ACCEPT | ||
2709 | +### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in | ||
2710 | +-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT | ||
2711 | |||
2712 | -### tuple ### allow udp 15:19,21,22,23 ::/0 any ::/0 in | ||
2713 | --A ufw6-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ACCEPT | ||
2714 | +### tuple ### allow udp 13,15:19,21,23 ::/0 any ::/0 in | ||
2715 | +-A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT | ||
2716 | |||
2717 | -243: delete allow 23,21,15:19,22/udp | ||
2718 | +243: delete allow 23,21,15:19,13/udp | ||
2719 | WARN: Checks disabled | ||
2720 | Rules updated | ||
2721 | Rules updated (v6) | ||
2722 | diff --git a/tests/root/valid6/runtest.sh b/tests/root/valid6/runtest.sh | ||
2723 | index 1695dd1..d08e6f3 100755 | ||
2724 | --- a/tests/root/valid6/runtest.sh | ||
2725 | +++ b/tests/root/valid6/runtest.sh | ||
2726 | @@ -154,13 +154,13 @@ do_cmd "0" allow to any port smtp from any port smtp | ||
2727 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2728 | do_cmd "0" delete allow to any port smtp from any port smtp | ||
2729 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2730 | -do_cmd "0" allow to any port smtp from any port ssh | ||
2731 | +do_cmd "0" allow to any port smtp from any port daytime | ||
2732 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2733 | -do_cmd "0" delete allow to any port smtp from any port ssh | ||
2734 | +do_cmd "0" delete allow to any port smtp from any port daytime | ||
2735 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2736 | -do_cmd "0" allow to any port ssh from any port smtp | ||
2737 | +do_cmd "0" allow to any port daytime from any port smtp | ||
2738 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2739 | -do_cmd "0" delete allow to any port ssh from any port smtp | ||
2740 | +do_cmd "0" delete allow to any port daytime from any port smtp | ||
2741 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2742 | do_cmd "0" allow to any port smtp from any port 23 | ||
2743 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2744 | @@ -174,13 +174,13 @@ do_cmd "0" allow to any port tftp from any port tftp | ||
2745 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2746 | do_cmd "0" delete allow to any port tftp from any port tftp | ||
2747 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2748 | -do_cmd "0" allow to any port tftp from any port ssh | ||
2749 | +do_cmd "0" allow to any port tftp from any port daytime | ||
2750 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2751 | -do_cmd "0" delete allow to any port tftp from any port ssh | ||
2752 | +do_cmd "0" delete allow to any port tftp from any port daytime | ||
2753 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2754 | -do_cmd "0" allow to any port ssh from any port tftp | ||
2755 | +do_cmd "0" allow to any port daytime from any port tftp | ||
2756 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2757 | -do_cmd "0" delete allow to any port ssh from any port tftp | ||
2758 | +do_cmd "0" delete allow to any port daytime from any port tftp | ||
2759 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2760 | do_cmd "0" allow to any port tftp from any port 23 | ||
2761 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2762 | @@ -190,30 +190,30 @@ do_cmd "0" allow to any port 23 from any port tftp | ||
2763 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2764 | do_cmd "0" delete allow to any port 23 from any port tftp | ||
2765 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2766 | -do_cmd "0" allow to any port ssh from any port 23 | ||
2767 | +do_cmd "0" allow to any port daytime from any port 23 | ||
2768 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2769 | -do_cmd "0" delete allow to any port ssh from any port 23 | ||
2770 | +do_cmd "0" delete allow to any port daytime from any port 23 | ||
2771 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2772 | -do_cmd "0" allow to any port 23 from any port ssh | ||
2773 | +do_cmd "0" allow to any port 23 from any port daytime | ||
2774 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2775 | -do_cmd "0" delete allow to any port 23 from any port ssh | ||
2776 | +do_cmd "0" delete allow to any port 23 from any port daytime | ||
2777 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2778 | -do_cmd "0" allow to any port ssh from any port domain | ||
2779 | +do_cmd "0" allow to any port daytime from any port domain | ||
2780 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2781 | -do_cmd "0" delete allow to any port ssh from any port domain | ||
2782 | +do_cmd "0" delete allow to any port daytime from any port domain | ||
2783 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2784 | |||
2785 | do_cmd "0" allow to any port smtp from any port smtp proto tcp | ||
2786 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2787 | do_cmd "0" delete allow to any port smtp from any port smtp proto tcp | ||
2788 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2789 | -do_cmd "0" allow to any port smtp from any port ssh proto tcp | ||
2790 | +do_cmd "0" allow to any port smtp from any port daytime proto tcp | ||
2791 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2792 | -do_cmd "0" delete allow to any port smtp from any port ssh proto tcp | ||
2793 | +do_cmd "0" delete allow to any port smtp from any port daytime proto tcp | ||
2794 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2795 | -do_cmd "0" allow to any port ssh from any port smtp proto tcp | ||
2796 | +do_cmd "0" allow to any port daytime from any port smtp proto tcp | ||
2797 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2798 | -do_cmd "0" delete allow to any port ssh from any port smtp proto tcp | ||
2799 | +do_cmd "0" delete allow to any port daytime from any port smtp proto tcp | ||
2800 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2801 | do_cmd "0" allow to any port smtp from any port 23 proto tcp | ||
2802 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2803 | @@ -227,13 +227,13 @@ do_cmd "0" allow to any port tftp from any port tftp proto udp | ||
2804 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2805 | do_cmd "0" delete allow to any port tftp from any port tftp proto udp | ||
2806 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2807 | -do_cmd "0" allow to any port tftp from any port ssh proto udp | ||
2808 | +do_cmd "0" allow to any port tftp from any port daytime proto udp | ||
2809 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2810 | -do_cmd "0" delete allow to any port tftp from any port ssh proto udp | ||
2811 | +do_cmd "0" delete allow to any port tftp from any port daytime proto udp | ||
2812 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2813 | -do_cmd "0" allow to any port ssh from any port tftp proto udp | ||
2814 | +do_cmd "0" allow to any port daytime from any port tftp proto udp | ||
2815 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2816 | -do_cmd "0" delete allow to any port ssh from any port tftp proto udp | ||
2817 | +do_cmd "0" delete allow to any port daytime from any port tftp proto udp | ||
2818 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2819 | do_cmd "0" allow to any port tftp from any port 23 proto udp | ||
2820 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2821 | @@ -243,29 +243,29 @@ do_cmd "0" allow to any port 23 from any port tftp proto udp | ||
2822 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2823 | do_cmd "0" delete allow to any port 23 from any port tftp proto udp | ||
2824 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2825 | -do_cmd "0" allow to any port ssh from any port 23 proto tcp | ||
2826 | +do_cmd "0" allow to any port daytime from any port 23 proto tcp | ||
2827 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2828 | -do_cmd "0" delete allow to any port ssh from any port 23 proto tcp | ||
2829 | +do_cmd "0" delete allow to any port daytime from any port 23 proto tcp | ||
2830 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2831 | -do_cmd "0" allow to any port 23 from any port ssh proto tcp | ||
2832 | +do_cmd "0" allow to any port 23 from any port daytime proto tcp | ||
2833 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2834 | -do_cmd "0" delete allow to any port 23 from any port ssh proto tcp | ||
2835 | +do_cmd "0" delete allow to any port 23 from any port daytime proto tcp | ||
2836 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2837 | -do_cmd "0" allow to any port ssh from any port domain proto tcp | ||
2838 | +do_cmd "0" allow to any port daytime from any port domain proto tcp | ||
2839 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2840 | -do_cmd "0" delete allow to any port ssh from any port domain proto tcp | ||
2841 | +do_cmd "0" delete allow to any port daytime from any port domain proto tcp | ||
2842 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2843 | -do_cmd "0" allow to any port ssh from any port 23 proto udp | ||
2844 | +do_cmd "0" allow to any port daytime from any port 23 proto udp | ||
2845 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2846 | -do_cmd "0" delete allow to any port ssh from any port 23 proto udp | ||
2847 | +do_cmd "0" delete allow to any port daytime from any port 23 proto udp | ||
2848 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2849 | -do_cmd "0" allow to any port 23 from any port ssh proto udp | ||
2850 | +do_cmd "0" allow to any port 23 from any port daytime proto udp | ||
2851 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2852 | -do_cmd "0" delete allow to any port 23 from any port ssh proto udp | ||
2853 | +do_cmd "0" delete allow to any port 23 from any port daytime proto udp | ||
2854 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2855 | -do_cmd "0" allow to any port ssh from any port domain proto udp | ||
2856 | +do_cmd "0" allow to any port daytime from any port domain proto udp | ||
2857 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2858 | -do_cmd "0" delete allow to any port ssh from any port domain proto udp | ||
2859 | +do_cmd "0" delete allow to any port daytime from any port domain proto udp | ||
2860 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2861 | |||
2862 | echo "TESTING NETMASK" >> $TESTTMP/result | ||
2863 | @@ -303,24 +303,24 @@ do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp | ||
2864 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2865 | do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp | ||
2866 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2867 | -do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp | ||
2868 | +do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp | ||
2869 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2870 | -do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp | ||
2871 | +do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp | ||
2872 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2873 | -do_cmd "0" allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp | ||
2874 | +do_cmd "0" allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp | ||
2875 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2876 | -do_cmd "0" delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp | ||
2877 | +do_cmd "0" delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp | ||
2878 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2879 | -do_cmd "0" allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2880 | +do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2881 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2882 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2883 | -do_cmd "0" delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp | ||
2884 | +do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp | ||
2885 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2886 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2887 | -do_cmd "0" allow 23,21,15:19,22/udp | ||
2888 | +do_cmd "0" allow 23,21,15:19,13/udp | ||
2889 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2890 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2891 | -do_cmd "0" delete allow 23,21,15:19,22/udp | ||
2892 | +do_cmd "0" delete allow 23,21,15:19,13/udp | ||
2893 | grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result | ||
2894 | grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result | ||
2895 | |||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch b/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch new file mode 100644 index 000000000..f9c387a45 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | empty our IPT_MODULES and update documentation | ||
2 | |||
3 | empty out IPT_MODULES and update documentation regarding modern use of | ||
4 | connection tracking modules. | ||
5 | |||
6 | Patch from git://git.launchpad.net/ufw | ||
7 | Commit aefb842b73726c245157096fb8992c3e82833147 | ||
8 | |||
9 | Written by Jamie Strandboge <jamie@ubuntu.com> | ||
10 | |||
11 | Merged patch so they applied to 0.33 with missing code. Unit tests are not | ||
12 | in this version. | ||
13 | |||
14 | Upstream-Status: Backport | ||
15 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
16 | |||
17 | |||
18 | diff --git a/conf/ufw.defaults b/conf/ufw.defaults | ||
19 | index 330ad88..b3eba8f 100644 | ||
20 | --- a/conf/ufw.defaults | ||
21 | +++ b/conf/ufw.defaults | ||
22 | @@ -34,12 +34,13 @@ MANAGE_BUILTINS=no | ||
23 | # only enable if using iptables backend | ||
24 | IPT_SYSCTL=#CONFIG_PREFIX#/ufw/sysctl.conf | ||
25 | |||
26 | -# Extra connection tracking modules to load. Complete list can be found in | ||
27 | -# net/netfilter/Kconfig of your kernel source. Some common modules: | ||
28 | +# Extra connection tracking modules to load. IPT_MODULES should typically be | ||
29 | +# empty for new installations and modules added only as needed. See | ||
30 | +# 'CONNECTION HELPERS' from 'man ufw-framework' for details. Complete list can | ||
31 | +# be found in net/netfilter/Kconfig of your kernel source. Some common modules: | ||
32 | # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support | ||
33 | # nf_conntrack_netbios_ns: NetBIOS (samba) client support | ||
34 | # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT | ||
35 | # nf_conntrack_ftp, nf_nat_ftp: active FTP support | ||
36 | # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) | ||
37 | -IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns" | ||
38 | - | ||
39 | +IPT_MODULES="" | ||
40 | |||
41 | diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8 | ||
42 | index eef28e1..97dc8c5 100644 | ||
43 | --- a/doc/ufw-framework.8 | ||
44 | +++ b/doc/ufw-framework.8 | ||
45 | @@ -115,5 +115,10 @@ IPT_MODULES in #CONFIG_PREFIX#/default/ufw. Some popular modules to load are: | ||
46 | nf_conntrack_tftp | ||
47 | nf_nat_tftp | ||
48 | +.PP | ||
49 | +Unconditional loading of connection tracking modules (nf_conntrack_*) in this | ||
50 | +manner is deprecated. \fBufw\fR continues to support the functionality but new | ||
51 | +configuration should only contain the specific modules required for the site. | ||
52 | +For more information, see CONNECTION HELPERS. | ||
53 | |||
54 | .SH "KERNEL PARAMETERS" | ||
55 | .PP | ||
56 | @@ 240,5 +245,50 @@ Add the necessary \fBufw\fR rules: | ||
57 | # ufw allow in on eth1 from 10.0.0.100 to any port 22 proto tcp | ||
58 | |||
59 | +.SH "CONNECTION HELPERS" | ||
60 | +.PP | ||
61 | +Various protocols require the use of netfilter connection tracking helpers to | ||
62 | +group related packets into RELATED flows to make rulesets clearer and more | ||
63 | +precise. For example, with a couple of kernel modules and a couple of rules, a | ||
64 | +ruleset could simply allow a connection to FTP port 21, then the kernel would | ||
65 | +examine the traffic and mark the other FTP data packets as RELATED to the | ||
66 | +initial connection. | ||
67 | +.PP | ||
68 | +When the helpers were first introduced, one could only configure the modules as | ||
69 | +part of module load (eg, if your FTP server listened on a different port than | ||
70 | +21, you'd have to load the nf_conntrack_ftp module specifying the correct | ||
71 | +port). Over time it was understood that unconditionally using connection | ||
72 | +helpers could lead to abuse, in part because some protocols allow user | ||
73 | +specified data that would allow traversing the firewall in undesired ways. As | ||
74 | +of kernel 4.7, automatic conntrack helper assignment (ie, handling packets for | ||
75 | +a given port and all IP addresses) is disabled (the old behavior can be | ||
76 | +restored by setting net/netfilter/nf_conntrack_helper=1 in | ||
77 | +#CONFIG_PREFIX#/ufw/sysctl.conf). Firewalls should now instead use the CT | ||
78 | +target to associate traffic with a particular helper and then set RELATED rules | ||
79 | +to use the helper. This allows sites to tailor the use of helpers and help | ||
80 | +avoid abuse. | ||
81 | +.PP | ||
82 | +In general, to use helpers securely, the following needs to happen: | ||
83 | +.IP 1. | ||
84 | +net/netfilter/nf_conntrack_helper should be set to 0 (default) | ||
85 | +.IP 2. | ||
86 | +create a rule for the start of a connection (eg for FTP, port 21) | ||
87 | +.IP 3. | ||
88 | +create a helper rule to associate the helper with this connection | ||
89 | +.IP 4. | ||
90 | +create a helper rule to associate a RELATED flow with this connection | ||
91 | +.IP 5. | ||
92 | +if needed, add the corresponding nf_conntrack_* module to IPT_MODULES | ||
93 | +.IP 6. | ||
94 | +optionally add the corresponding nf_nat_* module to IPT_MODULES | ||
95 | +.PP | ||
96 | +In general it is desirable to make connection helper rules as specific as | ||
97 | +possible and ensure anti\-spoofing is correctly setup for your site to avoid | ||
98 | +security issues in your ruleset. For more information, see ANTI\-SPOOFING, | ||
99 | +above, and <https://home.regit.org/netfilter-en/secure-use-of-helpers/>. | ||
100 | +.PP | ||
101 | +Currently helper rules must be managed in via the RULES FILES. A future version | ||
102 | +of \fBufw\fR will introduce syntax for working with helper rules. | ||
103 | + | ||
104 | .SH SEE ALSO | ||
105 | .PP | ||
106 | \fBufw\fR(8), \fBiptables\fR(8), \fBip6tables\fR(8), \fBiptables\-restore\fR(8), \fBip6tables\-restore\fR(8), \fBsysctl\fR(8), \fBsysctl.conf\fR(5) | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch b/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch new file mode 100644 index 000000000..ea48c83b8 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | tests/check-requirements: simplify and support python 3.8 | ||
2 | |||
3 | Written by: Jamie Strandboge <jamie@ubuntu.com> | ||
4 | |||
5 | The patch was imported from git://git.launchpad.net/ufw | ||
6 | commit id e30f8bc2aeb317d152e74a270a8e1336de06cee6 | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | |||
10 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
11 | |||
12 | diff --git a/tests/check-requirements b/tests/check-requirements | ||
13 | index e873703..82fab08 100755 | ||
14 | --- a/tests/check-requirements | ||
15 | +++ b/tests/check-requirements | ||
16 | @@ -45,7 +45,7 @@ runcmd() { | ||
17 | # check python | ||
18 | found_python="no" | ||
19 | echo -n "Has python: " | ||
20 | -for exe in python2.7 python2.6 python2.5 python3.2 python; do | ||
21 | +for exe in python3 python2 python; do | ||
22 | if ! which $exe >/dev/null 2>&1; then | ||
23 | continue | ||
24 | fi | ||
25 | @@ -54,7 +54,7 @@ for exe in python2.7 python2.6 python2.5 python3.2 python; do | ||
26 | echo "pass (binary: $exe, version: $v, py2)" | ||
27 | found_python="yes" | ||
28 | break | ||
29 | - elif echo "$v" | grep -q "^3.[2]"; then | ||
30 | + elif echo "$v" | grep -q "^3.[2-8]"; then | ||
31 | echo "pass (binary: $exe, version: $v, py3)" | ||
32 | found_python="yes" | ||
33 | break | ||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch b/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch new file mode 100644 index 000000000..85d51ca21 --- /dev/null +++ b/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch | |||
@@ -0,0 +1,33 @@ | |||
1 | Add code to detect openembedded python interpreter | ||
2 | |||
3 | OE does not use /usr/bin/env as part of the interpreter, so it does not | ||
4 | update ufw with the interpreter name. | ||
5 | |||
6 | Upstream-Status: Inappropriate (Embedded) | ||
7 | Signed-off-by: Jate Sujjavanich <jatedev@gmail.com> | ||
8 | --- | ||
9 | setup.py | 8 ++++++++ | ||
10 | 1 file changed, 8 insertions(+) | ||
11 | |||
12 | diff --git a/setup.py b/setup.py | ||
13 | index 75c1105..3f9a5e0 100644 | ||
14 | --- a/setup.py | ||
15 | +++ b/setup.py | ||
16 | @@ -128,6 +128,14 @@ class Install(_install, object): | ||
17 | "-i.jjm", | ||
18 | "1s%^#.*python.*%#! " + sys.executable + "%g", | ||
19 | 'staging/ufw']) | ||
20 | + elif '-native/python' in sys.executable and \ | ||
21 | + os.path.basename(sys.executable) in ['python', 'python3']: | ||
22 | + print("Detected oe native python " + os.path.basename(sys.executable)) | ||
23 | + subprocess.call(["sed", | ||
24 | + "-i.jjm", | ||
25 | + "1s%python$%" | ||
26 | + + os.path.basename(sys.executable) + "%g", | ||
27 | + 'staging/ufw']) | ||
28 | |||
29 | self.copy_file('staging/ufw', script) | ||
30 | self.copy_file('doc/ufw.8', manpage) | ||
31 | -- | ||
32 | 2.7.4 | ||
33 | |||
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch index ff704b5a4..f487a6fd6 100644 --- a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch +++ b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch | |||
@@ -14,6 +14,10 @@ detected or specified on the build line. | |||
14 | Upstream-Status: Inappropriate [ embedded specific ] | 14 | Upstream-Status: Inappropriate [ embedded specific ] |
15 | 15 | ||
16 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> | 16 | Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> |
17 | |||
18 | Added conditional to handle sys.executable without env on python3 | ||
19 | |||
20 | Signed-off-by Jate Sujjavanich <jatedev@gmail.com> | ||
17 | --- | 21 | --- |
18 | setup.py | 34 ++++++++++++++++++++++++++++------ | 22 | setup.py | 34 ++++++++++++++++++++++++++++------ |
19 | 1 file changed, 28 insertions(+), 6 deletions(-) | 23 | 1 file changed, 28 insertions(+), 6 deletions(-) |
@@ -43,7 +47,7 @@ index b13d11c..73acdef 100644 | |||
43 | # Now byte-compile everything | 47 | # Now byte-compile everything |
44 | super(Install, self).run() | 48 | super(Install, self).run() |
45 | 49 | ||
46 | @@ -107,12 +112,23 @@ class Install(_install, object): | 50 | @@ -107,12 +112,29 @@ class Install(_install, object): |
47 | for f in [ script, manpage, manpage_f ]: | 51 | for f in [ script, manpage, manpage_f ]: |
48 | self.mkpath(os.path.dirname(f)) | 52 | self.mkpath(os.path.dirname(f)) |
49 | 53 | ||
@@ -62,7 +66,13 @@ index b13d11c..73acdef 100644 | |||
62 | - 'staging/ufw']) | 66 | - 'staging/ufw']) |
63 | + print("Updating staging/ufw to use (%s)" % (sys.executable)) | 67 | + print("Updating staging/ufw to use (%s)" % (sys.executable)) |
64 | + | 68 | + |
65 | + if re.search("(/usr/bin/env)", sys.executable): | 69 | + if not re.search("(/usr/bin/env)", sys.executable): |
70 | + print("Did not find 'env' in sys.executable (%s)" % (sys.executable)) | ||
71 | + subprocess.call(["sed", | ||
72 | + "-i", | ||
73 | + "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", | ||
74 | + 'staging/ufw']) | ||
75 | + elif re.search("(/usr/bin/env)", sys.executable): | ||
66 | + print("found 'env' in sys.executable (%s)" % (sys.executable)) | 76 | + print("found 'env' in sys.executable (%s)" % (sys.executable)) |
67 | + subprocess.call(["sed", | 77 | + subprocess.call(["sed", |
68 | + "-i.jjm", | 78 | + "-i.jjm", |
diff --git a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb index 42fc26258..856270cd5 100644 --- a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb +++ b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb | |||
@@ -16,6 +16,13 @@ SRC_URI = " \ | |||
16 | file://0003-fix-typeerror-on-error.patch \ | 16 | file://0003-fix-typeerror-on-error.patch \ |
17 | file://0004-lp1039729.patch \ | 17 | file://0004-lp1039729.patch \ |
18 | file://0005-lp1191197.patch \ | 18 | file://0005-lp1191197.patch \ |
19 | file://0006-check-requirements-get-error.patch \ | ||
20 | file://0007-use-conntrack-instead-of-state-module.patch \ | ||
21 | file://0008-support-.-setup.py-build-LP-819600.patch \ | ||
22 | file://0009-adjust-runtime-tests-to-use-daytime-port.patch \ | ||
23 | file://0010-empty-out-IPT_MODULES-and-update-documentation.patch \ | ||
24 | file://0011-tests-check-requirements--simplify-and-support-python-3.8.patch \ | ||
25 | file://Add-code-to-detect-openembedded-python-interpreter.patch \ | ||
19 | " | 26 | " |
20 | 27 | ||
21 | UPSTREAM_CHECK_URI = "https://launchpad.net/ufw" | 28 | UPSTREAM_CHECK_URI = "https://launchpad.net/ufw" |
@@ -25,6 +32,17 @@ SRC_URI[sha256sum] = "5f85a8084ad3539b547bec097286948233188c971f498890316dec170b | |||
25 | 32 | ||
26 | inherit setuptools3 features_check | 33 | inherit setuptools3 features_check |
27 | 34 | ||
35 | do_install_append() { | ||
36 | install -d ${D}${datadir}/${PN}/test | ||
37 | cp -R --no-dereference --preserve=mode,links -v ${S}/* ${D}${datadir}/${PN}/test | ||
38 | } | ||
39 | PACKAGES =+ "${PN}-test" | ||
40 | RDEPENDS_${PN}-test += "bash" | ||
41 | FILES_${PN}-test += "${datadir}/${PN}/test" | ||
42 | |||
43 | # To test, install ufw-test package. You can enter /usr/share/ufw/test and run as root: | ||
44 | # PYTHONPATH=tests/testarea/lib/python ./run_tests.sh -s -i python3 root | ||
45 | |||
28 | RDEPENDS_${PN} = " \ | 46 | RDEPENDS_${PN} = " \ |
29 | iptables \ | 47 | iptables \ |
30 | python3 \ | 48 | python3 \ |
@@ -33,14 +51,35 @@ RDEPENDS_${PN} = " \ | |||
33 | 51 | ||
34 | RRECOMMENDS_${PN} = " \ | 52 | RRECOMMENDS_${PN} = " \ |
35 | kernel-module-ipv6 \ | 53 | kernel-module-ipv6 \ |
36 | kernel-module-nf-conntrack-ipv6 \ | 54 | kernel-module-ipt-reject \ |
55 | kernel-module-iptable-mangle \ | ||
56 | kernel-module-iptable-raw \ | ||
57 | kernel-module-ip6table-raw \ | ||
58 | kernel-module-ip6t-reject \ | ||
59 | kernel-module-ip6t-rt \ | ||
60 | kernel-module-ip6table-mangle \ | ||
61 | kernel-module-nf-conntrack \ | ||
37 | kernel-module-nf-log-common \ | 62 | kernel-module-nf-log-common \ |
63 | kernel-module-nf-conntrack-broadcast \ | ||
64 | kernel-module-nf-conntrack-ftp \ | ||
65 | kernel-module-nf-conntrack-netbios-ns \ | ||
66 | kernel-module-nf-log-ipv4 \ | ||
67 | kernel-module-nf-log-ipv6 \ | ||
38 | kernel-module-nf-log-ipv4 \ | 68 | kernel-module-nf-log-ipv4 \ |
39 | kernel-module-nf-log-ipv6 \ | 69 | kernel-module-nf-log-ipv6 \ |
40 | kernel-module-nf-addrtype \ | 70 | kernel-module-nf-nat-ftp \ |
41 | kernel-module-nf-limit \ | 71 | kernel-module-xt-addrtype \ |
42 | kernel-module-nf-log \ | 72 | kernel-module-xt-comment \ |
43 | kernel-module-nf-recent \ | 73 | kernel-module-xt-conntrack \ |
74 | kernel-module-xt-hashlimit \ | ||
75 | kernel-module-xt-hl \ | ||
76 | kernel-module-xt-multiport \ | ||
77 | kernel-module-xt-ratetest \ | ||
78 | kernel-module-xt-socket \ | ||
79 | kernel-module-xt-tcpudp \ | ||
80 | kernel-module-xt-limit \ | ||
81 | kernel-module-xt-log \ | ||
82 | kernel-module-xt-recent \ | ||
44 | " | 83 | " |
45 | 84 | ||
46 | # Certain items are explicitly put under /lib, not base_libdir when installed. | 85 | # Certain items are explicitly put under /lib, not base_libdir when installed. |