Skip to content

GitLab

iptables (pci review) · Changes

Page history
mstevens created page: iptables (pci review) authored by Mark Stevens's avatar Mark Stevens
Hide whitespace changes
Inline Side-by-side
Showing with 111 additions and 0 deletions
iptables-(pci-review).md 0 → 100644
View page @ a6994cac
```
127|shell@rk312x:/ $ iptables --list
iptables v1.4.20: can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
3|shell@rk312x:/ $ su
root@rk312x:/ # iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
bw_INPUT all -- anywhere anywhere
fw_INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
oem_fwd all -- anywhere anywhere
fw_FORWARD all -- anywhere anywhere
bw_FORWARD all -- anywhere anywhere
natctrl_FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
oem_out all -- anywhere anywhere
fw_OUTPUT all -- anywhere anywhere
st_OUTPUT all -- anywhere anywhere
bw_OUTPUT all -- anywhere anywhere
Chain bw_FORWARD (1 references)
target prot opt source destination
Chain bw_INPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_OUTPUT (1 references)
target prot opt source destination
all -- anywhere anywhere ! quota globalAlert: 2097152 bytes
all -- anywhere anywhere owner socket exists
Chain bw_costly_shared (0 references)
target prot opt source destination
bw_penalty_box all -- anywhere anywhere
Chain bw_happy_box (0 references)
target prot opt source destination
Chain bw_penalty_box (1 references)
target prot opt source destination
Chain fw_FORWARD (1 references)
target prot opt source destination
Chain fw_INPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_OUTPUT (1 references)
target prot opt source destination
fw_standby all -- anywhere anywhere
Chain fw_dozable (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere owner UID match 0-9999
DROP all -- anywhere anywhere
Chain fw_standby (2 references)
target prot opt source destination
Chain natctrl_FORWARD (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain natctrl_tether_counters (0 references)
target prot opt source destination
Chain oem_fwd (1 references)
target prot opt source destination
Chain oem_out (1 references)
target prot opt source destination
Chain st_OUTPUT (1 references)
target prot opt source destination
Chain st_clear_caught (2 references)
target prot opt source destination
Chain st_clear_detect (0 references)
target prot opt source destination
REJECT all -- anywhere anywhere connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
CONNMARK tcp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
CONNMARK udp -- anywhere anywhere u32 "0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000" CONNMARK or 0x1000000
RETURN all -- anywhere anywhere connmark match 0x1000000/0x1000000
st_clear_caught tcp -- anywhere anywhere state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
st_clear_caught udp -- anywhere anywhere
Chain st_penalty_log (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x1000000
NFLOG all -- anywhere anywhere
Chain st_penalty_reject (0 references)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK or 0x2000000
NFLOG all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
root@rk312x:/ #
```
\ No newline at end of file