Keine Services am Gateway

Post Reply
Message
Author
RZ
Posts: 3
Joined: 06. Aug 2004 22:39

Keine Services am Gateway

#1 Post by RZ »

Hallo,

vielleicht ist die Antwort ja einfach, aber ich habe folgendes Problem:
.)Linux-Rechner dient (via ADSL) als Gateway für dahinterliegende Win98-Rechner
der Teil funktioniert auch; man kann problemlos (mit Masquerading on) alles erreichen

Aber:
auf dem Gateway laufen auch httpd, smtpd usw
Funktionieren zwar, aber nur von extern!! Von intern sind sie nicht zu erreichen. Es funktioniert zwar DNS, aber dann läuft alles in ein Timeout. Interessant dazu: ping auf interne Schnittstelle des Gateway funktioniert, ein Ping externe Schnittstelle funktioniert nicht.

Hab ich da was bei der FW übersehen/missverstanden? Oder wo ist das Problem?

Danke für jede Hilfe!

User avatar
Lateralus
prolinux-forum-admin
Posts: 1238
Joined: 05. May 2004 7:35

#2 Post by Lateralus »

Also mal angenommen du nutzt den Apache2, der verwendet die Datei /etc/apache2/listen.conf um zu regeln, mit welcher IP auf welchem Port man ihn ansprechen kann:

Code: Select all

# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports. See also the <VirtualHost> directive.
#
# http&#58;//httpd.apache.org/docs-2.0/mod/mpm_common.html#listen
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses &#40;0.0.0.0&#41;
#
# When we also provide SSL we have to listen to the
# standard HTTP port &#40;see above&#41; and to the HTTPS port
#
# Note&#58; Configurations that use IPv6 but not IPv4-mapped addresses need two
#       Listen directives&#58; "Listen &#91;&#58;&#58;&#93;&#58;443" and "Listen 0.0.0.0&#58;443"
#
#Listen 12.34.56.78&#58;80
#Listen 80
#Listen 443

Listen 80


<IfDefine SSL>
    <IfDefine !NOSSL>
        <IfModule mod_ssl.c>

            Listen 443

        </IfModule>
    </IfDefine>
</IfDefine>


# Use name-based virtual hosting
#
# - on a specified address / port&#58;
#
#NameVirtualHost 12.34.56.78&#58;80
#
# - name-based virtual hosting&#58;
#
#NameVirtualHost *&#58;80
#
# - on all addresses and ports. This is your best bet when you are on
#   dynamically assigned IP addresses&#58;
#
#NameVirtualHost *
Man sollte es näher spezifizieren (die Standard-Einstellung wird wohl für die externe Adresse verwendet...):

Code: Select all

Listen 192.168.0.1&#58;80
bzw. die obige Adresse durch deine lokale Adresse ersetzt, wie immer die ist.

RZ
Posts: 3
Joined: 06. Aug 2004 22:39

#3 Post by RZ »

Nö, danke, das wars leider nicht.
Zum einen deshalb weil DNS ja funktioniert. D.h. bei Aufruf einer Seite am Gateway wird die externe IP gesucht, und nicht die interne. ('Versuche Verbindung herzustellen mit [i]ext. IP[/i]").
Zum anderen, weil ja nicht nur der Apache, sondern alle Dienste ssh, ftp, smtpd nicht erreichbar sind. Hat eher was auf Ebene des Netzes was zu tun denk ich. Nur weiß ich leider nicht wo und was.

gameace

#4 Post by gameace »

Genau das gleiche Problem hab ich auch.

gameace

#5 Post by gameace »

*Hochschieb*

User avatar
elwood67
Posts: 232
Joined: 19. May 2004 10:03
Location: Nürnberg

Firewall?

#6 Post by elwood67 »

Habt Ihr (netfilter) iptables laufen?
Benutzt mal den ethereal, da könnt Ihr schön sehen was mit den Paketen passiert.
Gruß Jürgen
_______________________
Rechner: P4 mit Suse 9.2
_______________________
Und versammeln unsere eigene Armee, um diese Massenvernichtungswaffe zu entschärfen, die wir heute noch unseren Präsidenten nennen...

gameace

#7 Post by gameace »

Also ich hab mir das Gateway durch die Susefirewall2 erstellen bzw. konfigueren lassen.Hab mal auf den Rat hin ethereal zur Anlayse benutzt und dabei diesen meiner Meinung relevanten Eintrag rausgefiltiert, bei der Netzwerkkarte für das LAN.Dieser Eintrag erschien aber dreimal und sah oberflächlich identisch aus.
Bei der eth1 also der externe Karte(ist das eigentlich standart?)konnte ich keine Einträge ausmachen die revelant sind, da nirgends meine interne IP als Quelle oder als Ankunft in Kombination mit meiner externen IP zu sehn war.

Code: Select all

Frame 391 &#40;66 bytes on wire, 66 bytes captured&#41;
    Arrival Time&#58; Oct 21, 2004 17&#58;05&#58;21.568207000
    Time delta from previous packet&#58; 4.559556000 seconds
    Time relative to first packet&#58; 4.559556000 seconds
    Frame Number&#58; 391
    Packet Length&#58; 66 bytes
    Capture Length&#58; 66 bytes
Ethernet II, Src&#58; 00&#58;02&#58;44&#58;37&#58;6a&#58;94, Dst&#58; 00&#58;02&#58;44&#58;25&#58;65&#58;f9
    Destination&#58; 00&#58;02&#58;44&#58;25&#58;65&#58;f9 &#40;00&#58;02&#58;44&#58;25&#58;65&#58;f9&#41;
    Source&#58; 00&#58;02&#58;44&#58;37&#58;6a&#58;94 &#40;00&#58;02&#58;44&#58;37&#58;6a&#58;94&#41;
    Type&#58; IP &#40;0x0800&#41;
Internet Protocol, Src Addr&#58; 192.168.1.15 &#40;192.168.1.15&#41;, Dst Addr&#58; 62.143.9.78 &#40;62.143.9.78&#41;
    Version&#58; 4
    Header length&#58; 20 bytes
    Differentiated Services Field&#58; 0x00 &#40;DSCP 0x00&#58; Default; ECN&#58; 0x00&#41;
        0000 00.. = Differentiated Services Codepoint&#58; Default &#40;0x00&#41;
        .... ..0. = ECN-Capable Transport &#40;ECT&#41;&#58; 0
        .... ...0 = ECN-CE&#58; 0
    Total Length&#58; 52
    Identification&#58; 0x66d8 &#40;26328&#41;
    Flags&#58; 0x04
        .1.. = Don't fragment&#58; Set
        ..0. = More fragments&#58; Not set
    Fragment offset&#58; 0
    Time to live&#58; 128
    Protocol&#58; TCP &#40;0x06&#41;
    Header checksum&#58; 0x8a57 &#40;correct&#41;
    Source&#58; 192.168.1.15 &#40;192.168.1.15&#41;
    Destination&#58; 62.143.9.78 &#40;62.143.9.78&#41;
Transmission Control Protocol, Src Port&#58; uma &#40;1797&#41;, Dst Port&#58; http &#40;80&#41;, Seq&#58; 268326326, Ack&#58; 0, Len&#58; 0
    Source port&#58; uma &#40;1797&#41;
    Destination port&#58; http &#40;80&#41;
    Sequence number&#58; 268326326
    Header length&#58; 32 bytes
    Flags&#58; 0x0002 &#40;SYN&#41;
        0... .... = Congestion Window Reduced &#40;CWR&#41;&#58; Not set
        .0.. .... = ECN-Echo&#58; Not set
        ..0. .... = Urgent&#58; Not set
        ...0 .... = Acknowledgment&#58; Not set
        .... 0... = Push&#58; Not set
        .... .0.. = Reset&#58; Not set
        .... ..1. = Syn&#58; Set
        .... ...0 = Fin&#58; Not set
    Window size&#58; 65535
    Checksum&#58; 0xf879 &#40;correct&#41;
    Options&#58; &#40;12 bytes&#41;
        Maximum segment size&#58; 1460 bytes
        NOP
        Window scale&#58; 1 &#40;multiply by 2&#41;
        NOP
        NOP
        SACK permitted 

lopsch
Posts: 8
Joined: 03. Aug 2002 17:58

#8 Post by lopsch »

Hmm poste doch mal das FW-Script dann sieht man das besser, evtl. INPUT nicht freigeschaltet etc.

gameace

#9 Post by gameace »

Hier das Script

Code: Select all

fw_custom_before_antispoofing&#40;&#41; &#123;
    true
&#125;
    true
&#125;

fw_custom_before_port_handling&#40;&#41; &#123; 
     true
&#125;

fw_custom_before_masq&#40;&#41; &#123; # could also be named "after_port_handling&#40;&#41;"
    true
&#125;

fw_custom_before_denyall&#40;&#41; &#123; # could also be named "after_forwardmasq&#40;&#41;"
    true
&#125; 

gameace

#10 Post by gameace »

Am besten liefer ich auch mal die config file der FW.

Code: Select all

FW_QUICKMODE="no"
FW_DEV_EXT="eth1"
FW_DEV_INT="eth0"
FW_DEV_DMZ="yes"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_DEV="$FW_DEV_EXT"
FW_MASQ_NETS="0/0"
FW_PROTECT_FROM_INTERNAL="no"
FW_AUTOPROTECT_SERVICES="yes"
FW_SERVICES_EXT_TCP="10000&#58;20000 21 4000&#58;5000 http smtp ssh"
FW_SERVICES_EXT_UDP="123"
FW_SERVICES_EXT_IP=""
FW_SERVICES_DMZ_TCP="80"
FW_SERVICES_DMZ_UDP=""
FW_SERVICES_DMZ_IP=""
FW_SERVICES_INT_TCP="80 ssh smtp http domain"
FW_SERVICES_INT_UDP="domain"
FW_SERVICES_INT_IP=""
FW_SERVICES_QUICK_TCP=""
FW_SERVICES_QUICK_UDP=""
FW_SERVICES_QUICK_IP=""
FW_TRUSTED_NETS=""
FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data"
FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes"
FW_SERVICE_AUTODETECT="yes"
FW_SERVICE_DNS="yes"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="no"
FW_SERVICE_SAMBA="no"
FW_FORWARD=""
FW_FORWARD_MASQ=""
FW_REDIRECT=""
FW_LOG_DROP_CRIT="yes"
FW_LOG_DROP_ALL="no"
FW_LOG_ACCEPT_CRIT="yes"
FW_LOG_ACCEPT_ALL="no"
FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW"
FW_KERNEL_SECURITY="yes"
FW_STOP_KEEP_ROUTING_STATE="no"
FW_ALLOW_PING_FW="yes"
FW_ALLOW_PING_DMZ="no"
FW_ALLOW_PING_EXT="no"
FW_ALLOW_FW_TRACEROUTE="yes"
FW_ALLOW_FW_SOURCEQUENCH="yes"
FW_ALLOW_FW_BROADCAST="no"
FW_IGNORE_FW_BROADCAST="yes"
FW_ALLOW_CLASS_ROUTING="no"
FW_CUSTOMRULES=""
FW_REJECT="no"
FW_HTB_TUNE_DEV=""
Und wo wir grad dabei sind die iptable auch noch.

Code: Select all

Chain INPUT &#40;policy DROP&#41;
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             255.255.255.255    state NEW,ESTABLISHED udp spt&#58;bootpc dpt&#58;bootps 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpts&#58;netbios-ns&#58;netbios-dgm 
LOG        all  --  loopback/8           anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 
LOG        all  --  anywhere             loopback/8         LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 
DROP       all  --  loopback/8           anywhere           
DROP       all  --  anywhere             loopback/8         
LOG        all  --  linux.local          anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 
DROP       all  --  linux.local          anywhere           
LOG        all  --  ip78.9.1411M-CUD12K-01.ish.de  anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOFING ' 
DROP       all  --  ip78.9.1411M-CUD12K-01.ish.de  anywhere           
input_ext  all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.de
input_int  all  --  anywhere             linux.local        
DROP       all  --  anywhere             62.143.9.255       
DROP       all  --  anywhere             255.255.255.255    
DROP       all  --  anywhere             192.168.1.255      
DROP       all  --  anywhere             255.255.255.255    
LOG        all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.deLOG level warning tcp-options ip-options prefix `SuSE-FW-ACCESS_DENIED_INT ' 
DROP       all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.de
LOG        all  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-ILLEGAL-TARGET ' 
DROP       all  --  anywhere             anywhere           

Chain FORWARD &#40;policy DROP&#41;
target     prot opt source               destination         
TCPMSS     tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST/SYN TCPMSS clamp to PMTU 
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
forward_ext  all  --  anywhere             anywhere           
forward_int  all  --  anywhere             anywhere           
LOG        all  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-ILLEGAL-ROUTING ' 
DROP       all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED 
LOG        all  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-FORWARD-ERROR ' 

Chain OUTPUT &#40;policy ACCEPT&#41;
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
LOG        icmp --  anywhere             anywhere           icmp time-exceeded LOG level warning tcp-options ip-options prefix `SuSE-FW-TRACEROUTE-ATTEMPT ' 
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere           icmp port-unreachable 
ACCEPT     icmp --  anywhere             anywhere           icmp fragmentation-needed 
ACCEPT     icmp --  anywhere             anywhere           icmp network-prohibited 
ACCEPT     icmp --  anywhere             anywhere           icmp host-prohibited 
ACCEPT     icmp --  anywhere             anywhere           icmp communication-prohibited 
DROP       icmp --  anywhere             anywhere           icmp destination-unreachable 
ACCEPT     all  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED 
LOG        all  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-OUTPUT-ERROR ' 

Chain forward_dmz &#40;0 references&#41;
target     prot opt source               destination         
LOG        all  --  62.143.9.0/24        anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' 
DROP       all  --  62.143.9.0/24        anywhere           
LOG        all  --  192.168.1.0/24       anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' 
DROP       all  --  192.168.1.0/24       anywhere           
LOG        all  --  anywhere             linux.local        LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' 
DROP       all  --  anywhere             linux.local        
LOG        all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.deLOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' 
DROP       all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.de
ACCEPT     icmp --  anywhere             anywhere           state RELATED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     all  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain forward_ext &#40;1 references&#41;
target     prot opt source               destination         
LOG        all  --  192.168.1.0/24       anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' 
DROP       all  --  192.168.1.0/24       anywhere           
LOG        all  --  anywhere             linux.local        LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' 
DROP       all  --  anywhere             linux.local        
ACCEPT     icmp --  anywhere             anywhere           state RELATED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     all  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain forward_int &#40;1 references&#41;
target     prot opt source               destination         
LOG        all  --  62.143.9.0/24        anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF ' 
DROP       all  --  62.143.9.0/24        anywhere           
LOG        all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.deLOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-CIRCUMVENTION ' 
DROP       all  --  anywhere             ip78.9.1411M-CUD12K-01.ish.de
ACCEPT     icmp --  anywhere             anywhere           state RELATED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     all  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED 
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain input_dmz &#40;0 references&#41;
target     prot opt source               destination         
LOG        all  --  62.143.9.0/24        anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF-idmz ' 
DROP       all  --  62.143.9.0/24        anywhere           
LOG        all  --  192.168.1.0/24       anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF-idmz ' 
DROP       all  --  192.168.1.0/24       anywhere           
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp parameter-problem 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp timestamp-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp address-mask-reply 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
DROP       icmp --  anywhere             anywhere           
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;http 
reject_func  tcp  --  anywhere             anywhere           tcp dpt&#58;ident flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ftp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;ftp flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;domain flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;domain flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;sunrpc flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;sunrpc flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;netbios-ssn flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;netbios-ssn flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;printer flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;printer flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ipp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;ipp flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;mpc-lifenet flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;mpc-lifenet flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;mysql flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;mysql flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;terabase flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;terabase flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;newoak flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;newoak flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;pxc-spvr-ft flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;pxc-spvr-ft flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;4080 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;4080 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;krb524 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;krb524 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;4662 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;4662 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;5804 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;5804 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;5904 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;5904 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;x11 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;x11 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;6881 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;6881 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;6882 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;6882 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;19287 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;19287 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 
LOG        tcp  --  anywhere             anywhere           tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpts&#58;ipcserver&#58;65535 flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpt&#58;ftp-data flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     udp  --  ns1.ish.de           anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
ACCEPT     udp  --  resolver1.eu.level3.net  anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;fsp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ssh 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;domain 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;domain 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootps 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootps 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ntp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-ns 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-dgm 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-ssn 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;printer 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ipp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ipp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;nimreg 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;mpc-lifenet 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;mysql 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;terabase 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;newoak 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;pxc-spvr-ft 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4080 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;krb524 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4662 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4666 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;5804 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;5904 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;x11 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;6881 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;6882 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;19287 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;19287 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpts&#58;1024&#58;65535 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain input_ext &#40;1 references&#41;
target     prot opt source               destination         
LOG        all  --  192.168.1.0/24       anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF-iext ' 
DROP       all  --  192.168.1.0/24       anywhere           
LOG        icmp --  62.143.9.0/24        anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT-SOURCEQUENCH ' 
ACCEPT     icmp --  62.143.9.0/24        anywhere           icmp source-quench 
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp parameter-problem 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp timestamp-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp address-mask-reply 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
DROP       icmp --  anywhere             anywhere           
LOG        tcp  --  anywhere             anywhere           tcp dpts&#58;ndmp&#58;dnp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpts&#58;ndmp&#58;dnp 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ftp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;ftp 
LOG        tcp  --  anywhere             anywhere           tcp dpts&#58;terabase&#58;commplex-main flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpts&#58;terabase&#58;commplex-main 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;http 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;smtp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;smtp 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;ssh 
reject_func  tcp  --  anywhere             anywhere           tcp dpt&#58;ident flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;domain flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;domain flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;sunrpc flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;sunrpc flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;netbios-ssn flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;netbios-ssn flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;printer flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;printer flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ipp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;ipp flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;mpc-lifenet flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;mpc-lifenet flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;mysql flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;mysql flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;terabase flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;terabase flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;newoak flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;newoak flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;pxc-spvr-ft flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;pxc-spvr-ft flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;4080 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;4080 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;krb524 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;krb524 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;4662 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;4662 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;5804 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;5804 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;5904 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;5904 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;x11 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;x11 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;6881 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;6881 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;6882 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;6882 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;9859 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;9859 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;19287 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;19287 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;30877 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;30877 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;44281 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP ' 
DROP       tcp  --  anywhere             anywhere           tcp dpt&#58;44281 flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 
LOG        tcp  --  anywhere             anywhere           tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpts&#58;ipcserver&#58;65535 flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpt&#58;ftp-data flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpt&#58;ntp 
ACCEPT     udp  --  ns1.ish.de           anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
ACCEPT     udp  --  resolver1.eu.level3.net  anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ssh 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;domain 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;domain 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;domain 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootps 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootps 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;bootpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;http 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;sunrpc 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-ns 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-ns 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-dgm 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-dgm 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;netbios-ssn 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;printer 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ipp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;ipp 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;nimreg 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;mpc-lifenet 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;mysql 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;terabase 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;newoak 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;pxc-spvr-ft 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4080 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;krb524 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4662 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;4666 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;5804 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;5904 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;x11 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;6881 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;6882 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;9859 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;19287 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;19287 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;30877 
DROP       udp  --  anywhere             anywhere           udp dpt&#58;44281 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpts&#58;1024&#58;65535 
ACCEPT     udp  --  anywhere             anywhere           state ESTABLISHED udp dpts&#58;61000&#58;65095 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain input_int &#40;1 references&#41;
target     prot opt source               destination         
LOG        all  --  62.143.9.0/24        anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ANTI-SPOOF-iint ' 
DROP       all  --  62.143.9.0/24        anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           icmp echo-request 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp echo-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp destination-unreachable 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp time-exceeded 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp parameter-problem 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp timestamp-reply 
ACCEPT     icmp --  anywhere             anywhere           state RELATED,ESTABLISHED icmp address-mask-reply 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
LOG        icmp --  anywhere             anywhere           icmp type 2 LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-ICMP-CRIT ' 
DROP       icmp --  anywhere             anywhere           
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;http 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;ssh flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;ssh 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;smtp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;smtp 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;http flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;http 
LOG        tcp  --  anywhere             anywhere           tcp dpt&#58;domain flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp dpt&#58;domain 
reject_func  tcp  --  anywhere             anywhere           tcp dpt&#58;ident flags&#58;SYN,RST,ACK/SYN 
LOG        tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state RELATED,ESTABLISHED tcp dpts&#58;1024&#58;65535 
LOG        tcp  --  anywhere             anywhere           tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-ACCEPT ' 
ACCEPT     tcp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED tcp spt&#58;ftp-data dpts&#58;1024&#58;65535 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpts&#58;ipcserver&#58;65535 flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     tcp  --  anywhere             anywhere           state ESTABLISHED tcp dpt&#58;ftp-data flags&#58;!SYN,RST,ACK/SYN 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpt&#58;domain 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpt&#58;filenet-rpc 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpt&#58;filenet-nch 
ACCEPT     udp  --  ns1.ish.de           anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
ACCEPT     udp  --  resolver1.eu.level3.net  anywhere           state NEW,RELATED,ESTABLISHED udp spt&#58;domain dpts&#58;1024&#58;65535 
ACCEPT     udp  --  anywhere             anywhere           state NEW,RELATED,ESTABLISHED udp dpts&#58;1024&#58;65535 
LOG        tcp  --  anywhere             anywhere           tcp flags&#58;SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp source-quench LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp redirect LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp echo-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp timestamp-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        icmp --  anywhere             anywhere           icmp address-mask-request LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        udp  --  anywhere             anywhere           LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT ' 
LOG        all  --  anywhere             anywhere           state INVALID LOG level warning tcp-options ip-options prefix `SuSE-FW-DROP-DEFAULT-INVALID ' 
DROP       all  --  anywhere             anywhere           

Chain reject_func &#40;3 references&#41;
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere           reject-with tcp-reset 
REJECT     udp  --  anywhere             anywhere           reject-with icmp-port-unreachable 
REJECT     all  --  anywhere             anywhere           reject-with icmp-proto-unreachable  

Post Reply