ufw-0.36/0000755000175000017500000000000013405001226011170 5ustar jamiejamieufw-0.36/Makefile0000644000175000017500000001161213404772663012654 0ustar jamiejamieSRCS = src/ufw $(wildcard src/*.py) POTFILES = locales/po/ufw.pot TMPDIR = ./tmp SNAPDIR = ./snap-build EXCLUDES = --exclude='.git*' --exclude='*~' --exclude='*.swp' --exclude='*.pyc' --exclude='debian' --exclude='ubuntu' --exclude='ufw_source.*' --exclude='tmp' VERSION = $(shell egrep '^ufw_version' ./setup.py | cut -d "'" -f 2) SRCVER = ufw-$(VERSION) TARBALLS = ../tarballs TARSRC = $(TARBALLS)/$(SRCVER) TARDST = $(TARBALLS)/$(SRCVER).tar.gz PYFLAKES = $(TMPDIR)/pyflakes.out PYFLAKES_EXE = pyflakes ifndef $(PYTHON) export PYTHON=python endif all: snap-build ifneq ($(SNAP),yes) # Use setup.py to install. See README for details exit 1 endif snap-build: clean ifneq ($(SNAP),yes) # Use setup.py to install. See README for details exit 1 endif git log --oneline -n 1 mkdir $(SNAPDIR) python3 ./setup.py install --root=$(SNAPDIR) --install-layout=deb chmod 644 $(SNAPDIR)/etc/ufw/*.rules $(SNAPDIR)/etc/ufw/*.init $(SNAPDIR)/usr/share/ufw/iptables/*.rules sed -i 's/IPT_MODULES=.*/IPT_MODULES=""/g' $(SNAPDIR)/etc/default/ufw sed -i 's/IPT_SYSCTL=\(.*\)/IPT_SYSCTL="$$SNAP_DATA\1"/g' $(SNAPDIR)/etc/default/ufw sed -i 's,net/ipv4/tcp_sack=,#net/ipv4/tcp_sack=,g' $(SNAPDIR)/etc/ufw/sysctl.conf chmod -R g-w $(SNAPDIR) mkdir $(SNAPDIR)/docs for manfile in `ls doc/*.8` ; do \ page=$$(basename $$manfile); \ manout=$(SNAPDIR)/docs/$$(basename -s .8 $$page); \ echo "Creating $$page ... "; \ LANG='C' MANWIDTH=80 man --warnings -E ascii doc/$$page | col -b > "$$manout"; \ done; \ for manfile in iptables ip6tables iptables-restore ip6tables-restore ; do \ manout=$(SNAPDIR)/docs/$$(basename -s .8 $$manfile); \ echo "Creating $$manfile ... "; \ LANG='C' MANWIDTH=80 man --warnings -E ascii $$manfile | col -b > "$$manout"; \ done; \ rm -f $(SNAPDIR)/usr/lib/python3/dist-packages/ufw/__pycache__/* rmdir $(SNAPDIR)/usr/lib/python3/dist-packages/ufw/__pycache__/ install: snap-build ifneq ($(SNAP),yes) # Use setup.py to install. See README for details exit 1 endif ifndef DESTDIR # When SNAP=yes, DESTDIR must be set exit 1 endif cp -a $(SNAPDIR)/* $(DESTDIR) #ln -sf /var/snap/ufw/current/usr/lib/python3/dist-packages/ufw/__pycache__ ./snappy-packaging/prime/usr/lib/python3/dist-packages/ufw/__pycache__ ln -sf /var/snap/ufw/current/usr/lib/python3/dist-packages/ufw/__pycache__ $(DESTDIR)/usr/lib/python3/dist-packages/ufw/__pycache__ translations: $(POTFILES) $(POTFILES): $(SRCS) xgettext -d ufw -L Python -o $@ $(SRCS) mo: make -C locales all test: ./run_tests.sh -s -i $(PYTHON) unittest: ./run_tests.sh -s -i $(PYTHON) unit coverage: $(PYTHON) -m coverage run ./tests/unit/runner.py coverage-report: $(PYTHON) -m coverage report --show-missing --omit="tests/*" syntax-check: clean $(shell mkdir $(TMPDIR) && $(PYFLAKES_EXE) src 2>&1 | grep -v "undefined name '_'" > $(PYFLAKES)) cat "$(PYFLAKES)" test ! -s "$(PYFLAKES)" man-check: clean $(shell mkdir $(TMPDIR) 2>/dev/null) for manfile in `ls doc/*.8`; do \ page=$$(basename $$manfile); \ manout=$(TMPDIR)/$$page.out; \ echo "Checking $$page for errors... "; \ PAGER=cat LANG='en_US.UTF-8' MANWIDTH=80 man --warnings -E UTF-8 -l doc/$$page >/dev/null 2> "$$manout"; \ cat "$$manout"; \ test ! -s "$$manout" || exit 1; \ echo "PASS"; \ done; \ snap-test: $(shell mkdir $(TMPDIR) 2>/dev/null) ./tests/test-srv-upgrades.sh > $(TMPDIR)/test-srv-upgrades.out 2>&1 && diff -Naur ./tests/test-srv-upgrades.sh.expected $(TMPDIR)/test-srv-upgrades.out check: syntax-check man-check test unittest snap-test # These are only used in development clean: rm -rf ./build rm -rf ./staging rm -rf ./tests/testarea ./tests/unit/tmp rm -rf $(TMPDIR) rm -rf $(SNAPDIR) rm -rf ./parts ./stage ./prime rm -rf ./snappy-packaging/files/* ./snappy-packaging/parts ./snappy-packaging/prime ./snappy-packaging/stage rm -f ./snappy-packaging/*.snap rm -f ./locales/mo/*.mo rm -f ./tests/unit/*.pyc ./tests/*.pyc ./src/*.pyc rm -rf ./tests/unit/__pycache__ ./tests/__pycache__ ./src/__pycache__ rm -rf ./.coverage rm -f ./ufw # unittest symlink evaluate: clean mkdir -p $(TMPDIR)/ufw/usr $(TMPDIR)/ufw/etc UFW_SKIP_CHECKS=1 $(PYTHON) ./setup.py install --home=$(TMPDIR)/ufw PYTHONPATH=$(PYTHONPATH):$(TMPDIR)/ufw/lib/python $(PYTHON) $(TMPDIR)/ufw/usr/sbin/ufw version cp ./examples/* $(TMPDIR)/ufw/etc/ufw/applications.d # Test with: # PYTHONPATH=$$PYTHONPATH:$(TMPDIR)/ufw/lib/python $(PYTHON) $(TMPDIR)/ufw/usr/sbin/ufw ... # sudo sh -c "PYTHONPATH=$$PYTHONPATH:$(TMPDIR)/ufw/lib/python $(PYTHON) $(TMPDIR)/ufw/usr/sbin/ufw ..." devel: evaluate cp -f ./tests/defaults/profiles/* $(TMPDIR)/ufw/etc/ufw/applications.d cp -f ./tests/defaults/profiles.bad/* $(TMPDIR)/ufw/etc/ufw/applications.d debug: devel sed -i 's/DEBUGGING = False/DEBUGGING = True/' $(TMPDIR)/ufw/lib/python/ufw/util.py tarball: syntax-check clean translations cp -a . $(TARSRC) tar -zcv -C $(TARBALLS) $(EXCLUDES) -f $(TARDST) $(SRCVER) rm -rf $(TARSRC) ufw-0.36/ChangeLog.pre-0.250000644000175000017500000002335113226727543014137 0ustar jamiejamieufw (0.24.1) jaunty; urgency=low * remove existing stop links for runlevels 0 and 6, thus completing the fix for LP: #298736. * adjust tarball Makefile target -- Jamie Strandboge Sun, 21 Dec 2008 11:47:45 -0600 ufw (0.24) jaunty; urgency=low * debian/rules: check for 'nocheck' in DEB_BUILD_OPTIONS * debian/postrm: don't fail if iptables or ip6tables fails (LP: #278670) * fix typo in error message (LP: #280348) * allow case-insensitive matches for application rules (LP: #263757). Based on work by Didier Roche * add skel-ui for UI example * debian/postinst: don't stop in runlevels 0 and 6 (LP: #298736) * before6.rules: adjust hop limit to 255 for NDP messages (LP: #299268) per RFC 4890 secton 4.2. Thanks to Ryan Giobbi * before6.rules: restrict multicast (LP: #304216). Thanks to Ryan Giobbi * before.rules: don't use ctstate as it is not supported on all kernels and we don't use the extra information anyway (LP: #289906) * fix translations for input strings (LP: #302426) * update ucf md5sums for before.rules and before6.rules * adjust root/destructive tests for when we can't unmount /proc -- Jamie Strandboge Fri, 12 Dec 2008 13:43:11 -0500 ufw (0.23) intrepid; urgency=low * show protocol in status when no ports are specified (LP: #263308) * update after*.rules when setting default policy (LP: #273278) * give useful message when trying to delete a non-existent rule (LP: #251136) * don't print useless newlines * add 'translations' support to Makefile (but don't use it in build yet) * updated README for advanced usage * updated TODO * References LP: #275984 -- Jamie Strandboge Mon, 29 Sep 2008 11:52:53 -0500 ufw (0.22) intrepid; urgency=low * fix confusing output of 'app update' command (LP: #261932) * only reload during 'app update' if the profile name is used in the current ruleset (LP: #261323) * don't reload user rules if not enabled and don't toggle ENABLED=yes if failure in starting the firewall (LP: #262451) * don't traceback if /proc not mounted (LP: #268084) -- Jamie Strandboge Wed, 27 Aug 2008 11:51:14 -0500 ufw (0.21) intrepid; urgency=low * add confirmation on enable when running under ssh (LP: #253840) * don't reload the firewall on 'app update' when running under ssh * update ufw.pot * fix some pygettext errors * warn if profile name is found in /etc/services * don't delete application rules when the action doesn't match (LP: #260881) * add reload command * added debian/triggers and update debian/postinst for use with dpkg triggers (thanks Colin Watson for the suggestion) * add 'app update all' command * update man page for reload and 'app update all' -- Jamie Strandboge Mon, 18 Aug 2008 20:22:32 -0400 ufw (0.20) intrepid; urgency=low * add 'verbose' option to status command * implement application (package) integration * update run_tests.sh to honor subclass * debian/control: Depends on iptables >= 1.4.0 for ipv6 comment support -- Jamie Strandboge Thu, 07 Aug 2008 12:04:05 -0400 ufw (0.19) intrepid; urgency=low * don't modify the chains when --dry-run is specified (LP: #247352) * add dotted netmask support * don't have util.py import common.py * normalize rules so what is added to chains and what is displayed to the user is consistent (LP: #237446) * documentation updates (LP: #247177) * implement port ranges (LP: #231103) * fix initscript to properly set default DROP when ipv6 is available and set to 'no' in /etc/default/ufw (LP: #251355) * don't give confusing output when ipv6 and/or ip6_tables is not available (LP: #194844) * update ucf historical checksums to include those in 0.16.2 * update manpage for 'status' clarifications (LP: #251153) * update before*.rules to count outgoing packets on lo (LP: #255092) * update status output so it is more consistent with rule syntax -- Jamie Strandboge Mon, 07 Jul 2008 16:22:45 -0400 ufw (0.18) intrepid; urgency=low * bump version * src/ufw: make reusable * src/ufw: show default policy and logging in 'status' (LP: #240271) * refactor code and split out into modules: - updated src/* - updated setup.py - updated run_tests.sh - updated README - updated README.translations and messages/ufw.pot - updated README.Design * properly implement --root and --home (LP: #231771): - setup.py: --root works as expected now (eg as DESTDIR in Debian) - updated run_test.sh for new setup.py - updated README.Debian for now setup.py * add new 'limit' command for connection rate limiting: - updated src/* - updated README and ufw.8 - updated messages/ufw.pot - updated tests for limit -- Jamie Strandboge Thu, 12 Jun 2008 10:28:36 -0400 ufw (0.17) intrepid; urgency=low * implement status in initscript * warn on group/world writable and wrong owner files in _do_checks() * debian/rules: use 'g' with sed when stripping paths (LP: #207476) * debian/control: Standards-Version: 3.7.3 * don't log INVALID packets by default (LP: #207156) * don't log noisy services by default (LP: #209709) * consult /etc/services for protocol (LP: #209845) * manpage updates * add internationalization support * prevent traceback with dotted decimal netmasks (LP: #224842) * update tests to test for more valid and invalid netmasks * adjust conf/sysctl.conf to have clear message regarding /etc/sysctl.conf * adjust conf/sysctl.conf to have explanations for the tunables (taken from procps) -- Jamie Strandboge Wed, 12 Mar 2008 16:11:22 -0400 ufw (0.16) hardy; urgency=low * bump version * fix tests for when ipv6 is blacklisted (fix FTBFS on Ubuntu buildd) * adjust root tests for new output -- Jamie Strandboge Tue, 11 Mar 2008 16:11:59 -0400 ufw (0.15) hardy; urgency=low * fix man page typo * debian/control: added Homepage (LP: #199722) * fix python version check (upstream #199790) * properly handle when ipv6 is not loaded or blacklisted (LP: #199724) * man page fixes * clarify 'status' output (LP: #199873) * fix ipv6 stateless autoconfiguration (upstream #200921) -- Jamie Strandboge Sat, 08 Mar 2008 07:36:04 -0500 ufw (0.14) hardy; urgency=low * conf/initscript - move sysctl to after rules load (LP: #192123) - don't make sysctl and modprobe failures fatal (LP: #197285) - make output less verbose and fix formatting (LP: #198211) * debian/rules: update setup.py version with changelog version * debian/control - update maintainer to Ubuntu Core Developers - add Vcs-Bzr url -- Jamie Strandboge Fri, 15 Feb 2008 08:56:24 -0500 ufw (0.13) hardy; urgency=low * added ipv6 and (commented out) forwarding entries in sysctl.conf -- Jamie Strandboge Wed, 13 Feb 2008 22:31:47 -0500 ufw (0.12) hardy; urgency=low * new upstream version: - initscript implements 'stop' as default ACCEPT - initscript restart and force-reload now use 'stop' and 'start' * debian/postinst: stop on runlevels 0, 1 and 6 * debian/postrm: default ACCEPT on purge * debian/README.Debian: provide useful notes -- Jamie Strandboge Thu, 07 Feb 2008 09:47:10 -0500 ufw (0.11) hardy; urgency=low * comply with Ubuntu policy of syncookies off (LP: 189565) * debian/control: Build-Depends on debhelper (>= 5.0.38) -- Jamie Strandboge Wed, 06 Feb 2008 14:08:36 -0500 ufw (0.10) hardy; urgency=low * new upstream version: - ipv6 support (LP: 188934) - added more tests - updated docs * updated packaging for ipv6 files * fixed email typo (LP: 189418) * use ucf for /etc/ufw/*.rules files * move ENABLED to ufw.conf -- Jamie Strandboge Tue, 05 Feb 2008 22:24:51 -0500 ufw (0.9) hardy; urgency=low * new upstream version: - bugfix for logging - bugfix for default policy -- Jamie Strandboge Tue, 29 Jan 2008 06:37:01 -0500 ufw (0.8) hardy; urgency=low * new upstream version: - use PF-style syntax for extended rule syntax - migrate ufw.rules to separate chains and files * added debconf note about ufw.rules -- Jamie Strandboge Mon, 28 Jan 2008 13:26:10 -0500 ufw (0.7) hardy; urgency=low * new version - fix two lintian warnings - manpage updates - fix for buggy get_status -- Jamie Strandboge Thu, 24 Jan 2008 11:27:30 +0000 ufw (0.6) hardy; urgency=low * debian/control: Build-Depends-Indep on netbase so tests can run in buildds -- Jamie Strandboge Wed, 23 Jan 2008 16:24:58 +0000 ufw (0.5) hardy; urgency=low * update tests for better failure reporting and maintainability -- Jamie Strandboge Wed, 23 Jan 2008 13:14:20 +0000 ufw (0.4) hardy; urgency=low * new upstream version - supports specifying service from /etc/services - requires python 2.5 - put rules in ufw-* chains - status is more user-friendly (but not complete) - bug fixes - ufw.rules fine-tuning -- Jamie Strandboge Tue, 22 Jan 2008 08:01:06 +0000 ufw (0.3) hardy; urgency=low * new upstream version: - fix licensing - PEP8 compliant - uses distutils to install - now supports /etc/services names -- Jamie Strandboge Sun, 20 Jan 2008 17:43:03 -0500 ufw (0.2) hardy; urgency=low * ufw: actually use DROP instead of DENY * typo in README.Debian -- Jamie Strandboge Wed, 16 Jan 2008 14:32:06 -0500 ufw (0.1) hardy; urgency=low * Initial release -- Jamie Strandboge Mon, 07 Jan 2008 20:44:16 -0500 ufw-0.36/profiles/0000755000175000017500000000000013404772663013036 5ustar jamiejamieufw-0.36/profiles/ufw-chat0000644000175000017500000000116313257507473014501 0ustar jamiejamie[PeopleNearby] title=People Nearby description=People Nearby (Bonjour/Salut) functionality in Empathy ports=5353/udp|5298 [Bonjour] title=Bonjour description=Bonjour protocol ports=5353/udp|5298 [MSN] title=MSN Chat description=MSN chat protocol (with file transfer and voice) ports=1863|6891:6900/tcp|6901 [MSN SSL] title=MSN Chat (SSL) description=MSN chat protocol (SSL) ports=443/tcp [AIM] title=AIM Talk description=AIM talk protocol ports=5190/tcp [Yahoo] title=Yahoo Chat description=Yahoo chat protocol ports=5050 [XMPP] title=XMPP Chat description=XMPP protocol (Jabber and Google Talk) ports=5222/tcp|5269/tcp ufw-0.36/profiles/ufw-dnsserver0000644000175000017500000000013113226727543015565 0ustar jamiejamie[DNS] title=Internet Domain Name Server description=Internet Domain Name Server ports=53 ufw-0.36/profiles/ufw-fileserver0000644000175000017500000000054613257465544015736 0ustar jamiejamie[CIFS] title=SMB/CIFS server description=SMB/CIFS server ports=137,138/udp|139,445/tcp [NFS] title=NFS server description=NFS and portmap server. Will also need access to mountd, statd and possibly others ports=2049,111/tcp|2049,111/udp [svnserve] title=Subversion server description=Subversion server for access to Subversion repositories. ports=3690/tcp ufw-0.36/profiles/ufw-bittorent0000644000175000017500000000053513404772663015575 0ustar jamiejamie[Transmission] title=Transmission description=Transmission BitTorrent client ports=51413 [Deluge] title=Deluge description=Deluge BitTorrent client ports=6881:6891/tcp [KTorrent] title=KTorrent description=KTorrent BitTorrent client ports=6881/tcp|4444/udp [qBittorrent] title=qBittorrent description=qBittorrent BitTorrent client ports=6881/tcp ufw-0.36/profiles/ufw-proxyserver0000644000175000017500000000023313226727543016165 0ustar jamiejamie[Socks] title=Socks proxy description=Socks proxy ports=1080/tcp [Transparent Proxy] title=Transparent proxy description=Transparent proxy ports=8081/tcp ufw-0.36/profiles/ufw-printserver0000644000175000017500000000020313226727543016135 0ustar jamiejamie[IPP] title=Cups server (IPP) description=Cups server (IPP) ports=631 [LPD] title=LPD server description=LPD server ports=515/tcp ufw-0.36/profiles/ufw-directoryserver0000644000175000017500000000100113257500346016774 0ustar jamiejamie[Kerberos KDC] title=Kerberos v5 KDC server description=Kerberos v5 KDC server ports=88 [Kerberos Admin] title=Kerberos v5 admin description=Kerberos v5 server ports=749/tcp [Kerberos Password] title=Kerberos v5 password description=Kerberos v5 password ports=464/udp [Kerberos Full] title=Kerberos v5 server description=Kerberos v5 server ports=88,749/tcp|464/udp [LDAP] title=LDAP server description=LDAP server ports=389/tcp [LDAPS] title=LDAP server (LDAPS) description=LDAP server (LDAPS) ports=636/tcp ufw-0.36/profiles/ufw-webserver0000644000175000017500000000050013226727543015556 0ustar jamiejamie[WWW] title=Web Server description=Web server ports=80/tcp [WWW Secure] title=Web Server (HTTPS) description=Web Server (HTTPS) ports=443/tcp [WWW Full] title=Web Server (HTTP,HTTPS) description=Web Server (HTTP,HTTPS) ports=80,443/tcp [WWW Cache] title=Web Server (8080) description=Web Server (8080) ports=8080/tcp ufw-0.36/profiles/ufw-loginserver0000644000175000017500000000032413226727543016115 0ustar jamiejamie[Telnet] title=Telnet server (insecure) description=Telnet server (insecure) ports=23/tcp [SSH] title=SSH server description=SSH server ports=22/tcp [VNC] title=VNC server description=VNC server ports=5900/tcp ufw-0.36/profiles/ufw-mailserver0000644000175000017500000000101413257465544015730 0ustar jamiejamie[POP3] title=Mail server (POP3) description=Mail server (POP3) ports=110/tcp [POP3S] title=Secure mail server (POP3S) description=Secure mail server (POP3S) ports=995/tcp [IMAP] title=Mail server (IMAP) description=Mail server (IMAP) ports=143/tcp [IMAPS] title=Secure mail server (IMAPS) description=Secure mail server (IMAPS) ports=993/tcp [SMTP] title=Mail server (SMTP) description=Mail server (SMTP) ports=25/tcp [Mail submission] title=Mail server (Submission) description=Mail server (Submission) ports=587/tcp ufw-0.36/README.translations0000644000175000017500000000106113257500736014605 0ustar jamiejamieInternationalization -------------------- gettext files are placed in locales/po/. To update the main .pot file, do: $ pygettext -d ufw -p locales/po -S GNU src/ufw src/[a-z]*.py and adjust locales/po/ufw.pot accordingly. Translations are handled in Launchpad. Please see: https://translations.launchpad.net/ufw/ Testing locales can be done like so (typically in a chroot or VM): $ make mo $ sudo ./tests/check-locales -d locales/mo -l es # a specify locale $ sudo ./tests/check-locales -d locales/mo # all locales Copyright 2008-2012 Canonical Ltd. ufw-0.36/AUTHORS0000644000175000017500000000021213257500346012247 0ustar jamiejamieufw, its documentation and supporting files are written by Jamie Strandboge and copyright Canonical Ltd. 2007-2012. ufw-0.36/README.design0000644000175000017500000000350613257500346013340 0ustar jamiejamieDesign ------ The design of ufw is pretty straightforward. It's object oriented and consists of basically two types of objects: UFWFrontend: user-interface UFWBackend: application logic UFWBackend is an interface that any number of backends will inherit from, which allows for using ufw with any pre-existing or future firewall application. The reference backend, UFWBackendIptables, uses simple 'iptables' and 'iptables-restore' commands and is suitable for a host-based firewall use-case. It is envisioned that other backends will be written as the use-cases for ufw grow. Perhaps a UFWShorewallBackend (for shorewall) or UFWPFBackend (for OpenBSD PF). UFWFrontend uses with the UFWBackend interface and src/ufw provides the UI. src/ufw uses UFWFrontend object and is CLI, but other front-ends like GUI applications could build on top of ufw by either interacting with the installed CLI ufw or by creating another frontend that uses UFWFrontend. Implementation -------------- The application is written in python, just because it is so easy to work with. :) IPV6 ---- IPv6 support is included in ufw. To keep IPv4 addressing easy to use, the IPv4 and IPv6 configuration are kept completely separate (ie there are no IPv4 mapped addresses). Contributing ------------ Before submitting patches for ufw, please do the following: $ make syntax-check # basic syntax checker $ make check # runs non-root tests $ make PYTHON=python3 check # runs non-root tests with python3 interpreter # ./run-tests -r root # runs root tests (modifies running firewall) # ./tests/check-locales # runs locales tests (assumes Ubuntu) CAUTION: root tests will flush the firewall and use iptables commands on the host. Contributions should follow PEP-8 and have an accompanying test case added to tests/. Copyright 2011 Canonical Ltd. ufw-0.36/README0000644000175000017500000003120013325626316012062 0ustar jamiejamieUFW --- https://wiki.ubuntu.com/UbuntuFirewall What's in a name? ----------------- What does it mean? It has come to mean 'Uncomplicated Firewall', but you can change it to something more suitable if you want. If you like it, you might pick 'Universal Firewall', or 'Ultimate Firewall'. If you are not a fan, perhaps 'Unbearable Firewall'. Have fun! Requirements ------------ python 2.6-2.7, 3.4-3.5 (known to work with 2.6.2+, 2.7.0+, 3.4+, 3.5*)* iptables 1.4** gettext /proc filesystem support Linux kernel configured with the following modules (not exhaustive): addrtype comment hl (IPv6) limit multiport recent conntrack*** * python2.5 and python3 < 3.4 are no longer supported ** Systems with iptables below 1.4 will not have IPv6 application rule support. ufw will give a warning when users try to use this functionality, but ufw will otherwise work fine. ufw is known to work with iptables 1.3.8 in this degraded mode. *** As of 0.34, the 'conntrack' modules is used instead of 'state' ufw has been widely tested on Linux 2.6.24 and higher kernels. You may also use the check-requirements script in the tests/ directory to see if your system has all the required iptables/netfilter functionality. Install ------- Users can install with: # python ./setup.py install $ python ./setup.py install --home=PREFIX The interpreter used for setup.py is the one used for ufw. So if your system python is 2.6, but you have python2.7 available, use something like: $ python2.7 ./setup.py install --home=PREFIX Distributions which install to a build directory for packaging can install with: $ python ./setup.py install --root=PREFIX Eg: $ python ./setup.py install --root=/tmp/ufw When installing ufw from source, you will also need to integrate it into your boot process for the firewall to start when you restart your system. Depending on your needs, this can be as simple as adding the following to a startup script (eg rc.local for systems that use it): # /lib/ufw/ufw-init start For systems that use SysV initscripts, an example script is provided in doc/initscript.example. See doc/upstart.example for an Upstart example and doc/systemd.example as a systemd example. Consult your distribution's documentation for the proper way to modify your boot process. Basic Layout ------------ /usr/sbin/ufw is the UI for people (have different backends) /etc/defaults/ufw high level configuration /etc/ufw/before[6].rules rules evaluated before UI added rules /etc/ufw/after[6].rules rules evaluated after UI added rules /lib/ufw/user[6].rules UI added rules (not to be modified) /etc/ufw/sysctl.conf kernel network tunables /lib/ufw/ufw-init start script Usage ----- ufw enable|disable turn firewall on and off (including at boot) ufw default allow|deny updates default policy ufw logging on|off updates backend logging (*.rules) ufw status displays firewall status (user.rules only) ufw allow|deny|limit RULE add RULE to firewall ufw route allow|deny|limit RULE add routing (FORWARD) RULE to firewall See 'man ufw' and also Ubuntu's tutorial at: http://doc.ubuntu.com/ubuntu/serverguide/C/firewall.html Chains ------ ufw uses several chains to allow ease of use and flexibility. Control flow through the various chains is (essentially) as follows: INPUT -> ufw-before-logging-input -> ufw-before-input -> ufw-user-input -> ufw-user-logging-input (rule specific) -> ufw-after-input -> ufw-after-logging-input -> ufw-reject-input -> return to INPUT OUTPUT -> ufw-before-logging-output -> ufw-before-output -> ufw-user-output -> ufw-user-logging-output (rule specific) -> ufw-after-output -> ufw-after-logging-output -> ufw-reject-output -> return to OUTPUT FORWARD -> ufw-before-logging-forward -> ufw-before-forward -> ufw-user-forward -> ufw-user-logging-forward (not used) -> ufw-after-forward -> ufw-after-logging-forward -> ufw-reject-forward -> return to FORWARD The 'before' chains are setup in 'before.rules', the 'after' chains in 'after.rules' and the 'user' chains are maintained by ufw. If an administrator wants to add rules manually, the rules should be added to 'before.rules' and 'after.rules'. The 'reject' chains are used for when the default policy is set to REJECT (because iptables does not support REJECT as a target at this time). Keep in mind, when using REJECT as default policy, ufw may end up rejecting rules that are added outside of ufw and after ufw is started. There is some default configuration in both 'before.rules' and 'after.rules', and this configuration is not displayed with 'ufw status' (but can always be viewed with 'iptables -L -n' or 'iptables -L [chain] -n'. See the iptables man page for details. There are also 3 chains (for both IPv4 and IPv6) that can be used to immediately go to POLICY, which are mostly useful to avoid logging (these chains are used in the default ufw after*.rules configuration to avoid logging noisy services by default): ufw-skip-to-policy-input ufw-skip-to-policy-output ufw-skip-to-policy-forward The primary chains are ufw-before-*, ufw-after-* and ufw-reject-*. The treatment of iptables' built-in chains can be controlled with the MANAGE_BUILTINS configuration option (in /etc/default/ufw). By default this is set to 'no', which means that other than adding the primary chains, the built-in chains will remain untouched. This also means that these primary chains will stay in the table, even after disabling ufw. This is to make sure that the primary chains don't move around other non-ufw rules and chains. To completely flush the built-in chains with this configuration, you can use: # /lib/ufw/ufw-init flush-all Alternately, ufw may also take full control of the firewall by setting MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in rules and delete the non-built-in rules on start, stop and reload. In addition to the above, the following tracking chains are setup last to support stateful tracking of NEW connections when the default policy is set to ACCEPT: ufw-track-input ufw-track-output ufw-track-forward When default policy is set to ACCEPT, an '-m conntrack --ctstate NEW -j ACCEPT' rule is added to the appropriate chain for tcp and udp connections, otherwise the chain is empty and the default policy for the builtin chain. Advanced Configuration ---------------------- ufw can be thought of two parts, the ufw command-line program and the ufw framework. The ufw command is intentionally kept as simple as possible, so users can do common tasks more easily. The framework (ie the bootscripts, setup of the chains (see above), sysctl configuration, etc) is very flexible, and since ufw is simply a frontend for iptables, anything that can be done with iptables can be done within the ufw framework. As an example, to perform port redirection, users can add to the top of /etc/ufw/before.rules, before the '*filter' section: *nat :PREROUTING ACCEPT [0:0] # redirect all incoming requests to tcp port 80 to tcp port 22 -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 22 COMMIT then run: # ufw disable # ufw enable # ufw allow 80/tcp (required only if ufw blocks requests to this port) To add NAT masquerading to the above, change the nat table that was just added to something like: *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 22 # Forward traffic from eth1 through eth0. -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE COMMIT then adjust /etc/default/ufw to have: DEFAULT_FORWARD_POLICY="ACCEPT" and /etc/ufw/sysctl.conf to have: net.ipv4.ip_forward=1 then run: # ufw disable # ufw enable It's important to remember that ufw will only flush the chains and tables it manages, so if if you need to flush the nat table to restart anew, please do: # iptables -F -t nat Similarly, to see what rules are in the nat table's chains, use: # iptables -L -n -t nat See 'man iptables' for details. Default ruleset --------------- Enabling ufw creates a ruleset that is intended to protect the host while allowing some common traffic such as DHCP, ping and mDNS. These defaults are setup in the before*.rules and after*.rules files (see 'man iptables' for terminology): - Default DROP on INPUT - Default DROP on FORWARD - Default ACCEPT on OUTPUT - ACCEPT all on lo - DROP packets with RH0 headers - ACCEPT all RELATED and ESTABLISHED on INPUT and OUTPUT - ACCEPT all RELATED and ESTABLISHED on FORWARD (ip forwarding must be enabled via sysctl for this to be in effect) - DROP INVALID packets (packets not associated with a known connection) - ACCEPT certain icmp packets (INPUT and FORWARD): - destination-unreachable, source-quench, time-exceeded, parameter-problem, and echo-request for IPv4 - destination-unreachable, packet-too-big, time-exceeded, parameter-problem, and echo-request - ACCEPT certain icmpv6 packets for stateless autoconfiguration (INPUT): neighbor-solicitation, neighbor-advertisement, router-solicitation - ACCEPT mDNS (zeroconf/bonjour/avahi 224.0.0.251 for IPv4 and ff02::fb for IPv6) for service discovery (INPUT) - ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service discovery (INPUT) - ACCEPT ping replies from IPv6 link-local (ffe8::/10) addresses (INPUT) - ACCEPT DHCP client traffic (INPUT) - Log all blocked packets not matching the default policy with rate limiting If you are using a packaged version of ufw supplied by your distribution, the default ruleset may be different. Remote Management ----------------- On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is 'enabled' it will insert rules into the existing chains, and therefore not flush the chains (but will when modifying a rule or changing the default policy). You can insert rules before enabling the firewall however, so it is often a good idea to to: # ufw allow proto tcp from any to any port 22 # ufw enable In this case, the chains are still flushed, but the ssh port will be open after enabling the firewall. IPV6 ---- ufw has full support for IPv6, and it is enabled by default. To disable, modify /etc/default/ufw (or wherever this is installed) to have: IPV6=no Then do: # ufw disable # ufw enable Application Integration ----------------------- ufw has support for application integration. This allows for administrators and developers to put profiles in /etc/ufw/applications.d and have users use these profiles in their rules. Profiles use the .INI syntax, and examples can be found in the examples/ directory. See 'man ufw' for details. Upgrading --------- If upgrading from 0.17 or below to 0.18, new chains to support the 'limit' command will be added automatically. Distributions ------------- While it certainly ok to use /lib/ufw/ufw-init as the initscript for ufw, this script is meant to be used by ufw itself, and therefore not particularly user friendly. See doc/initscript.example for a simple implementation that can be adapted to your distribution. Simple rules for rsyslog support can be found in doc/rsyslog.example. Testing ------- $ mkdir -p /tmp/ufw/usr /tmp/ufw/etc $ UFW_SKIP_CHECKS=1 python ./setup.py install --home=/tmp/ufw (ufw does a number of checks since it is normally run as root. When testing, this is usually not the case, so you can use UFW_SKIP_CHECKS=1 with setup.py to disable these checks.) Now do: $ /tmp/ufw/usr/sbin/ufw help Here is a command to do it all at once: $ rm -rf /tmp/ufw && mkdir -p /tmp/ufw/usr /tmp/ufw/etc && UFW_SKIP_CHECKS=1 python ./setup.py install --home=/tmp/ufw Then test with: $ PYTHONPATH=$PYTHONPATH:/tmp/ufw/lib/python /tmp/ufw/usr/sbin/ufw ... $ sudo sh -c "PYTHONPATH=$PYTHONPATH:/tmp/ufw/lib/python /tmp/ufw/usr/sbin/ufw ..." Can also just run from the source directory: $ ./run_tests.sh -s You may also specify an interpreter for the tests. Eg: $ ./run_tests.sh -s -i /usr/local/bin/python2.7 Or for the root tests (these are iptables version dependent, will modify your existing firewall and insert kernel modules, so they require root privileges and aren't run by default): # ./run_tests.sh -s root Finally, ufw's behavior may differ based on available kernel features. The root_kern tests assume all kernel features supported by check-requirements are enabled. They behave just like the root tests. Unit Tests ---------- ufw unit tests are in tests/unit and can be called like so: $ make unittest This is equivalent to something like: $ python ./tests/unit/runner.py Alternatively, can install python-coverage and do: $ make coverage # like 'unittest', but with -m coverage $ make coverage-report To run an individual test, use: $ python ./tests/unit/runner.py test_.py Copyright 2008-2014 Canonical Ltd. ufw-0.36/shell-completion/0000755000175000017500000000000013404772663014471 5ustar jamiejamieufw-0.36/shell-completion/bash0000644000175000017500000000467713404772663015347 0ustar jamiejamie# # Copyright 2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Based on work by Didier Roche # _ufw_commands() { commands=$(ufw --help | sed -e '1,/^Commands:/d' -e '/^Application profile commands:/Q' -e 's/^[ \t]\+\([a-z|]\+\)[ \t]\+.*/\1/g' -e 's/|/ /g' | uniq) echo "$commands app" } _ufw_app_commands() { ufw --help | sed -e '1,/^Application profile commands:/d' -e '/^ [^ ]/!d' -e 's/[ \t]\+app[ \t]\+\([a-z|]\+\)[ \t]\+.*/\1/g' } _ufw_logging_commands() { echo "off on low medium high full" } _ufw_default_commands() { echo "allow deny reject" } _ufw_rule_commands() { echo "`_ufw_default_commands` limit" } _ufw_route_commands() { echo "`_ufw_default_commands` limit delete insert" } _ufw_show_commands() { echo "raw" } _ufw_status_commands() { echo "numbered verbose" } _have ufw && _ufw() { cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} if [ $COMP_CWORD -eq 1 ]; then COMPREPLY=( $( compgen -W "--dry-run --force --help $(_ufw_commands)" -- $cur ) ) elif [ $COMP_CWORD -eq 2 ]; then case "$prev" in app) COMPREPLY=( $( compgen -W "$(_ufw_app_commands)" -- $cur ) ) ;; status) COMPREPLY=( $( compgen -W "$(_ufw_status_commands)" -- $cur ) ) ;; delete) COMPREPLY=( $( compgen -W "$(_ufw_rule_commands)" -- $cur ) ) ;; route) COMPREPLY=( $( compgen -W "$(_ufw_route_commands)" -- $cur ) ) ;; logging) COMPREPLY=( $( compgen -W "$(_ufw_logging_commands)" -- $cur ) ) ;; show) COMPREPLY=( $( compgen -W "$(_ufw_show_commands)" -- $cur ) ) ;; default) COMPREPLY=( $( compgen -W "$(_ufw_default_commands)" -- $cur ) ) ;; esac fi } _have ufw && complete -F _ufw ufw ufw-0.36/pylintrc0000644000175000017500000001603413257465544013011 0ustar jamiejamie[MASTER] # Specify a configuration file. #rcfile= # Python code to execute, usually for sys.path manipulation such as # pygtk.require(). #init-hook= # Profiled execution. profile=no # Add to the black list. It should be a base name, not a # path. You may set this option multiple times. ignore=CVS # Pickle collected data for later comparisons. persistent=yes # List of plugins (as comma separated values of python modules names) to load, # usually to register additional checkers. load-plugins= [MESSAGES CONTROL] # Enable the message, report, category or checker with the given id(s). You can # either give multiple identifier separated by comma (,) or put this option # multiple time. #enable= # Disable the message, report, category or checker with the given id(s). You # can either give multiple identifier separated by comma (,) or put this option # multiple time (only on the command line, not in the configuration file where # it should appear only once). #disable= # ids to disable (comma separated) # C0302: Too many lines in module # W0703: Catch "Exception" # R0912: Too many branches disable=C0302,W0703,R0912 [REPORTS] # Set the output format. Available formats are text, parseable, colorized, msvs # (visual studio) and html output-format=text # Include message's id in output include-ids=yes # Put messages in a separate file for each module / package specified on the # command line instead of printing them on stdout. Reports (if any) will be # written in a file name "pylint_global.[txt|html]". files-output=no # Tells whether to display a full report or only the messages reports=no # Python expression which should return a note less than 10 (10 is the highest # note). You have access to the variables errors warning, statement which # respectively contain the number of errors / warnings messages and the total # number of statements analyzed. This is used by the global evaluation report # (RP0004). evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) # Add a comment according to your evaluation note. This is used by the global # evaluation report (RP0004). comment=no [FORMAT] # Maximum number of characters on a single line. max-line-length=80 # Maximum number of lines in a module max-module-lines=1000 # String used as indentation unit. This is usually " " (4 spaces) or "\t" (1 # tab). indent-string=' ' [VARIABLES] # Tells whether we should check for unused import in __init__ files. init-import=no # A regular expression matching the beginning of the name of dummy variables # (i.e. not used). dummy-variables-rgx=_|dummy # List of additional names supposed to be defined in builtins. Remember that # you should avoid to define new builtins when possible. additional-builtins= [TYPECHECK] # Tells whether missing members accessed in mixin class should be ignored. A # mixin class is detected if its name ends with "mixin" (case insensitive). ignore-mixin-members=yes # List of classes names for which member attributes should not be checked # (useful for classes with attributes dynamically set). ignored-classes=SQLObject # When zope mode is activated, add a predefined set of Zope acquired attributes # to generated-members. zope=no # List of members which are set dynamically and missed by pylint inference # system, and so shouldn't trigger E0201 when accessed. generated-members=REQUEST,acl_users,aq_parent [BASIC] # Required attributes for module, separated by a comma required-attributes= # List of builtins function names that should not be used, separated by a comma bad-functions=map,filter,apply,input # Regular expression which should only match correct module names module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ # Regular expression which should only match correct module level names const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ # Regular expression which should only match correct class names class-rgx=[A-Z_][a-zA-Z0-9]+$ # Regular expression which should only match correct function names function-rgx=[a-z_][a-z0-9_]{2,30}$ # Regular expression which should only match correct method names method-rgx=[a-z_][a-z0-9_]{2,30}$ # Regular expression which should only match correct instance attribute names attr-rgx=[a-z_][a-z0-9_]{1,30}$ # Regular expression which should only match correct argument names argument-rgx=[a-z_][a-z0-9_]{1,30}$ # Regular expression which should only match correct variable names variable-rgx=[a-z_][a-z0-9_]{0,30}$ # Regular expression which should only match correct list comprehension / # generator expression variable names inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ # Good variable names which should always be accepted, separated by a comma good-names=i,j,k,ex,Run,_ # Bad variable names which should always be refused, separated by a comma bad-names=foo,bar,baz,toto,tutu,tata # Regular expression which should only match functions or classes name which do # not require a docstring no-docstring-rgx=__.*__ [MISCELLANEOUS] # List of note tags to take in consideration, separated by a comma. notes=FIXME,XXX,TODO [SIMILARITIES] # Minimum lines number of a similarity. min-similarity-lines=4 # Ignore comments when computing similarities. ignore-comments=yes # Ignore docstrings when computing similarities. ignore-docstrings=yes [DESIGN] # Maximum number of arguments for function / method max-args=8 # Argument names that match this expression will be ignored. Default to name # with leading underscore ignored-argument-names=_.* # Maximum number of locals for function / method body max-locals=35 # Maximum number of return / yield for function / method body max-returns=6 # Maximum number of branch for function / method body max-branchs=12 # Maximum number of statements in function / method body max-statements=150 # Maximum number of parents for a class (see R0901). max-parents=7 # Maximum number of attributes for a class (see R0902). max-attributes=7 # Minimum number of public methods for a class (see R0903). min-public-methods=2 # Maximum number of public methods for a class (see R0904). max-public-methods=25 [CLASSES] # List of interface methods to ignore, separated by a comma. This is used for # instance to not check methods defines in Zope's Interface base class. ignore-iface-methods=isImplementedBy,deferred,extends,names,namesAndDescriptions,queryDescriptionFor,getBases,getDescriptionFor,getDoc,getName,getTaggedValue,getTaggedValueTags,isEqualOrExtendedBy,setTaggedValue,isImplementedByInstancesOf,adaptWith,is_implemented_by # List of method names used to declare (i.e. assign) instance attributes. defining-attr-methods=__init__,__new__,setUp [IMPORTS] # Deprecated modules which should not be used, separated by a comma deprecated-modules=regsub,string,TERMIOS,Bastion,rexec # Create a graph of every (i.e. internal and external) dependencies in the # given file (report RP0402 must not be disabled) import-graph= # Create a graph of external dependencies in the given file (report RP0402 must # not be disabled) ext-import-graph= # Create a graph of internal dependencies in the given file (report RP0402 must # not be disabled) int-import-graph= ufw-0.36/snap-files/0000755000175000017500000000000013404772663013254 5ustar jamiejamieufw-0.36/snap-files/ufw.completer.bash0000644000175000017500000000511213404772663016704 0ustar jamiejamie# # Copyright 2009-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # Based on work by Didier Roche # _ufw_commands() { commands=$("$SNAP"/command-ufw.wrapper --help | sed -e '1,/^Commands:/d' -e '/^Application profile commands:/Q' -e 's/^[ \t]\+\([a-z|]\+\)[ \t]\+.*/\1/g' -e 's/|/ /g' | uniq) echo "$commands app" } _ufw_app_commands() { "$SNAP"/command-ufw.wrapper --help | sed -e '1,/^Application profile commands:/d' -e '/^ [^ ]/!d' -e 's/[ \t]\+app[ \t]\+\([a-z|]\+\)[ \t]\+.*/\1/g' } _ufw_logging_commands() { echo "off on low medium high full" } _ufw_default_commands() { echo "allow deny reject" } _ufw_rule_commands() { echo "`_ufw_default_commands` limit" } _ufw_route_commands() { echo "`_ufw_default_commands` limit delete insert" } _ufw_show_commands() { echo "raw" } _ufw_status_commands() { echo "numbered verbose" } # Don't use '_have' with snaps # _have ufw && _ufw() { cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} if [ $COMP_CWORD -eq 1 ]; then COMPREPLY=( $( compgen -W "--dry-run --force --help $(_ufw_commands)" -- $cur ) ) elif [ $COMP_CWORD -eq 2 ]; then case "$prev" in app) COMPREPLY=( $( compgen -W "$(_ufw_app_commands)" -- $cur ) ) ;; status) COMPREPLY=( $( compgen -W "$(_ufw_status_commands)" -- $cur ) ) ;; delete) COMPREPLY=( $( compgen -W "$(_ufw_rule_commands)" -- $cur ) ) ;; route) COMPREPLY=( $( compgen -W "$(_ufw_route_commands)" -- $cur ) ) ;; logging) COMPREPLY=( $( compgen -W "$(_ufw_logging_commands)" -- $cur ) ) ;; show) COMPREPLY=( $( compgen -W "$(_ufw_show_commands)" -- $cur ) ) ;; default) COMPREPLY=( $( compgen -W "$(_ufw_default_commands)" -- $cur ) ) ;; esac fi } # Don't use '_have' with snaps #_have ufw && complete -F _ufw ufw complete -F _ufw ufw ufw-0.36/snap-files/bin/0000755000175000017500000000000013404772752014023 5ustar jamiejamieufw-0.36/snap-files/bin/srv0000755000175000017500000000701213404772663014564 0ustar jamiejamie#!/bin/sh set -e if [ -z "$SNAP" ] || [ -z "$SNAP_DATA" ] || [ -z "$SNAP_REVISION" ]; then echo "One of SNAP, SNAP_DATA or SNAP_REVISION not set" exit 1 fi files_to_merge="default/ufw ufw/before.rules ufw/before6.rules ufw/after.rules ufw/after6.rules ufw/sysctl.conf" profiles_to_merge="ufw/applications.d/ufw-bittorent ufw/applications.d/ufw-chat ufw/applications.d/ufw-directoryserver ufw/applications.d/ufw-dnsserver ufw/applications.d/ufw-fileserver ufw/applications.d/ufw-loginserver ufw/applications.d/ufw-mailserver ufw/applications.d/ufw-printserver ufw/applications.d/ufw-proxyserver ufw/applications.d/ufw-webserver" upgrade_path="$SNAP_DATA/.upgraded_${SNAP_REVISION}" prev_etc="$SNAP_DATA/.etc.last" copy_if_same() { bn="$1" prev_shipped="$prev_etc/$bn" inuse="$SNAP_DATA/etc/$bn" new_shipped="$SNAP/etc/$bn" if [ ! -e "$prev_etc/$bn" ]; then # If we don't yet have a previous file, just report if there is a diff # between what we ship now and what is in use if ! diff "$new_shipped" "$inuse" > /dev/null ; then echo "'$inuse' not updated for snap revision $SNAP_REVISION (changes cannot be merged). For details, see: $ diff -Nau '$new_shipped' '$inuse'" fi return fi # if the old shipped rules are the same as the rules in use (ie, the admin # didn't change them), then if the new rules are different, copy them over if diff "$prev_shipped" "$inuse" >/dev/null ; then if ! diff "$new_shipped" "$prev_shipped" > /dev/null ; then cp -f --preserve=mode "$new_shipped" "$inuse" echo "'$inuse' updated to contain version from snap revision $SNAP_REVISION" #else # echo "'$bn' is unchanged" fi else echo "'$inuse' not updated for snap revision $SNAP_REVISION (changes cannot be merged). For details, see: $ diff -Nau '$new_shipped' '$inuse'" fi } # First run, none of this exists, so just copy over wholesale if [ ! -e "$SNAP_DATA/lib" ]; then cp -fr --preserve=mode "$SNAP/lib" "$SNAP_DATA" fi if [ ! -e "$SNAP_DATA/etc" ]; then cp -fr --preserve=mode "$SNAP/etc" "$SNAP_DATA" chmod 640 "$SNAP_DATA"/etc/ufw/*.rules chmod 640 "$SNAP_DATA"/etc/ufw/*.init fi # migrate the old preserved location to the new if [ -e "$SNAP_DATA/.rules.orig" ]; then mkdir -p "$prev_etc/ufw" cp -f --preserve=mode "$SNAP_DATA/.rules.orig"/*.rules "$prev_etc/ufw" rm -rf "$SNAP_DATA/.rules.orig" fi # On upgrades, detect if the rules file matches the shipped file, and if # so, apply any changes to the rules file (ie, emulate ucf) upgraded= if [ ! -e "$upgrade_path" ]; then for fn in $files_to_merge $profiles_to_merge ; do copy_if_same "$fn" done # remove old for housekeeping rm -f "$SNAP_DATA/.upgraded*" # add new touch "$upgrade_path" upgraded="yes" fi # Next, make sure these files are available for upgrade comparisons if [ -e "$prev_etc" ]; then rm -rf "$prev_etc" fi mkdir "$prev_etc" cp -rf --preserve=mode "$SNAP/etc/"* "$prev_etc" if [ -z "$SNAP_SKIP_INIT" ]; then # This is used only with 'oneshot'. We don't want to perform reloads on # upgrade since that might break existing connections. We don't want to # perform stop/start on upgrade since we don't want to tear down the # firewall or since it might also break existing connections. if [ "$upgraded" = "yes" ]; then echo "skipping start/reload on upgrade" else "$SNAP"/lib/ufw/ufw-init --rootdir "$SNAP" --datadir "$SNAP_DATA" start fi fi ufw-0.36/snap-files/bin/cli0000755000175000017500000000123013404772663014515 0ustar jamiejamie#!/bin/sh set -e if [ -z "$SNAP" ]; then echo "SNAP not set" exit 1 fi if ! iptables --version >/dev/null 2>&1 ; then echo "Could not use iptables. Please run:" echo "'sudo snap connect ufw:firewall-control ubuntu-core:firewall-control'" exit 1 fi PPATH= if [ -z "$PYTHONPATH" ]; then PPATH=$SNAP/usr/lib/python3/dist-packages else PPATH=$SNAP/usr/lib/python3/dist-packages:$PYTHONPATH fi PYCACHE=$SNAP_DATA/usr/lib/python3/dist-packages/ufw/__pycache__ if [ ! -d "$PYCACHE" ] ; then mkdir -p "$PYCACHE" 2>/dev/null || true fi #echo $PPATH PYTHONPATH="$PPATH" "$SNAP"/usr/sbin/ufw --rootdir="$SNAP" --datadir="$SNAP_DATA" "$@" ufw-0.36/snap-files/bin/init0000755000175000017500000000053613404772663014721 0ustar jamiejamie#!/bin/sh if [ -z "$SNAP" ]; then echo "SNAP not set" exit 1 fi upgrade_path="$SNAP_DATA/.upgraded_${SNAP_VERSION}" # ufw.srv will have already done this on install. if [ ! -e "$upgrade_path" ]; then echo "Rules not found in '$SNAP_DATA'. Aborting" exit 1 fi "$SNAP"/lib/ufw/ufw-init --rootdir "$SNAP" --datadir "$SNAP_DATA" "$@" ufw-0.36/snap-files/bin/doc0000755000175000017500000000067513404772663014527 0ustar jamiejamie#!/bin/sh if [ -z "$SNAP" ]; then echo "SNAP not set" exit 1 fi docdir="$SNAP/docs" usage() { cat < Available docs are: ufw-on-snappy ufw ufw-framework iptables ip6tables iptables-restore ip6tables-restore Eg: $ ufw.doc ufw-on-snappy | less EOM } if [ -z "$1" ]; then usage exit 1 fi doc="$docdir/$1" if [ ! -f "$doc" ]; then echo "Could not find '$1'" usage exit 1 fi cat "$doc" ufw-0.36/COPYING0000644000175000017500000010437413226727543012256 0ustar jamiejamie GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read . ufw-0.36/TODO0000644000175000017500000000073613257511760011704 0ustar jamiejamieTODO ---- DBus support so frontend can send messages to ufw which can then be protected via policy kit Provide a very simple GUI, possibly with NetworkManager integration. This GUI would not replace gufw, which aims to expose the full functionality of ufw. MAC address filtering (ie ebtables) nftables backend (first create compatibility backend and transition upgrades to that. When nftables backend is complete, new installs can use it) Copyright 2008-2015 Canonical Ltd. ufw-0.36/snapcraft.yaml0000644000175000017500000000156613404772673014071 0ustar jamiejamiename: ufw version: 0.36 summary: ufw (Uncomplicated Firewall) description: ufw as a snap confinement: strict grade: stable passthrough: license: GPL-3.0 AND GPL-2.0+ apps: srv: command: bin/srv daemon: oneshot plugs: [ firewall-control ] ufw: command: bin/cli completer: ufw.completer.bash plugs: [ firewall-control ] init: command: bin/init plugs: [ firewall-control ] ipset: command: sbin/ipset plugs: [ firewall-control ] conntrack: command: usr/sbin/conntrack plugs: [ firewall-control ] doc: command: bin/doc parts: wrapper: plugin: dump source: snap-files/ stage-packages: - conntrack - ipset make-project: plugin: make source: . make-parameters: - SNAP=yes build-packages: - iptables - netbase - procps - sed - bsdmainutils - man-db - git ufw-0.36/tests/0000755000175000017500000000000013404772663012355 5ustar jamiejamieufw-0.36/tests/check-requirements0000755000175000017500000001600713343551547016103 0ustar jamiejamie#!/bin/sh # # check-requirements: verify all the required iptables functionality is # available # # Copyright 2008-2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e chain="ufw-check-requirements" error="" error_runtime="" runcmd() { runtime="no" if [ "$1" = "runtime" ]; then runtime="yes" shift 1 fi local output ret=0 # make sure to always return success below because of set -e output=$( "$@" 2>&1 ) || ret=$? if [ $ret -eq 0 ]; then echo pass else if [ "$runtime" = "yes" ]; then echo "FAIL (no runtime support)" echo "error was: $output" error_runtime="yes" else echo FAIL echo "error was: $output" error="yes" fi fi } # check python found_python="no" echo -n "Has python: " for exe in python2.7 python2.6 python2.5 python3.2 python3.3 python3.4 python3.5 python python3 ; do if ! which $exe >/dev/null 2>&1; then continue fi v=`$exe --version 2>&1 | cut -f 2 -d ' '` if echo "$v" | grep -q "^2.[567]"; then echo "pass (binary: $exe, version: $v, py2)" found_python="yes" break elif echo "$v" | grep -q "^3.[234]"; then echo "pass (binary: $exe, version: $v, py3)" found_python="yes" break fi done if [ "$found_python" != "yes" ]; then echo "ERROR: could not find valid python" >&2 error="yes" fi # check binaries for i in "" 6; do exe="iptables" if [ "$i" = "6" ]; then exe="ip6tables" fi echo -n "Has $exe: " if ! which $exe >/dev/null 2>&1; then echo "ERROR: could not find '$exe'" >&2 error="yes" else echo "pass" fi done if [ -n "$error" ]; then exit 1 fi echo "" # check /proc for i in /proc/net/dev /proc/net/if_inet6; do echo -n "Has $i: " if [ ! -e "$i" ]; then echo "no" error="yes" else echo "pass" fi done if [ -n "$error" ]; then exit 1 fi echo "" echo "This script will now attempt to create various rules using the iptables" echo "and ip6tables commands. This may result in module autoloading (eg, for" echo "IPv6)." if [ "$1" != "-f" ]; then echo -n "Proceed with checks (Y/n)? " read ans if [ "$ans" = "n" ] || [ "$ans" = "N" ] || [ "$ans" = "no" ]; then echo "Aborting" exit 1 fi fi # check modules for i in "" 6; do exe="iptables" c="${chain}" ipv="4" if [ "$i" = "6" ]; then exe="ip6tables" c="${chain}6" ipv="6" fi if [ "$i" = "6" ]; then echo "== IPv6 ==" else echo "== IPv4 ==" fi echo -n "Creating '$c'... " $exe -N "$c" || { echo "ERROR: could not create '$c'. Aborting" >&2 error="yes" break } echo "done" # set up a RETURN rule right at the top, so we don't open anything up when # running the script. Isn't attached to INPUT, but better safe than sorry. echo -n "Inserting RETURN at top of '$c'... " $exe -I "$c" -j RETURN || { echo "ERROR: could insert RETURN rule into '$c'. Aborting" >&2 error="yes" break } echo "done" echo -n "TCP: " runcmd $exe -A $c -p tcp -j ACCEPT echo -n "UDP: " runcmd $exe -A $c -p udp -j ACCEPT echo -n "destination port: " runcmd $exe -A $c -p tcp --dport 22 -j ACCEPT echo -n "source port: " runcmd $exe -A $c -p tcp --sport 22 -j ACCEPT for j in ACCEPT DROP REJECT LOG; do echo -n "$j: " runcmd $exe -A $c -p tcp --sport 23 -j $j done echo -n "hashlimit: " runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT echo -n "limit: " runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT for j in NEW RELATED ESTABLISHED INVALID; do echo -n "ctstate ($j): " runcmd $exe -A $c -m conntrack --ctstate $j done echo -n "ctstate (new, recent set): " runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set echo -n "ctstate (new, recent update): " runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT echo -n "ctstate (new, limit): " runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT echo -n "interface (input): " runcmd $exe -A $c -i eth0 -j ACCEPT echo -n "interface (output): " runcmd $exe -A $c -o eth0 -j ACCEPT echo -n "multiport: " runcmd $exe -A $c -p tcp -m multiport --dports 80,443,8080:8090 -j ACCEPT echo -n "comment: " runcmd $exe -A $c -m comment --comment 'dapp_Samba' if [ -z "$i" ]; then for j in LOCAL MULTICAST BROADCAST; do echo -n "addrtype ($j): " runcmd $exe -A $c -m addrtype --dst-type $j -j RETURN done for j in destination-unreachable source-quench time-exceeded parameter-problem echo-request; do echo -n "icmp ($j): " runcmd $exe -A $c -p icmp --icmp-type $j -j ACCEPT done else for j in destination-unreachable packet-too-big time-exceeded parameter-problem echo-request; do echo -n "icmpv6 ($j): " runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -j ACCEPT done for j in neighbor-solicitation neighbor-advertisement router-solicitation router-advertisement; do echo -n "icmpv6 with hl ($j): " runcmd $exe -A $c -p icmpv6 --icmpv6-type $j -m hl --hl-eq 255 -j ACCEPT done echo -n "ipv6 rt: " runcmd $exe -A $c -m rt --rt-type 0 -j ACCEPT fi echo "" done # cleanup for i in "" 6; do exe="iptables" c="${chain}" if [ "$i" = "6" ]; then exe="ip6tables" c="${chain}6" fi $exe -F $c >/dev/null 2>&1 || { if [ -z "$error" ]; then echo "ERROR: could not flush '$c'" >&2 error="yes" fi } $exe -X $c >/dev/null 2>&1 || { if [ -z "$error" ]; then error="yes" echo "ERROR: could not remove '$c'" >&2 fi } done if [ -n "$error" ] || [ -n "$error_runtime" ]; then if [ -n "$error" ]; then echo "FAIL: check your kernel and that you have iptables >= 1.4.0" fi if [ -n "$error_runtime" ]; then echo "FAIL: check your kernel and iptables for additional runtime support" fi exit 1 fi echo "All tests passed" exit 0 ufw-0.36/tests/root_kern/0000755000175000017500000000000013257500736014353 5ustar jamiejamieufw-0.36/tests/root_kern/limit6/0000755000175000017500000000000013257512304015551 5ustar jamiejamieufw-0.36/tests/root_kern/limit6/orig0000777000175000017500000000000013257500736020617 2../../defaultsustar jamiejamieufw-0.36/tests/root_kern/limit6/runtest.sh0000755000175000017500000000530013257512304017612 0ustar jamiejamie#!/bin/bash # Copyright 2012 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" for ipv6 in yes do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable echo "TESTING RGS (limit to/from)" >> $TESTTMP/result do_cmd "0" limit 22/tcp do_cmd "0" limit from any port 24 proto udp do_cmd "0" limit in on eth1 to any port 23 do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING ARGS (delete allow/deny to/from)" >> $TESTTMP/result do_cmd "0" delete limit 22/tcp do_cmd "0" delete limit from any port 24 proto udp do_cmd "0" delete limit in on eth1 to any port 23 do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Testing status numbered" >> $TESTTMP/result for ipv6 in yes do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" limit 22/tcp do_cmd "0" limit from any port 24 proto udp do_cmd "0" limit in on eth1 to any port 23 do_cmd "0" status numbered do_cmd "0" delete limit 22/tcp do_cmd "0" delete limit from any port 24 proto udp do_cmd "0" delete limit in on eth1 to any port 23 do_cmd "0" status numbered done echo "Verify secondary limit chains" >> $TESTTMP/result for l in off on low medium high full; do do_cmd "0" nostats logging $l do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all >/dev/null do_cmd "0" nostats enable for c in user-limit user-limit-accept ; do echo "$count: ip6tables -L ufw6-$c -n | egrep -q '0 references'" >> $TESTTMP/result ip6tables -L ufw6-$c -n | egrep -q '0 references' || { echo "'ip6tables -L ufw6-user-input -n' had more than 0 references" exit 1 } echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done done cleanup exit 0 ufw-0.36/tests/root_kern/limit6/result0000644000175000017500000001153413257507473017031 0ustar jamiejamieSetting IPV6 to yes 0: disable 1: enable TESTING RGS (limit to/from) 2: limit 22/tcp WARN: Checks disabled Rule added Rule added (v6) 3: limit from any port 24 proto udp WARN: Checks disabled Rule added Rule added (v6) 4: limit in on eth1 to any port 23 WARN: Checks disabled Rule added Rule added (v6) 5: status WARN: Checks disabled Status: active To Action From -- ------ ---- 22/tcp LIMIT Anywhere Anywhere LIMIT 24/udp 23 on eth1 LIMIT Anywhere 22/tcp LIMIT Anywhere (v6) Anywhere (v6) LIMIT 24/udp 23 on eth1 LIMIT Anywhere (v6) ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### limit udp any 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### limit any 23 0.0.0.0/0 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit ### tuple ### limit tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set -A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit -- ### tuple ### limit udp any ::/0 24 ::/0 in -A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set -A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit -- ### tuple ### limit any 23 ::/0 any ::/0 in_eth1 -A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit TESTING ARGS (delete allow/deny to/from) 6: delete limit 22/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 7: delete limit from any port 24 proto udp WARN: Checks disabled Rule deleted Rule deleted (v6) 8: delete limit in on eth1 to any port 23 WARN: Checks disabled Rule deleted Rule deleted (v6) 9: status WARN: Checks disabled Status: active Testing status numbered Setting IPV6 to yes 10: disable 11: enable 12: limit 22/tcp WARN: Checks disabled Rule added Rule added (v6) 13: limit from any port 24 proto udp WARN: Checks disabled Rule added Rule added (v6) 14: limit in on eth1 to any port 23 WARN: Checks disabled Rule added Rule added (v6) 15: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 22/tcp LIMIT IN Anywhere [ 2] Anywhere LIMIT IN 24/udp [ 3] 23 on eth1 LIMIT IN Anywhere [ 4] 22/tcp LIMIT IN Anywhere (v6) [ 5] Anywhere (v6) LIMIT IN 24/udp [ 6] 23 on eth1 LIMIT IN Anywhere (v6) 16: delete limit 22/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 17: delete limit from any port 24 proto udp WARN: Checks disabled Rule deleted Rule deleted (v6) 18: delete limit in on eth1 to any port 23 WARN: Checks disabled Rule deleted Rule deleted (v6) 19: status numbered WARN: Checks disabled Status: active Verify secondary limit chains 20: logging off 21: disable 22: enable 23: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 24: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 25: logging on 26: disable 27: enable 28: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 29: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 30: logging low 31: disable 32: enable 33: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 34: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 35: logging medium 36: disable 37: enable 38: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 39: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 40: logging high 41: disable 42: enable 43: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 44: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 45: logging full 46: disable 47: enable 48: ip6tables -L ufw6-user-limit -n | egrep -q '0 references' 49: ip6tables -L ufw6-user-limit-accept -n | egrep -q '0 references' 50: disable ufw-0.36/tests/test-srv-upgrades.sh0000755000175000017500000000275313404772663016322 0ustar jamiejamie#!/bin/sh set -e export SNAP_SKIP_INIT="yes" testdir="$(mktemp -d)" #shellcheck disable=SC2064 trap "rm -rf '$testdir'" EXIT HUP INT QUIT TERM curdir="$(pwd)" cd "$testdir" tar -zxf "$curdir/tests/test-srv-upgrades-data.tar.gz" echo "== Clean out everything" rm -rf "$testdir"/var/snap/ufw/*/* "$testdir"/var/snap/ufw/*/.[eru]* "$testdir"/var/snap/ufw/8* echo echo "== Run srv on 23 for the first time" SNAP=./snap/ufw/23 SNAP_DATA=./var/snap/ufw/23 SNAP_REVISION=23 "$curdir"/snap-files/bin/srv echo echo "== Convert 23 back to rules.orig" mkdir "$testdir"/var/snap/ufw/23/.rules.orig cp "$testdir"/snap/ufw/23/etc/ufw/*.rules "$testdir"/var/snap/ufw/23/.rules.orig rm -f "$testdir"/var/snap/ufw/23/.rules.orig/user*rules rm -rf "$testdir"/var/snap/ufw/23/.etc.last echo echo "== Simulate upgrade from 23 to 85" cp -a "$testdir"/var/snap/ufw/23 "$testdir"/var/snap/ufw/85 echo echo "== Run srv on 85" SNAP=./snap/ufw/85 SNAP_DATA=./var/snap/ufw/85 SNAP_REVISION=85 "$curdir"/snap-files/bin/srv echo echo "== Simulate the user merged everything from 85" rm -rf "$testdir"/var/snap/ufw/85/etc cp -a "$testdir"/snap/ufw/85/etc "$testdir"/var/snap/ufw/85 echo echo "== Simulate user change to after.rules" echo "# some change" >> "$testdir"/var/snap/ufw/85/etc/ufw/after.rules echo echo "== Simulate upgrade from 85 to 86" cp -a "$testdir"/var/snap/ufw/85 "$testdir"/var/snap/ufw/86 echo echo "== Run srv on 86" SNAP=./snap/ufw/86 SNAP_DATA=./var/snap/ufw/86 SNAP_REVISION=86 "$curdir"/snap-files/bin/srv ufw-0.36/tests/root/0000755000175000017500000000000013257507473013341 5ustar jamiejamieufw-0.36/tests/root/valid/0000755000175000017500000000000013404772663014437 5ustar jamiejamieufw-0.36/tests/root/valid/orig0000777000175000017500000000000013226727543017476 2../../defaultsustar jamiejamieufw-0.36/tests/root/valid/runtest.sh0000755000175000017500000005136213404772663016511 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "0" logging on grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" logging off grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" LOGGING ON grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" LOGGING OFF grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result echo "TESTING ARGS (default)" >> $TESTTMP/result do_cmd "0" enable do_cmd "0" default allow iptables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" default deny iptables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" DEFAULT ALLOW iptables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" DEFAULT DENY iptables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" default deny do_cmd "0" disable echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result do_cmd "0" enable cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" disable cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" ENABLE cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" DISABLE cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result echo "TESTING ARGS (allow/deny port)" >> $TESTTMP/result do_cmd "0" allow 25 do_cmd "0" deny 25 do_cmd "0" deny 1 do_cmd "0" deny 65535 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete deny 25 do_cmd "0" delete deny 1 do_cmd "0" delete deny 65535 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING ARGS (allow/deny to/from)" >> $TESTTMP/result echo "Man page" >> $TESTTMP/result do_cmd "0" allow 53 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny to any port 80 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" limit 13/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny 53 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 80/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 10.0.0.0/8 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 172.16.0.0/12 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.0/16 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny from 1.2.3.4 to any port 514 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 1.2.3.5 port 5469 proto udp to 1.2.3.4 port 5469 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" reject auth grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25/tcp do_cmd "0" delete deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp do_cmd "0" delete limit 13/tcp do_cmd "0" delete deny 53 do_cmd "0" delete allow 80/tcp do_cmd "0" delete allow from 10.0.0.0/8 do_cmd "0" delete allow from 172.16.0.0/12 do_cmd "0" delete allow from 192.168.0.0/16 do_cmd "0" delete deny from 1.2.3.4 to any port 514 proto udp do_cmd "0" delete allow from 1.2.3.5 port 5469 proto udp to 1.2.3.4 port 5469 do_cmd "0" delete reject auth grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "SIMPLE" >> $TESTTMP/result do_cmd "0" allow 25 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 25/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 25/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow smtp/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow smtp/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow tftp/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow tftp/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow daytime/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow daytime/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow daytime/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow daytime/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TO/FROM" >> $TESTTMP/result from="192.168.0.1" to="10.0.0.1" for x in allow deny limit reject do context="2" if [ "$x" = "limit" ]; then context="5" fi do_cmd "0" $x from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 from $from grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 from $from port 80 grep -A$context "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result for y in udp tcp do do_cmd "0" $x from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y from $from grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y from $from grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y from $from port 80 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y from $from port 80 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result done done echo "TESTING ARGS (status)" >> $TESTTMP/result do_cmd "0" --dry-run status do_cmd "0" allow to any port smtp from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port smtp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port tftp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING NETMASK" >> $TESTTMP/result do_cmd "0" allow to 192.168.0.0/0 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 192.168.0.0/0 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to 192.168.0.0/16 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 192.168.0.0/16 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.0/0 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.0/0 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.0/16 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.0/16 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/32 to 192.168.0.2/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.1/32 to 192.168.0.2/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.2/255.255.0.2 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.2/255.255.0.2 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "LP bug 237446" >> $TESTTMP/result do_cmd "0" allow to 111.12.34.2/4 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 111.12.34.2/4 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 111.12.34.2/4 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 96.0.0.0/4 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING MULTIPORT" >> $TESTTMP/result do_cmd "0" allow to 192.168.0.1 port 80:83 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 192.168.0.1 port 80:83 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to 192.168.0.1 port 80:83,13 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 192.168.0.1 port 80:83,13 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 34,35/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 34,35/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 34,35:39/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow 34,35:39/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny 35:39/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete deny 35:39/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny 23,21,15:19,13/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete deny 23,21,15:19,13/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result cleanup exit 0 ufw-0.36/tests/root/valid/result0000644000175000017500000016772013404772663015715 0ustar jamiejamieTESTING ARGS (logging) 0: logging on WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### ### END LOGGING ### 1: logging off WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### 2: LOGGING ON WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### ### END LOGGING ### 3: LOGGING OFF WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### TESTING ARGS (default) 4: enable WARN: Checks disabled Firewall is active and enabled on system startup 5: default allow WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 6: default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="DROP" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 7: DEFAULT ALLOW WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 8: DEFAULT DENY WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="DROP" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 9: default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 10: disable WARN: Checks disabled Firewall stopped and disabled on system startup TESTING ARGS (enable/disable) 11: enable WARN: Checks disabled Firewall is active and enabled on system startup ENABLED=yes 12: disable WARN: Checks disabled Firewall stopped and disabled on system startup ENABLED=no 13: ENABLE WARN: Checks disabled Firewall is active and enabled on system startup ENABLED=yes 14: DISABLE WARN: Checks disabled Firewall stopped and disabled on system startup ENABLED=no TESTING ARGS (allow/deny port) 15: allow 25 WARN: Checks disabled Rules updated 16: deny 25 WARN: Checks disabled Rules updated 17: deny 1 WARN: Checks disabled Rules updated 18: deny 65535 WARN: Checks disabled Rules updated ### tuple ### deny any 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j DROP -A ufw-user-input -p udp --dport 25 -j DROP -- ### tuple ### deny any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j DROP -A ufw-user-input -p udp --dport 1 -j DROP -- ### tuple ### deny any 65535 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 65535 -j DROP -A ufw-user-input -p udp --dport 65535 -j DROP 19: delete deny 25 WARN: Checks disabled Rules updated 20: delete deny 1 WARN: Checks disabled Rules updated 21: delete deny 65535 WARN: Checks disabled Rules updated TESTING ARGS (allow/deny to/from) Man page 22: allow 53 WARN: Checks disabled Rules updated ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT 23: allow 25/tcp WARN: Checks disabled Rules updated ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT 24: deny to any port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP 25: deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP 26: limit 13/tcp WARN: Checks disabled Rules updated ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 27: deny 53 WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 28: allow 80/tcp WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 29: allow from 10.0.0.0/8 WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT 30: allow from 172.16.0.0/12 WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT 31: allow from 192.168.0.0/16 WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT 32: deny from 1.2.3.4 to any port 514 proto udp WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP 33: allow from 1.2.3.5 port 5469 proto udp to 1.2.3.4 port 5469 WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT 34: reject auth WARN: Checks disabled Rules updated ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP -- ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### tuple ### reject tcp 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset 35: delete allow 25/tcp WARN: Checks disabled Rules updated 36: delete deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp WARN: Checks disabled Rules updated 37: delete limit 13/tcp WARN: Checks disabled Rules updated 38: delete deny 53 WARN: Checks disabled Rules updated 39: delete allow 80/tcp WARN: Checks disabled Rules updated 40: delete allow from 10.0.0.0/8 WARN: Checks disabled Rules updated 41: delete allow from 172.16.0.0/12 WARN: Checks disabled Rules updated 42: delete allow from 192.168.0.0/16 WARN: Checks disabled Rules updated 43: delete deny from 1.2.3.4 to any port 514 proto udp WARN: Checks disabled Rules updated 44: delete allow from 1.2.3.5 port 5469 proto udp to 1.2.3.4 port 5469 WARN: Checks disabled Rules updated 45: delete reject auth WARN: Checks disabled Rules updated SIMPLE 46: allow 25 WARN: Checks disabled Rules updated ### tuple ### allow any 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT -A ufw-user-input -p udp --dport 25 -j ACCEPT 47: delete allow 25 WARN: Checks disabled Rules updated 48: allow 25/tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT 49: delete allow 25/tcp WARN: Checks disabled Rules updated 50: allow 25/udp WARN: Checks disabled Rules updated ### tuple ### allow udp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 25 -j ACCEPT 51: delete allow 25/udp WARN: Checks disabled Rules updated 52: allow 25 WARN: Checks disabled Rules updated ### tuple ### allow any 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT -A ufw-user-input -p udp --dport 25 -j ACCEPT 53: delete allow 25 WARN: Checks disabled Rules updated 54: allow 25/tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT 55: delete allow 25/tcp WARN: Checks disabled Rules updated 56: allow 25/udp WARN: Checks disabled Rules updated ### tuple ### allow udp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 25 -j ACCEPT 57: delete allow 25/udp WARN: Checks disabled Rules updated 58: allow smtp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT 59: delete allow smtp WARN: Checks disabled Rules updated 60: allow smtp/tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT 61: delete allow smtp/tcp WARN: Checks disabled Rules updated 62: allow tftp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT 63: delete allow tftp WARN: Checks disabled Rules updated 64: allow tftp/udp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT 65: delete allow tftp/udp WARN: Checks disabled Rules updated 66: allow daytime WARN: Checks disabled Rules updated ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT 67: delete allow daytime WARN: Checks disabled Rules updated 68: allow daytime/tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT 69: delete allow daytime/tcp WARN: Checks disabled Rules updated 70: allow daytime/udp WARN: Checks disabled Rules updated ### tuple ### allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 -j ACCEPT 71: delete allow daytime/udp WARN: Checks disabled Rules updated TO/FROM 72: allow from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j ACCEPT 73: delete allow from 192.168.0.1 WARN: Checks disabled Rules updated 74: allow to 10.0.0.1 WARN: Checks disabled Rules updated ### tuple ### allow any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -j ACCEPT 75: delete allow to 10.0.0.1 WARN: Checks disabled Rules updated 76: allow to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### allow any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT 77: delete allow to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated 78: allow from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### allow any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ACCEPT 79: delete allow from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 80: allow to 10.0.0.1 port 25 WARN: Checks disabled Rules updated ### tuple ### allow any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ACCEPT 81: delete allow to 10.0.0.1 port 25 WARN: Checks disabled Rules updated 82: allow to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### allow any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT 83: delete allow to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 84: allow to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### allow any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT 85: delete allow to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated 86: allow to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### allow any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT 87: delete allow to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 88: allow from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ACCEPT 89: delete allow from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 90: allow to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ACCEPT 91: delete allow to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated 92: allow to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT 93: delete allow to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 94: allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### allow udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT 95: delete allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated 96: allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### allow udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT 97: delete allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 98: allow from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ACCEPT 99: delete allow from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 100: allow to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ACCEPT 101: delete allow to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated 102: allow to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT 103: delete allow to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 104: allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT 105: delete allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated 106: allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT 107: delete allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 108: deny from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### deny any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j DROP 109: delete deny from 192.168.0.1 WARN: Checks disabled Rules updated 110: deny to 10.0.0.1 WARN: Checks disabled Rules updated ### tuple ### deny any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -j DROP 111: delete deny to 10.0.0.1 WARN: Checks disabled Rules updated 112: deny to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### deny any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j DROP 113: delete deny to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated 114: deny from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### deny any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j DROP 115: delete deny from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 116: deny to 10.0.0.1 port 25 WARN: Checks disabled Rules updated ### tuple ### deny any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j DROP 117: delete deny to 10.0.0.1 port 25 WARN: Checks disabled Rules updated 118: deny to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### deny any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP 119: delete deny to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 120: deny to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### deny any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP 121: delete deny to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated 122: deny to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### deny any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP 123: delete deny to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 124: deny from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### deny udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j DROP 125: delete deny from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 126: deny to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated ### tuple ### deny udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j DROP 127: delete deny to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated 128: deny to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### deny udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP 129: delete deny to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 130: deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### deny udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP 131: delete deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated 132: deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### deny udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP 133: delete deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 134: deny from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### deny tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j DROP 135: delete deny from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 136: deny to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated ### tuple ### deny tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j DROP 137: delete deny to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated 138: deny to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### deny tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP 139: delete deny to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 140: deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### deny tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP 141: delete deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated 142: deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### deny tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP 143: delete deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 144: limit from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### 145: delete limit from 192.168.0.1 WARN: Checks disabled Rules updated 146: limit to 10.0.0.1 WARN: Checks disabled Rules updated ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept ### END RULES ### 147: delete limit to 10.0.0.1 WARN: Checks disabled Rules updated 148: limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### 149: delete limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated 150: limit from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 151: delete limit from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 152: limit to 10.0.0.1 port 25 WARN: Checks disabled Rules updated ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 153: delete limit to 10.0.0.1 port 25 WARN: Checks disabled Rules updated 154: limit to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 155: delete limit to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 156: limit to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 157: delete limit to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated 158: limit to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 159: delete limit to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 160: limit from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 161: delete limit from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 162: limit to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 163: delete limit to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated 164: limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 165: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 166: limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 167: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated 168: limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 169: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 170: limit from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 171: delete limit from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 172: limit to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 173: delete limit to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated 174: limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 175: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 176: limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 177: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated 178: limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 179: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 180: reject from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### reject any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j REJECT 181: delete reject from 192.168.0.1 WARN: Checks disabled Rules updated 182: reject to 10.0.0.1 WARN: Checks disabled Rules updated ### tuple ### reject any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -j REJECT 183: delete reject to 10.0.0.1 WARN: Checks disabled Rules updated 184: reject to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### reject any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j REJECT 185: delete reject to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled Rules updated 186: reject from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### reject any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j REJECT 187: delete reject from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 188: reject to 10.0.0.1 port 25 WARN: Checks disabled Rules updated ### tuple ### reject any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j REJECT 189: delete reject to 10.0.0.1 port 25 WARN: Checks disabled Rules updated 190: reject to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### reject any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j REJECT 191: delete reject to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 192: reject to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### reject any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j REJECT 193: delete reject to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled Rules updated 194: reject to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### reject any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j REJECT 195: delete reject to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 196: reject from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### reject udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j REJECT 197: delete reject from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 198: reject to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated ### tuple ### reject udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j REJECT 199: delete reject to 10.0.0.1 port 25 proto udp WARN: Checks disabled Rules updated 200: reject to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated ### tuple ### reject udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j REJECT 201: delete reject to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled Rules updated 202: reject to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### reject udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j REJECT 203: delete reject to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled Rules updated 204: reject to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### reject udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j REJECT 205: delete reject to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated 206: reject from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### reject tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset 207: delete reject from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 208: reject to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated ### tuple ### reject tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j REJECT --reject-with tcp-reset 209: delete reject to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rules updated 210: reject to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated ### tuple ### reject tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset 211: delete reject to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled Rules updated 212: reject to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated ### tuple ### reject tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j REJECT --reject-with tcp-reset 213: delete reject to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled Rules updated 214: reject to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated ### tuple ### reject tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j REJECT --reject-with tcp-reset 215: delete reject to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled Rules updated TESTING ARGS (status) 216: --dry-run status WARN: Checks disabled > Checking iptables 217: allow to any port smtp from any port smtp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 25 -j ACCEPT 218: delete allow to any port smtp from any port smtp WARN: Checks disabled Rules updated 219: allow to any port smtp from any port daytime WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT 220: delete allow to any port smtp from any port daytime WARN: Checks disabled Rules updated 221: allow to any port daytime from any port smtp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT 222: delete allow to any port daytime from any port smtp WARN: Checks disabled Rules updated 223: allow to any port smtp from any port 23 WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 23 -j ACCEPT 224: delete allow to any port smtp from any port 23 WARN: Checks disabled Rules updated 225: allow to any port 23 from any port smtp WARN: Checks disabled Rules updated ### tuple ### allow tcp 23 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 25 -j ACCEPT 226: delete allow to any port 23 from any port smtp WARN: Checks disabled Rules updated 227: allow to any port tftp from any port tftp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 69 -j ACCEPT 228: delete allow to any port tftp from any port tftp WARN: Checks disabled Rules updated 229: allow to any port tftp from any port daytime WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT 230: delete allow to any port tftp from any port daytime WARN: Checks disabled Rules updated 231: allow to any port daytime from any port tftp WARN: Checks disabled Rules updated ### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT 232: delete allow to any port daytime from any port tftp WARN: Checks disabled Rules updated 233: allow to any port tftp from any port 23 WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 23 -j ACCEPT 234: delete allow to any port tftp from any port 23 WARN: Checks disabled Rules updated 235: allow to any port 23 from any port tftp WARN: Checks disabled Rules updated ### tuple ### allow udp 23 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 69 -j ACCEPT 236: delete allow to any port 23 from any port tftp WARN: Checks disabled Rules updated 237: allow to any port daytime from any port 23 WARN: Checks disabled Rules updated ### tuple ### allow any 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT -A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT 238: delete allow to any port daytime from any port 23 WARN: Checks disabled Rules updated 239: allow to any port 23 from any port daytime WARN: Checks disabled Rules updated ### tuple ### allow any 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT -A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT 240: delete allow to any port 23 from any port daytime WARN: Checks disabled Rules updated 241: allow to any port daytime from any port domain WARN: Checks disabled Rules updated ### tuple ### allow any 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT -A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT 242: delete allow to any port daytime from any port domain WARN: Checks disabled Rules updated 243: allow to any port smtp from any port smtp proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 25 -j ACCEPT 244: delete allow to any port smtp from any port smtp proto tcp WARN: Checks disabled Rules updated 245: allow to any port smtp from any port daytime proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT 246: delete allow to any port smtp from any port daytime proto tcp WARN: Checks disabled Rules updated 247: allow to any port daytime from any port smtp proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT 248: delete allow to any port daytime from any port smtp proto tcp WARN: Checks disabled Rules updated 249: allow to any port smtp from any port 23 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 25 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 23 -j ACCEPT 250: delete allow to any port smtp from any port 23 proto tcp WARN: Checks disabled Rules updated 251: allow to any port 23 from any port smtp proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 23 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 25 -j ACCEPT 252: delete allow to any port 23 from any port smtp proto tcp WARN: Checks disabled Rules updated 253: allow to any port tftp from any port tftp proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 69 -j ACCEPT 254: delete allow to any port tftp from any port tftp proto udp WARN: Checks disabled Rules updated 255: allow to any port tftp from any port daytime proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT 256: delete allow to any port tftp from any port daytime proto udp WARN: Checks disabled Rules updated 257: allow to any port daytime from any port tftp proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT 258: delete allow to any port daytime from any port tftp proto udp WARN: Checks disabled Rules updated 259: allow to any port tftp from any port 23 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 69 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 23 -j ACCEPT 260: delete allow to any port tftp from any port 23 proto udp WARN: Checks disabled Rules updated 261: allow to any port 23 from any port tftp proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 23 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 69 -j ACCEPT 262: delete allow to any port 23 from any port tftp proto udp WARN: Checks disabled Rules updated 263: allow to any port daytime from any port 23 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT 264: delete allow to any port daytime from any port 23 proto tcp WARN: Checks disabled Rules updated 265: allow to any port 23 from any port daytime proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT 266: delete allow to any port 23 from any port daytime proto tcp WARN: Checks disabled Rules updated 267: allow to any port daytime from any port domain proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT 268: delete allow to any port daytime from any port domain proto tcp WARN: Checks disabled Rules updated 269: allow to any port daytime from any port 23 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT 270: delete allow to any port daytime from any port 23 proto udp WARN: Checks disabled Rules updated 271: allow to any port 23 from any port daytime proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT 272: delete allow to any port 23 from any port daytime proto udp WARN: Checks disabled Rules updated 273: allow to any port daytime from any port domain proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT 274: delete allow to any port daytime from any port domain proto udp WARN: Checks disabled Rules updated TESTING NETMASK 275: allow to 192.168.0.0/0 WARN: Checks disabled WARN: Rule changed after normalization Rules updated ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT 276: delete allow to 192.168.0.0/0 WARN: Checks disabled WARN: Rule changed after normalization Rules updated 277: allow to 192.168.0.0/16 WARN: Checks disabled Rules updated ### tuple ### allow any any 192.168.0.0/16 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.0/16 -j ACCEPT 278: delete allow to 192.168.0.0/16 WARN: Checks disabled Rules updated 279: allow to 192.168.0.1/32 WARN: Checks disabled Rules updated ### tuple ### allow any any 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.1 -j ACCEPT 280: delete allow to 192.168.0.1/32 WARN: Checks disabled Rules updated 281: allow from 192.168.0.0/0 WARN: Checks disabled WARN: Rule changed after normalization Rules updated ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT 282: delete allow from 192.168.0.0/0 WARN: Checks disabled WARN: Rule changed after normalization Rules updated 283: allow from 192.168.0.0/16 WARN: Checks disabled Rules updated ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT 284: delete allow from 192.168.0.0/16 WARN: Checks disabled Rules updated 285: allow from 192.168.0.1/32 WARN: Checks disabled Rules updated ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j ACCEPT 286: delete allow from 192.168.0.1/32 WARN: Checks disabled Rules updated 287: allow from 192.168.0.1/32 to 192.168.0.2/32 WARN: Checks disabled Rules updated ### tuple ### allow any any 192.168.0.2 any 192.168.0.1 in -A ufw-user-input -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT 288: delete allow from 192.168.0.1/32 to 192.168.0.2/32 WARN: Checks disabled Rules updated 289: allow from 192.168.0.2/255.255.0.2 WARN: Checks disabled Rules updated ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.2/255.255.0.2 in -A ufw-user-input -s 192.168.0.2/255.255.0.2 -j ACCEPT 290: delete allow from 192.168.0.2/255.255.0.2 WARN: Checks disabled Rules updated LP bug 237446 291: allow to 111.12.34.2/4 WARN: Checks disabled WARN: Rule changed after normalization Rules updated ### tuple ### allow any any 96.0.0.0/4 any 0.0.0.0/0 in -A ufw-user-input -d 96.0.0.0/4 -j ACCEPT 292: delete allow to 111.12.34.2/4 WARN: Checks disabled WARN: Rule changed after normalization Rules updated 293: allow from 111.12.34.2/4 WARN: Checks disabled WARN: Rule changed after normalization Rules updated ### tuple ### allow any any 0.0.0.0/0 any 96.0.0.0/4 in -A ufw-user-input -s 96.0.0.0/4 -j ACCEPT 294: delete allow from 96.0.0.0/4 WARN: Checks disabled Rules updated TESTING MULTIPORT 295: allow to 192.168.0.1 port 80:83 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 80:83 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 80:83 -d 192.168.0.1 -j ACCEPT 296: delete allow to 192.168.0.1 port 80:83 proto tcp WARN: Checks disabled Rules updated 297: allow to 192.168.0.1 port 80:83,13 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13,80:83 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,80:83 -d 192.168.0.1 -j ACCEPT 298: delete allow to 192.168.0.1 port 80:83,13 proto tcp WARN: Checks disabled Rules updated 299: allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 13 192.168.0.2 35:39 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT 300: delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp WARN: Checks disabled Rules updated 301: allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled Rules updated ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT 302: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled Rules updated 303: allow 34,35/tcp WARN: Checks disabled Rules updated ### tuple ### allow tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT 304: delete allow 34,35/tcp WARN: Checks disabled Rules updated 305: allow 34,35:39/udp WARN: Checks disabled Rules updated ### tuple ### allow udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT 306: delete allow 34,35:39/udp WARN: Checks disabled Rules updated 307: deny 35:39/udp WARN: Checks disabled Rules updated ### tuple ### deny udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -j DROP 308: delete deny 35:39/udp WARN: Checks disabled Rules updated 309: deny 23,21,15:19,13/udp WARN: Checks disabled Rules updated ### tuple ### deny udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP 310: delete deny 23,21,15:19,13/udp WARN: Checks disabled Rules updated 311: disable ufw-0.36/tests/root/bugs/0000755000175000017500000000000013404776460014277 5ustar jamiejamieufw-0.36/tests/root/bugs/orig0000777000175000017500000000000013226727543017337 2../../defaultsustar jamiejamieufw-0.36/tests/root/bugs/runtest.sh0000755000175000017500000001536013404777236016351 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" # setup do_cmd "0" nostats disable do_cmd "0" nostats enable echo "Bug #247352" >> $TESTTMP/result do_cmd "0" --dry-run allow http/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "iptables -L -n:" >> $TESTTMP/result iptables -L -n | grep -A1 "80" >> $TESTTMP/result 2>&1 do_cmd "0" delete allow http/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "Bug #251355" >> $TESTTMP/result echo "Setting IPV6 to no" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable echo "/lib/ufw/ufw-init flush-all:" >> $TESTTMP/result $TESTSTATE/ufw-init flush-all >> $TESTTMP/result 2>&1 do_cmd "0" nostats enable echo "/lib/ufw/ufw-init force-reload:" >> $TESTTMP/result $TESTSTATE/ufw-init force-reload >> $TESTTMP/result 2>&1 echo "ip6tables -L -n:" >> $TESTTMP/result ip6tables -L -n >> $TESTTMP/result 2>&1 echo "Bug #260881" >> $TESTTMP/result echo "Setting IPV6 to no" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow Apache do_cmd "0" delete deny Apache echo "iptables -L -n:" >> $TESTTMP/result iptables -L -n | grep -A1 "80" >> $TESTTMP/result 2>&1 do_cmd "0" delete allow Apache echo "iptables -L -n:" >> $TESTTMP/result iptables -L -n | grep -A1 "80" >> $TESTTMP/result 2>&1 echo "Bug #263308" >> $TESTTMP/result echo "Setting IPV6 to yes" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow to any from any do_cmd "0" allow proto tcp to any from any do_cmd "0" allow to 192.168.1.1 do_cmd "0" allow proto udp from 192.168.1.1 to any do_cmd "0" allow from 192.168.1.1 to 192.168.1.2 do_cmd "0" allow proto udp from 192.168.1.1 to 192.168.1.2 do_cmd "0" status do_cmd "0" delete allow to any from any do_cmd "0" delete allow proto tcp to any from any do_cmd "0" delete allow to 192.168.1.1 do_cmd "0" delete allow proto udp from 192.168.1.1 to any do_cmd "0" delete allow from 192.168.1.1 to 192.168.1.2 do_cmd "0" delete allow proto udp from 192.168.1.1 to 192.168.1.2 do_cmd "0" status echo "Bug #273278" >> $TESTTMP/result echo "Setting IPV6 to yes" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" status verbose cat $TESTPATH/etc/ufw/after*.rules | egrep 'LOG .*UFW ' >> $TESTTMP/result do_cmd "0" default allow do_cmd "0" status verbose cat $TESTPATH/etc/ufw/after*.rules | egrep 'LOG .*UFW ' >> $TESTTMP/result do_cmd "0" default deny do_cmd "0" status verbose cat $TESTPATH/etc/ufw/after*.rules | egrep 'LOG .*UFW ' >> $TESTTMP/result echo "Bug #251136" >> $TESTTMP/result echo "Setting IPV6 to yes" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" status do_cmd "0" delete allow 13 do_cmd "0" delete allow Apache do_cmd "0" delete allow to 127.0.0.1 port 13 do_cmd "0" delete allow to 127.0.0.1 app Apache do_cmd "0" delete allow to ::1 port 13 do_cmd "0" delete allow to ::1 app Apache do_cmd "0" status echo "Bug #344971" >> $TESTTMP/result echo "Setting IPV6 to yes" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow 3 do_cmd "0" allow 4 do_cmd "0" insert 1 allow 1 do_cmd "0" insert 2 allow 2 do_cmd "0" status numbered do_cmd "0" delete allow 4 do_cmd "0" delete allow 3 do_cmd "0" delete allow 2 do_cmd "0" delete allow 1 do_cmd "0" status sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw echo "Bug #407810" >> $TESTTMP/result cp "$TESTPATH/etc/ufw/applications.d/samba" "$TESTPATH/etc/ufw/applications.d/bug407810" sed -i 's/Samba/bug407810/' "$TESTPATH/etc/ufw/applications.d/bug407810" do_cmd "0" app info bug407810 do_cmd "0" null allow bug407810 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result rm -f "$TESTPATH/etc/ufw/applications.d/bug407810" do_cmd "0" null delete allow bug407810 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result echo "Bug #459925" >> $TESTTMP/result for ipv6 in yes no ; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw for i in "" off on low medium high full ; do do_cmd "0" nostats disable if [ -n "$i" ]; then do_cmd "0" null logging $i fi do_cmd "0" null enable iptables-save | grep '^-' > $TESTTMP/ipt.enable ip6tables-save | grep '^-' > $TESTTMP/ip6t.enable do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init stop do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init start iptables-save | grep '^-' > $TESTTMP/ipt.start ip6tables-save | grep '^-' > $TESTTMP/ip6t.start diff $TESTTMP/ipt.enable $TESTTMP/ipt.start || { echo "'ufw enable' and 'ufw-init start' are different for loglevel '$i'" exit 1 } diff $TESTTMP/ip6t.enable $TESTTMP/ip6t.start || { echo "'ufw enable' and 'ufw-init start' are different for loglevel '$i' (ipv6)" exit 1 } done done echo "Bug #512131" >> $TESTTMP/result for i in low on medium high full off off ; do do_cmd "0" null logging $i e="0" if [ "$i" = "off" ]; then e="1" fi iptables-save | grep -q 'UFW LIMIT BLOCK' $TESTCONFIG/user.rules rc="$?" if [ "$rc" != "$e" ]; then echo "$i: got '$rc', expected '$e'" exit 1 fi done echo "Bug #513387" >> $TESTTMP/result do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all >/dev/null do_cmd "0" nostats enable for b in INPUT OUTPUT FORWARD; do suffix=`echo $b | tr [A-Z] [a-z]` echo "$count: iptables -L $b -n | egrep -q 'ufw-after-logging-$suffix'" >> $TESTTMP/result iptables -L "$b" -n | egrep -q "ufw-after-logging-$suffix" || { echo "'iptables -L $b -n' does not contain 'ufw-after-logging-$suffix'" exit 1 } echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done # teardown cleanup exit 0 ufw-0.36/tests/root/bugs/result0000644000175000017500000002401713404777236015546 0ustar jamiejamie0: disable 1: enable Bug #247352 2: --dry-run allow http/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated iptables -L -n: 3: delete allow http/tcp WARN: Checks disabled Could not delete non-existent rule Bug #251355 Setting IPV6 to no 4: disable /lib/ufw/ufw-init flush-all: 5: enable /lib/ufw/ufw-init force-reload: ip6tables -L -n: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all ::/0 ::/0 Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all ::/0 ::/0 Bug #260881 Setting IPV6 to no 6: disable 7: enable 8: allow Apache WARN: Checks disabled Rule added 9: delete deny Apache WARN: Checks disabled Could not delete non-existent rule iptables -L -n: ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* 'dapp_Apache' */ 10: delete allow Apache WARN: Checks disabled Rule deleted iptables -L -n: Bug #263308 Setting IPV6 to yes 11: disable 12: enable 13: allow to any from any WARN: Checks disabled Rule added Rule added (v6) 14: allow proto tcp to any from any WARN: Checks disabled Rule added Rule added (v6) 15: allow to 192.168.1.1 WARN: Checks disabled Rule added 16: allow proto udp from 192.168.1.1 to any WARN: Checks disabled Rule added 17: allow from 192.168.1.1 to 192.168.1.2 WARN: Checks disabled Rule added 18: allow proto udp from 192.168.1.1 to 192.168.1.2 WARN: Checks disabled Rule added 19: status WARN: Checks disabled Status: active To Action From -- ------ ---- Anywhere ALLOW Anywhere Anywhere/tcp ALLOW Anywhere/tcp 192.168.1.1 ALLOW Anywhere Anywhere ALLOW 192.168.1.1/udp 192.168.1.2 ALLOW 192.168.1.1 192.168.1.2/udp ALLOW 192.168.1.1/udp Anywhere (v6) ALLOW Anywhere (v6) Anywhere/tcp (v6) ALLOW Anywhere/tcp (v6) 20: delete allow to any from any WARN: Checks disabled Rule deleted Rule deleted (v6) 21: delete allow proto tcp to any from any WARN: Checks disabled Rule deleted Rule deleted (v6) 22: delete allow to 192.168.1.1 WARN: Checks disabled Rule deleted 23: delete allow proto udp from 192.168.1.1 to any WARN: Checks disabled Rule deleted 24: delete allow from 192.168.1.1 to 192.168.1.2 WARN: Checks disabled Rule deleted 25: delete allow proto udp from 192.168.1.1 to 192.168.1.2 WARN: Checks disabled Rule deleted 26: status WARN: Checks disabled Status: active Bug #273278 Setting IPV6 to yes 27: disable 28: enable 29: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip 30: default allow WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 31: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: allow (incoming), allow (outgoing), disabled (routed) New profiles: skip 32: default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 33: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Bug #251136 Setting IPV6 to yes 34: disable 35: enable 36: status WARN: Checks disabled Status: active 37: delete allow 13 WARN: Checks disabled Could not delete non-existent rule Could not delete non-existent rule (v6) 38: delete allow Apache WARN: Checks disabled Could not delete non-existent rule Could not delete non-existent rule (v6) 39: delete allow to 127.0.0.1 port 13 WARN: Checks disabled Could not delete non-existent rule 40: delete allow to 127.0.0.1 app Apache WARN: Checks disabled Could not delete non-existent rule 41: delete allow to ::1 port 13 WARN: Checks disabled Could not delete non-existent rule (v6) 42: delete allow to ::1 app Apache WARN: Checks disabled Could not delete non-existent rule (v6) 43: status WARN: Checks disabled Status: active Bug #344971 Setting IPV6 to yes 44: disable 45: enable 46: allow 3 WARN: Checks disabled Rule added Rule added (v6) 47: allow 4 WARN: Checks disabled Rule added Rule added (v6) 48: insert 1 allow 1 WARN: Checks disabled Rule inserted Rule inserted (v6) 49: insert 2 allow 2 WARN: Checks disabled Rule inserted Rule inserted (v6) 50: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 1 ALLOW IN Anywhere [ 2] 2 ALLOW IN Anywhere [ 3] 3 ALLOW IN Anywhere [ 4] 4 ALLOW IN Anywhere [ 5] 1 (v6) ALLOW IN Anywhere (v6) [ 6] 2 (v6) ALLOW IN Anywhere (v6) [ 7] 3 (v6) ALLOW IN Anywhere (v6) [ 8] 4 (v6) ALLOW IN Anywhere (v6) 51: delete allow 4 WARN: Checks disabled Rule deleted Rule deleted (v6) 52: delete allow 3 WARN: Checks disabled Rule deleted Rule deleted (v6) 53: delete allow 2 WARN: Checks disabled Rule deleted Rule deleted (v6) 54: delete allow 1 WARN: Checks disabled Rule deleted Rule deleted (v6) 55: status WARN: Checks disabled Status: active Bug #407810 56: app info bug407810 WARN: Checks disabled Profile: bug407810 Title: LanManager-like file and printer server for Unix Description: The bug407810 software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Ports: 137,138/udp 139,445/tcp 57: allow bug407810 -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_bug407810' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_bug407810' 58: delete allow bug407810 Bug #459925 Setting IPV6 to yes 59: disable 60: enable 61: tests/testarea/lib/ufw/ufw-init stop 62: tests/testarea/lib/ufw/ufw-init start 63: disable 64: logging off 65: enable 66: tests/testarea/lib/ufw/ufw-init stop 67: tests/testarea/lib/ufw/ufw-init start 68: disable 69: logging on 70: enable 71: tests/testarea/lib/ufw/ufw-init stop 72: tests/testarea/lib/ufw/ufw-init start 73: disable 74: logging low 75: enable 76: tests/testarea/lib/ufw/ufw-init stop 77: tests/testarea/lib/ufw/ufw-init start 78: disable 79: logging medium 80: enable 81: tests/testarea/lib/ufw/ufw-init stop 82: tests/testarea/lib/ufw/ufw-init start 83: disable 84: logging high 85: enable 86: tests/testarea/lib/ufw/ufw-init stop 87: tests/testarea/lib/ufw/ufw-init start 88: disable 89: logging full 90: enable 91: tests/testarea/lib/ufw/ufw-init stop 92: tests/testarea/lib/ufw/ufw-init start Setting IPV6 to no 93: disable 94: enable 95: tests/testarea/lib/ufw/ufw-init stop 96: tests/testarea/lib/ufw/ufw-init start 97: disable 98: logging off 99: enable 100: tests/testarea/lib/ufw/ufw-init stop 101: tests/testarea/lib/ufw/ufw-init start 102: disable 103: logging on 104: enable 105: tests/testarea/lib/ufw/ufw-init stop 106: tests/testarea/lib/ufw/ufw-init start 107: disable 108: logging low 109: enable 110: tests/testarea/lib/ufw/ufw-init stop 111: tests/testarea/lib/ufw/ufw-init start 112: disable 113: logging medium 114: enable 115: tests/testarea/lib/ufw/ufw-init stop 116: tests/testarea/lib/ufw/ufw-init start 117: disable 118: logging high 119: enable 120: tests/testarea/lib/ufw/ufw-init stop 121: tests/testarea/lib/ufw/ufw-init start 122: disable 123: logging full 124: enable 125: tests/testarea/lib/ufw/ufw-init stop 126: tests/testarea/lib/ufw/ufw-init start Bug #512131 127: logging low 128: logging on 129: logging medium 130: logging high 131: logging full 132: logging off 133: logging off Bug #513387 134: disable 135: enable 136: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 137: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 138: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 139: disable ufw-0.36/tests/root/logging/0000755000175000017500000000000013343551547014764 5ustar jamiejamieufw-0.36/tests/root/logging/orig0000777000175000017500000000000013226727543020025 2../../defaultsustar jamiejamieufw-0.36/tests/root/logging/runtest.sh0000755000175000017500000000573413343551547017040 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw # This isn't available everywhere, so we will test it later sed -i "s/self.caps\['limit'\]\['6'\] = True/self.caps['limit']['6'] = False/" $TESTPATH/lib/python/ufw/backend.py do_cmd "0" nostats disable do_cmd "0" nostats enable echo "TESTING LOG RULES" >> $TESTTMP/result from="2001:db8::/32" to="2001:db8:3:4:5:6:7:8" for i in allow deny limit reject ; do for j in log log-all ; do do_cmd "0" nostats $i $j 23 do_cmd "0" nostats $i $j Samba do_cmd "0" nostats $i $j from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.1 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.1 do_cmd "0" nostats disable do_cmd "0" nostats enable iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.2 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.2 diff $TESTTMP/save.1 $TESTTMP/save.2 || { echo "ip(6)tables-restore different for '$i'" exit 1 } do_cmd "0" nostats delete $i $j 23 do_cmd "0" nostats delete $i $j Samba do_cmd "0" nostats delete $i $j from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result done done echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Verify iptables-restore headers" >> $TESTTMP/result for ipv6 in yes no ; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable for i in "" off on low medium high full ; do if [ -n "$i" ]; then do_cmd "0" nostats logging $i fi do_extcmd "0" nostats $TESTPATH/lib/ufw/ufw-init flush-all do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init start do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init stop do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init start done done cleanup exit 0 ufw-0.36/tests/root/logging/result0000644000175000017500000021623013257507473016234 0ustar jamiejamie0: disable 1: enable TESTING LOG RULES 2: allow log 23 3: allow log Samba 4: allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 5: disable 6: enable 7: delete allow log 23 8: delete allow log Samba 9: delete allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 10: allow log-all 23 11: allow log-all Samba 12: allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 13: disable 14: enable 15: delete allow log-all 23 16: delete allow log-all Samba 17: delete allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 18: deny log 23 19: deny log Samba 20: deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 21: disable 22: enable 23: delete deny log 23 24: delete deny log Samba 25: delete deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 26: deny log-all 23 27: deny log-all Samba 28: deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 29: disable 30: enable 31: delete deny log-all 23 32: delete deny log-all Samba 33: delete deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 34: limit log 23 35: limit log Samba 36: limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 37: disable 38: enable 39: delete limit log 23 40: delete limit log Samba 41: delete limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 42: limit log-all 23 43: limit log-all Samba 44: limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 45: disable 46: enable 47: delete limit log-all 23 48: delete limit log-all Samba 49: delete limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 50: reject log 23 51: reject log Samba 52: reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 53: disable 54: enable 55: delete reject log 23 56: delete reject log Samba 57: delete reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 58: reject log-all 23 59: reject log-all Samba 60: reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 61: disable 62: enable 63: delete reject log-all 23 64: delete reject log-all Samba 65: delete reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Verify iptables-restore headers Setting IPV6 to yes 66: disable 67: enable 68: tests/testarea/lib/ufw/ufw-init flush-all 69: tests/testarea/lib/ufw/ufw-init start 70: tests/testarea/lib/ufw/ufw-init stop 71: tests/testarea/lib/ufw/ufw-init start 72: logging off 73: tests/testarea/lib/ufw/ufw-init flush-all 74: tests/testarea/lib/ufw/ufw-init start 75: tests/testarea/lib/ufw/ufw-init stop 76: tests/testarea/lib/ufw/ufw-init start 77: logging on 78: tests/testarea/lib/ufw/ufw-init flush-all 79: tests/testarea/lib/ufw/ufw-init start 80: tests/testarea/lib/ufw/ufw-init stop 81: tests/testarea/lib/ufw/ufw-init start 82: logging low 83: tests/testarea/lib/ufw/ufw-init flush-all 84: tests/testarea/lib/ufw/ufw-init start 85: tests/testarea/lib/ufw/ufw-init stop 86: tests/testarea/lib/ufw/ufw-init start 87: logging medium 88: tests/testarea/lib/ufw/ufw-init flush-all 89: tests/testarea/lib/ufw/ufw-init start 90: tests/testarea/lib/ufw/ufw-init stop 91: tests/testarea/lib/ufw/ufw-init start 92: logging high 93: tests/testarea/lib/ufw/ufw-init flush-all 94: tests/testarea/lib/ufw/ufw-init start 95: tests/testarea/lib/ufw/ufw-init stop 96: tests/testarea/lib/ufw/ufw-init start 97: logging full 98: tests/testarea/lib/ufw/ufw-init flush-all 99: tests/testarea/lib/ufw/ufw-init start 100: tests/testarea/lib/ufw/ufw-init stop 101: tests/testarea/lib/ufw/ufw-init start Setting IPV6 to no 102: disable 103: enable 104: tests/testarea/lib/ufw/ufw-init flush-all 105: tests/testarea/lib/ufw/ufw-init start 106: tests/testarea/lib/ufw/ufw-init stop 107: tests/testarea/lib/ufw/ufw-init start 108: logging off 109: tests/testarea/lib/ufw/ufw-init flush-all 110: tests/testarea/lib/ufw/ufw-init start 111: tests/testarea/lib/ufw/ufw-init stop 112: tests/testarea/lib/ufw/ufw-init start 113: logging on 114: tests/testarea/lib/ufw/ufw-init flush-all 115: tests/testarea/lib/ufw/ufw-init start 116: tests/testarea/lib/ufw/ufw-init stop 117: tests/testarea/lib/ufw/ufw-init start 118: logging low 119: tests/testarea/lib/ufw/ufw-init flush-all 120: tests/testarea/lib/ufw/ufw-init start 121: tests/testarea/lib/ufw/ufw-init stop 122: tests/testarea/lib/ufw/ufw-init start 123: logging medium 124: tests/testarea/lib/ufw/ufw-init flush-all 125: tests/testarea/lib/ufw/ufw-init start 126: tests/testarea/lib/ufw/ufw-init stop 127: tests/testarea/lib/ufw/ufw-init start 128: logging high 129: tests/testarea/lib/ufw/ufw-init flush-all 130: tests/testarea/lib/ufw/ufw-init start 131: tests/testarea/lib/ufw/ufw-init stop 132: tests/testarea/lib/ufw/ufw-init start 133: logging full 134: tests/testarea/lib/ufw/ufw-init flush-all 135: tests/testarea/lib/ufw/ufw-init start 136: tests/testarea/lib/ufw/ufw-init stop 137: tests/testarea/lib/ufw/ufw-init start 138: disable ufw-0.36/tests/root/live_apps/0000755000175000017500000000000013404772663015322 5ustar jamiejamieufw-0.36/tests/root/live_apps/orig0000777000175000017500000000000013226727543020361 2../../defaultsustar jamiejamieufw-0.36/tests/root/live_apps/runtest.sh0000755000175000017500000002550613404772663017375 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" # This isn't available everywhere, so we will test it later sed -i "s/self.caps\['limit'\]\['6'\] = True/self.caps['limit']['6'] = False/" $TESTPATH/lib/python/ufw/backend.py echo "TESTING APPLICATION RULES" >> $TESTTMP/result for update in no yes do if [ "$update" = "yes" ]; then echo "Adding and deleting updated app rules" >> $TESTTMP/result else echo "Adding and deleting app rules" >> $TESTTMP/result fi for ipv6 in yes no do # make sure we always start clean sed -i 's/9999/137/g' $TESTPATH/etc/ufw/applications.d/samba sed -i 's/8888/80/g' $TESTPATH/etc/ufw/applications.d/apache echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow Apache for loc in any addr ; do if [ "$loc" != "any" ]; then if [ "$ipv6" = "yes" ]; then loc="2001:db8::/32" else loc="192.168.2.0/24" fi fi do_cmd "0" allow to $loc app Samba do_cmd "0" allow from $loc app Samba do_cmd "0" allow to $loc app Samba from $loc app Bind9 do_cmd "0" allow to $loc app Samba from $loc port 13 do_cmd "0" allow to $loc app Apache from $loc port 88 done do_cmd "0" status do_cmd "0" status verbose if [ "$update" = "yes" ]; then sed -i 's/137/9999/g' $TESTPATH/etc/ufw/applications.d/samba sed -i 's/80/8888/g' $TESTPATH/etc/ufw/applications.d/apache do_cmd "0" app update Apache do_cmd "0" app update Samba do_cmd "0" status do_cmd "0" status verbose fi do_cmd "0" delete allow Apache for loc in any addr ; do if [ "$loc" != "any" ]; then if [ "$ipv6" = "yes" ]; then loc="2001:db8::/32" else loc="192.168.2.0/24" fi fi do_cmd "0" delete allow to $loc app Samba do_cmd "0" delete allow from $loc app Samba do_cmd "0" delete allow to $loc app Samba from $loc app Bind9 do_cmd "0" delete allow to $loc app Samba from $loc port 13 do_cmd "0" delete allow to $loc app Apache from $loc port 88 done do_cmd "0" status done done sed -i 's/9999/137/g' $TESTPATH/etc/ufw/applications.d/samba sed -i 's/8888/80/g' $TESTPATH/etc/ufw/applications.d/apache echo "TESTING APPLICATION RULES (v6 delete app rules)" >> $TESTTMP/result echo "Setting IPV6 to yes" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow Apache do_cmd "0" allow from 2001:db8::/32 to any app Apache do_cmd "0" status verbose do_cmd "0" delete allow from 2001:db8::/32 to any app Apache do_cmd "0" status verbose do_cmd "0" delete allow Apache do_cmd "0" status verbose echo "TESTING APPLICATION RULES (update)" >> $TESTTMP/result # some of these are ommitted cause they are above do_cmd "0" app update Bind9 do_cmd "0" app default allow do_cmd "0" app update --add-new Apache do_cmd "0" app default deny do_cmd "0" app update --add-new Samba do_cmd "0" app default skip do_cmd "0" app update --add-new Bind9 do_cmd "0" status verbose do_cmd "0" delete allow Apache do_cmd "0" delete deny Samba do_cmd "0" status verbose echo "TESTING APPLICATION INTEGRATION (exact vs multi)" >> $TESTTMP/result cat > $TESTPATH/etc/ufw/applications.d/Runtest2 << EOM [Runtest2] title=runtest title description=runtest description ports=23/tcp EOM cat > $TESTPATH/etc/ufw/applications.d/RunTest2 << EOM [RunTest2] title=runtest title description=runtest description ports=24/tcp EOM do_cmd "0" allow RunTest2 do_cmd "0" status verbose do_cmd "0" delete allow RunTest2 do_cmd "0" status verbose echo "TESTING APPLICATION INTEGRATION (case insensitive)" >> $TESTTMP/result cat > $TESTPATH/etc/ufw/applications.d/runtest << EOM [runtest] title=runtest title description=runtest description ports=26/tcp EOM do_cmd "0" allow runtest do_cmd "0" status verbose do_cmd "0" deny RunTest do_cmd "0" status verbose do_cmd "0" delete deny RUNTESt echo "TESTING APPLICATION INTEGRATION (reject)" >> $TESTTMP/result do_cmd "0" reject to any from any app Samba do_cmd "0" reject Samba do_cmd "0" status verbose do_cmd "0" delete reject to any from any app Samba do_cmd "0" delete reject Samba do_cmd "0" status verbose echo "TESTING INSERT" >> $TESTTMP/result for ipv6 in no yes ; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow Apache do_cmd "0" allow Bind9 do_cmd "0" insert 1 allow Samba do_cmd "0" insert 2 reject 'Dovecot POP3' cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.1 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.1 do_cmd "0" nostats disable do_cmd "0" nostats enable iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.2 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.2 diff $TESTTMP/save.1 $TESTTMP/save.2 || { echo "ip(6)tables-restore different for '$i'" exit 1 } do_cmd "0" delete allow Apache do_cmd "0" delete allow Bind9 do_cmd "0" delete allow Samba do_cmd "0" delete reject 'Dovecot POP3' cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow Samba do_cmd "0" allow 13 do_cmd "0" insert 2 allow from any to any app Samba do_cmd "0" insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba do_cmd "0" insert 2 allow from 192.168.0.1 to any app Samba do_cmd "0" insert 2 allow from 192.168.0.1 app Samba to 10.0.0.1 do_cmd "0" insert 2 allow from any app Samba to 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.1 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.1 do_cmd "0" nostats disable do_cmd "0" nostats enable iptables-save | egrep -v '^(#|:)' > $TESTTMP/save.2 ip6tables-save | egrep -v '^(#|:)' >> $TESTTMP/save.2 diff $TESTTMP/save.1 $TESTTMP/save.2 || { echo "ip(6)tables-restore different for '$i'" exit 1 } do_cmd "0" delete allow Samba do_cmd "0" delete allow 13 do_cmd "0" delete allow from any to any app Samba do_cmd "0" delete allow from 192.168.0.1 to 10.0.0.1 app Samba do_cmd "0" delete allow from 192.168.0.1 to any app Samba do_cmd "0" delete allow from 192.168.0.1 app Samba to 10.0.0.1 do_cmd "0" delete allow from any app Samba to 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "TESTING APPLICATION INTEGRATION (interfaces)" >> $TESTTMP/result for i in "in" "out" ; do for j in allow deny limit reject ; do do_cmd "0" $j $i on eth0 to 192.168.0.1 app Samba do_cmd "1" null $j $i on eth0:1 from 10.0.0.1 app Samba do_cmd "0" $j $i on eth0 from 10.0.0.1 to any app Samba do_cmd "0" status grep -A3 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A3 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $j $i on eth0 to 192.168.0.1 app Samba do_cmd "0" delete $j $i on eth0 from 10.0.0.1 to any app Samba do_cmd "0" status grep -A3 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A3 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done do_cmd "0" allow $i on eth0 to any app Bind9 do_cmd "0" insert 1 allow $i on eth2 to any app Samba do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow $i on eth0 to any app Bind9 do_cmd "0" delete allow $i on eth2 to any app Samba do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Delete by number" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" nostats allow from any app Samba do_cmd "0" nostats allow Samba do_cmd "0" nostats allow 13/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result if [ "$ipv6" = "yes" ]; then grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi if [ "$ipv6" = "yes" ]; then do_cmd "0" null --force delete 6 grep -v -q "^### tuple ### allow any 13 " $TESTCONFIG/user6.rules || { echo "Failed: Found port '13' in user6.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi do_cmd "0" null --force delete 3 grep -v -q "^### tuple ### allow any 13 " $TESTCONFIG/user.rules || { echo "Failed: Found port '13' in user.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result if [ "$ipv6" = "yes" ]; then do_cmd "0" null --force delete 4 grep -v -q "dapp_Samba" $TESTCONFIG/user6.rules || { echo "Failed: Found dapp_Samba in user6.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi do_cmd "0" null --force delete 2 grep -v -q "dapp_Samba" $TESTCONFIG/user.rules || { echo "Failed: Found dapp_Samba in user.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result if [ "$ipv6" = "yes" ]; then do_cmd "0" null --force delete 2 grep -v -q "sapp_Samba" $TESTCONFIG/user6.rules || { echo "Failed: Found sapp_Samba in user6.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi do_cmd "0" null --force delete 1 grep -v -q "sapp_Samba" $TESTCONFIG/user.rules || { echo "Failed: Found sapp_Samba in user.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result done do_cmd "0" nostats disable cleanup exit 0 ufw-0.36/tests/root/live_apps/result0000644000175000017500000024604613404772663016577 0ustar jamiejamieTESTING APPLICATION RULES Adding and deleting app rules Setting IPV6 to yes 0: disable 1: enable 2: allow Apache WARN: Checks disabled Rule added Rule added (v6) 3: allow to any app Samba WARN: Checks disabled Rule added Rule added (v6) 4: allow from any app Samba WARN: Checks disabled Rule added Rule added (v6) 5: allow to any app Samba from any app Bind9 WARN: Checks disabled Rule added Rule added (v6) 6: allow to any app Samba from any port 13 WARN: Checks disabled Rule added Rule added (v6) 7: allow to any app Apache from any port 88 WARN: Checks disabled Rule added Rule added (v6) 8: allow to 2001:db8::/32 app Samba WARN: Checks disabled Rule added (v6) 9: allow from 2001:db8::/32 app Samba WARN: Checks disabled Rule added (v6) 10: allow to 2001:db8::/32 app Samba from 2001:db8::/32 app Bind9 WARN: Checks disabled Rule added (v6) 11: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 WARN: Checks disabled Rule added (v6) 12: allow to 2001:db8::/32 app Apache from 2001:db8::/32 port 88 WARN: Checks disabled Rule added (v6) 13: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 Apache (v6) ALLOW Anywhere (v6) Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) Samba (v6) ALLOW 13 (v6) Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 2001:db8::/32 Samba ALLOW 2001:db8::/32 13 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 14: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 137,138/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 137,138/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 137,138/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 80/tcp (Apache) ALLOW IN 88/tcp 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6) 139,445/tcp (Samba (v6)) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6)) Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) 137,138/udp (Samba (v6)) ALLOW IN 13/udp (v6) 139,445/tcp (Samba (v6)) ALLOW IN 13/tcp (v6) 80/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp 15: delete allow Apache WARN: Checks disabled Rule deleted Rule deleted (v6) 16: delete allow to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 17: delete allow from any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 18: delete allow to any app Samba from any app Bind9 WARN: Checks disabled Rule deleted Rule deleted (v6) 19: delete allow to any app Samba from any port 13 WARN: Checks disabled Rule deleted Rule deleted (v6) 20: delete allow to any app Apache from any port 88 WARN: Checks disabled Rule deleted Rule deleted (v6) 21: delete allow to 2001:db8::/32 app Samba WARN: Checks disabled Rule deleted (v6) 22: delete allow from 2001:db8::/32 app Samba WARN: Checks disabled Rule deleted (v6) 23: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 app Bind9 WARN: Checks disabled Rule deleted (v6) 24: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 WARN: Checks disabled Rule deleted (v6) 25: delete allow to 2001:db8::/32 app Apache from 2001:db8::/32 port 88 WARN: Checks disabled Rule deleted (v6) 26: status WARN: Checks disabled Status: active Setting IPV6 to no 27: disable 28: enable 29: allow Apache WARN: Checks disabled Rule added 30: allow to any app Samba WARN: Checks disabled Rule added 31: allow from any app Samba WARN: Checks disabled Rule added 32: allow to any app Samba from any app Bind9 WARN: Checks disabled Rule added 33: allow to any app Samba from any port 13 WARN: Checks disabled Rule added 34: allow to any app Apache from any port 88 WARN: Checks disabled Rule added 35: allow to 192.168.2.0/24 app Samba WARN: Checks disabled Rule added 36: allow from 192.168.2.0/24 app Samba WARN: Checks disabled Rule added 37: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 app Bind9 WARN: Checks disabled Rule added 38: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 WARN: Checks disabled Rule added 39: allow to 192.168.2.0/24 app Apache from 192.168.2.0/24 port 88 WARN: Checks disabled Rule added 40: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 192.168.2.0/24 Samba ALLOW Anywhere Anywhere ALLOW 192.168.2.0/24 Samba 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 41: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 137,138/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 137,138/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 137,138/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 80/tcp (Apache) ALLOW IN 88/tcp 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba) Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp 42: delete allow Apache WARN: Checks disabled Rule deleted 43: delete allow to any app Samba WARN: Checks disabled Rule deleted 44: delete allow from any app Samba WARN: Checks disabled Rule deleted 45: delete allow to any app Samba from any app Bind9 WARN: Checks disabled Rule deleted 46: delete allow to any app Samba from any port 13 WARN: Checks disabled Rule deleted 47: delete allow to any app Apache from any port 88 WARN: Checks disabled Rule deleted 48: delete allow to 192.168.2.0/24 app Samba WARN: Checks disabled Rule deleted 49: delete allow from 192.168.2.0/24 app Samba WARN: Checks disabled Rule deleted 50: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 app Bind9 WARN: Checks disabled Rule deleted 51: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 WARN: Checks disabled Rule deleted 52: delete allow to 192.168.2.0/24 app Apache from 192.168.2.0/24 port 88 WARN: Checks disabled Rule deleted 53: status WARN: Checks disabled Status: active Adding and deleting updated app rules Setting IPV6 to yes 54: disable 55: enable 56: allow Apache WARN: Checks disabled Rule added Rule added (v6) 57: allow to any app Samba WARN: Checks disabled Rule added Rule added (v6) 58: allow from any app Samba WARN: Checks disabled Rule added Rule added (v6) 59: allow to any app Samba from any app Bind9 WARN: Checks disabled Rule added Rule added (v6) 60: allow to any app Samba from any port 13 WARN: Checks disabled Rule added Rule added (v6) 61: allow to any app Apache from any port 88 WARN: Checks disabled Rule added Rule added (v6) 62: allow to 2001:db8::/32 app Samba WARN: Checks disabled Rule added (v6) 63: allow from 2001:db8::/32 app Samba WARN: Checks disabled Rule added (v6) 64: allow to 2001:db8::/32 app Samba from 2001:db8::/32 app Bind9 WARN: Checks disabled Rule added (v6) 65: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 WARN: Checks disabled Rule added (v6) 66: allow to 2001:db8::/32 app Apache from 2001:db8::/32 port 88 WARN: Checks disabled Rule added (v6) 67: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 Apache (v6) ALLOW Anywhere (v6) Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) Samba (v6) ALLOW 13 (v6) Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 2001:db8::/32 Samba ALLOW 2001:db8::/32 13 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 68: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 137,138/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 137,138/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 137,138/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 80/tcp (Apache) ALLOW IN 88/tcp 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6) 139,445/tcp (Samba (v6)) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6)) Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) 137,138/udp (Samba (v6)) ALLOW IN 13/udp (v6) 139,445/tcp (Samba (v6)) ALLOW IN 13/tcp (v6) 80/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba) Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp 69: app update Apache WARN: Checks disabled Rules updated for profile 'Apache' Firewall reloaded 70: app update Samba WARN: Checks disabled Rules updated for profile 'Samba' Firewall reloaded 71: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 Apache (v6) ALLOW Anywhere (v6) Samba (v6) ALLOW Anywhere (v6) Anywhere (v6) ALLOW Samba (v6) Samba (v6) ALLOW Bind9 (v6) Samba (v6) ALLOW 13 (v6) Apache (v6) ALLOW 88 (v6) 2001:db8::/32 Samba ALLOW Anywhere (v6) Anywhere (v6) ALLOW 2001:db8::/32 Samba 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9 2001:db8::/32 Samba ALLOW 2001:db8::/32 13 2001:db8::/32 Apache ALLOW 2001:db8::/32 88 72: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 8888/tcp (Apache) ALLOW IN Anywhere 138,9999/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 138,9999/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 138,9999/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 8888/tcp (Apache) ALLOW IN 88/tcp 8888/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 138,9999/udp (Samba (v6)) ALLOW IN Anywhere (v6) 139,445/tcp (Samba (v6)) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 138,9999/udp (Samba (v6)) Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6)) 138,9999/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6)) 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6)) 138,9999/udp (Samba (v6)) ALLOW IN 13/udp (v6) 139,445/tcp (Samba (v6)) ALLOW IN 13/tcp (v6) 8888/tcp (Apache (v6)) ALLOW IN 88/tcp (v6) 2001:db8::/32 138,9999/udp (Samba) ALLOW IN Anywhere (v6) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6) Anywhere (v6) ALLOW IN 2001:db8::/32 138,9999/udp (Samba) Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba) 2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9) 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9) 2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 13/udp 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp 2001:db8::/32 8888/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp 73: delete allow Apache WARN: Checks disabled Rule deleted Rule deleted (v6) 74: delete allow to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 75: delete allow from any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 76: delete allow to any app Samba from any app Bind9 WARN: Checks disabled Rule deleted Rule deleted (v6) 77: delete allow to any app Samba from any port 13 WARN: Checks disabled Rule deleted Rule deleted (v6) 78: delete allow to any app Apache from any port 88 WARN: Checks disabled Rule deleted Rule deleted (v6) 79: delete allow to 2001:db8::/32 app Samba WARN: Checks disabled Rule deleted (v6) 80: delete allow from 2001:db8::/32 app Samba WARN: Checks disabled Rule deleted (v6) 81: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 app Bind9 WARN: Checks disabled Rule deleted (v6) 82: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13 WARN: Checks disabled Rule deleted (v6) 83: delete allow to 2001:db8::/32 app Apache from 2001:db8::/32 port 88 WARN: Checks disabled Rule deleted (v6) 84: status WARN: Checks disabled Status: active Setting IPV6 to no 85: disable 86: enable 87: allow Apache WARN: Checks disabled Rule added 88: allow to any app Samba WARN: Checks disabled Rule added 89: allow from any app Samba WARN: Checks disabled Rule added 90: allow to any app Samba from any app Bind9 WARN: Checks disabled Rule added 91: allow to any app Samba from any port 13 WARN: Checks disabled Rule added 92: allow to any app Apache from any port 88 WARN: Checks disabled Rule added 93: allow to 192.168.2.0/24 app Samba WARN: Checks disabled Rule added 94: allow from 192.168.2.0/24 app Samba WARN: Checks disabled Rule added 95: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 app Bind9 WARN: Checks disabled Rule added 96: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 WARN: Checks disabled Rule added 97: allow to 192.168.2.0/24 app Apache from 192.168.2.0/24 port 88 WARN: Checks disabled Rule added 98: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 192.168.2.0/24 Samba ALLOW Anywhere Anywhere ALLOW 192.168.2.0/24 Samba 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 99: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 137,138/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 137,138/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 137,138/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 137,138/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 80/tcp (Apache) ALLOW IN 88/tcp 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba) Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp 100: app update Apache WARN: Checks disabled Rules updated for profile 'Apache' Firewall reloaded 101: app update Samba WARN: Checks disabled Rules updated for profile 'Samba' Firewall reloaded 102: status WARN: Checks disabled Status: active To Action From -- ------ ---- Apache ALLOW Anywhere Samba ALLOW Anywhere Anywhere ALLOW Samba Samba ALLOW Bind9 Samba ALLOW 13 Apache ALLOW 88 192.168.2.0/24 Samba ALLOW Anywhere Anywhere ALLOW 192.168.2.0/24 Samba 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88 103: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 8888/tcp (Apache) ALLOW IN Anywhere 138,9999/udp (Samba) ALLOW IN Anywhere 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 138,9999/udp (Samba) Anywhere ALLOW IN 139,445/tcp (Samba) 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9) 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9) 138,9999/udp (Samba) ALLOW IN 13/udp 139,445/tcp (Samba) ALLOW IN 13/tcp 8888/tcp (Apache) ALLOW IN 88/tcp 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN Anywhere 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere Anywhere ALLOW IN 192.168.2.0/24 138,9999/udp (Samba) Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba) 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9) 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9) 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp 192.168.2.0/24 8888/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp 104: delete allow Apache WARN: Checks disabled Rule deleted 105: delete allow to any app Samba WARN: Checks disabled Rule deleted 106: delete allow from any app Samba WARN: Checks disabled Rule deleted 107: delete allow to any app Samba from any app Bind9 WARN: Checks disabled Rule deleted 108: delete allow to any app Samba from any port 13 WARN: Checks disabled Rule deleted 109: delete allow to any app Apache from any port 88 WARN: Checks disabled Rule deleted 110: delete allow to 192.168.2.0/24 app Samba WARN: Checks disabled Rule deleted 111: delete allow from 192.168.2.0/24 app Samba WARN: Checks disabled Rule deleted 112: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 app Bind9 WARN: Checks disabled Rule deleted 113: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13 WARN: Checks disabled Rule deleted 114: delete allow to 192.168.2.0/24 app Apache from 192.168.2.0/24 port 88 WARN: Checks disabled Rule deleted 115: status WARN: Checks disabled Status: active TESTING APPLICATION RULES (v6 delete app rules) Setting IPV6 to yes 116: disable 117: enable 118: allow Apache WARN: Checks disabled Rule added Rule added (v6) 119: allow from 2001:db8::/32 to any app Apache WARN: Checks disabled Rule added (v6) 120: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 80/tcp (Apache (v6)) ALLOW IN 2001:db8::/32 121: delete allow from 2001:db8::/32 to any app Apache WARN: Checks disabled Rule deleted (v6) 122: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 123: delete allow Apache WARN: Checks disabled Rule deleted Rule deleted (v6) 124: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip TESTING APPLICATION RULES (update) 125: app update Bind9 WARN: Checks disabled 126: app default allow WARN: Checks disabled Default application policy changed to 'allow' 127: app update --add-new Apache WARN: Checks disabled Rule added Rule added (v6) 128: app default deny WARN: Checks disabled Default application policy changed to 'deny' 129: app update --add-new Samba WARN: Checks disabled Rule added Rule added (v6) 130: app default skip WARN: Checks disabled Default application policy changed to 'skip' 131: app update --add-new Bind9 WARN: Checks disabled 132: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80/tcp (Apache) ALLOW IN Anywhere 137,138/udp (Samba) DENY IN Anywhere 139,445/tcp (Samba) DENY IN Anywhere 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6) 137,138/udp (Samba (v6)) DENY IN Anywhere (v6) 139,445/tcp (Samba (v6)) DENY IN Anywhere (v6) 133: delete allow Apache WARN: Checks disabled Rule deleted Rule deleted (v6) 134: delete deny Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 135: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip TESTING APPLICATION INTEGRATION (exact vs multi) 136: allow RunTest2 WARN: Checks disabled Rule added Rule added (v6) 137: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 24/tcp (RunTest2) ALLOW IN Anywhere 24/tcp (RunTest2 (v6)) ALLOW IN Anywhere (v6) 138: delete allow RunTest2 WARN: Checks disabled Rule deleted Rule deleted (v6) 139: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip TESTING APPLICATION INTEGRATION (case insensitive) 140: allow runtest WARN: Checks disabled Rule added Rule added (v6) 141: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 26/tcp (runtest) ALLOW IN Anywhere 26/tcp (runtest (v6)) ALLOW IN Anywhere (v6) 142: deny RunTest WARN: Checks disabled Rule updated Rule updated (v6) 143: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 26/tcp (runtest) DENY IN Anywhere 26/tcp (runtest (v6)) DENY IN Anywhere (v6) 144: delete deny RUNTESt WARN: Checks disabled Rule deleted Rule deleted (v6) TESTING APPLICATION INTEGRATION (reject) 145: reject to any from any app Samba WARN: Checks disabled Rule added Rule added (v6) 146: reject Samba WARN: Checks disabled Rule added Rule added (v6) 147: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- Anywhere REJECT IN 137,138/udp (Samba) Anywhere REJECT IN 139,445/tcp (Samba) 137,138/udp (Samba) REJECT IN Anywhere 139,445/tcp (Samba) REJECT IN Anywhere Anywhere (v6) REJECT IN 137,138/udp (Samba (v6)) Anywhere (v6) REJECT IN 139,445/tcp (Samba (v6)) 137,138/udp (Samba (v6)) REJECT IN Anywhere (v6) 139,445/tcp (Samba (v6)) REJECT IN Anywhere (v6) 148: delete reject to any from any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 149: delete reject Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 150: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip TESTING INSERT Setting IPV6 to no 151: disable 152: enable 153: allow Apache WARN: Checks disabled Rule added 154: allow Bind9 WARN: Checks disabled Rule added 155: insert 1 allow Samba WARN: Checks disabled Rule inserted 156: insert 2 reject Dovecot POP3 WARN: Checks disabled Rule inserted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 110 0.0.0.0/0 any 0.0.0.0/0 Dovecot%20POP3 - in -A ufw-user-input -p tcp --dport 110 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Dovecot%20POP3' ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### ### END LOGGING ### COMMIT 157: disable 158: enable 159: delete allow Apache WARN: Checks disabled Rule deleted 160: delete allow Bind9 WARN: Checks disabled Rule deleted 161: delete allow Samba WARN: Checks disabled Rule deleted 162: delete reject Dovecot POP3 WARN: Checks disabled Rule deleted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### ### END LOGGING ### COMMIT 163: allow Samba WARN: Checks disabled Rule added 164: allow 13 WARN: Checks disabled Rule added 165: insert 2 allow from any to any app Samba WARN: Checks disabled Skipping inserting existing rule 166: insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba WARN: Checks disabled Rule inserted 167: insert 2 allow from 192.168.0.1 to any app Samba WARN: Checks disabled Rule inserted 168: insert 2 allow from 192.168.0.1 app Samba to 10.0.0.1 WARN: Checks disabled Rule inserted 169: insert 2 allow from any app Samba to 10.0.0.1 WARN: Checks disabled Rule inserted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### ### END LOGGING ### COMMIT 170: disable 171: enable 172: delete allow Samba WARN: Checks disabled Rule deleted 173: delete allow 13 WARN: Checks disabled Rule deleted 174: delete allow from any to any app Samba WARN: Checks disabled Could not delete non-existent rule Could not delete non-existent rule (v6) 175: delete allow from 192.168.0.1 to 10.0.0.1 app Samba WARN: Checks disabled Rule deleted 176: delete allow from 192.168.0.1 to any app Samba WARN: Checks disabled Rule deleted 177: delete allow from 192.168.0.1 app Samba to 10.0.0.1 WARN: Checks disabled Rule deleted 178: delete allow from any app Samba to 10.0.0.1 WARN: Checks disabled Rule deleted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### ### END LOGGING ### COMMIT Setting IPV6 to yes 179: disable 180: enable 181: allow Apache WARN: Checks disabled Rule added Rule added (v6) 182: allow Bind9 WARN: Checks disabled Rule added Rule added (v6) 183: insert 1 allow Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 184: insert 2 reject Dovecot POP3 WARN: Checks disabled Rule inserted Rule inserted (v6) *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 110 0.0.0.0/0 any 0.0.0.0/0 Dovecot%20POP3 - in -A ufw-user-input -p tcp --dport 110 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Dovecot%20POP3' ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 110 ::/0 any ::/0 Dovecot%20POP3 - in -A ufw6-user-input -p tcp --dport 110 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Dovecot%20POP3' ### tuple ### allow tcp 80 ::/0 any ::/0 Apache - in -A ufw6-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow any 53 ::/0 any ::/0 Bind9 - in -A ufw6-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw6-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 185: disable 186: enable 187: delete allow Apache WARN: Checks disabled Rule deleted Rule deleted (v6) 188: delete allow Bind9 WARN: Checks disabled Rule deleted Rule deleted (v6) 189: delete allow Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 190: delete reject Dovecot POP3 WARN: Checks disabled Rule deleted Rule deleted (v6) *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 191: allow Samba WARN: Checks disabled Rule added Rule added (v6) 192: allow 13 WARN: Checks disabled Rule added Rule added (v6) 193: insert 2 allow from any to any app Samba WARN: Checks disabled Skipping inserting existing rule Skipping inserting existing rule (v6) 194: insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba WARN: Checks disabled Rule inserted 195: insert 2 allow from 192.168.0.1 to any app Samba WARN: Checks disabled Rule inserted 196: insert 2 allow from 192.168.0.1 app Samba to 10.0.0.1 WARN: Checks disabled Rule inserted 197: insert 2 allow from any app Samba to 10.0.0.1 WARN: Checks disabled Rule inserted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 13 -j ACCEPT -A ufw6-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 198: disable 199: enable 200: delete allow Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 201: delete allow 13 WARN: Checks disabled Rule deleted Rule deleted (v6) 202: delete allow from any to any app Samba WARN: Checks disabled Could not delete non-existent rule Could not delete non-existent rule (v6) 203: delete allow from 192.168.0.1 to 10.0.0.1 app Samba WARN: Checks disabled Rule deleted 204: delete allow from 192.168.0.1 to any app Samba WARN: Checks disabled Rule deleted 205: delete allow from 192.168.0.1 app Samba to 10.0.0.1 WARN: Checks disabled Rule deleted 206: delete allow from any app Samba to 10.0.0.1 WARN: Checks disabled Rule deleted *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT TESTING APPLICATION INTEGRATION (interfaces) 207: allow in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 208: allow in on eth0:1 from 10.0.0.1 app Samba 209: allow in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 210: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba on eth0 ALLOW Anywhere Samba on eth0 ALLOW 10.0.0.1 ### tuple ### allow udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### 211: delete allow in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 212: delete allow in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 213: status WARN: Checks disabled Status: active 214: deny in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 215: deny in on eth0:1 from 10.0.0.1 app Samba 216: deny in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 217: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba on eth0 DENY Anywhere Samba on eth0 DENY 10.0.0.1 ### tuple ### deny udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### 218: delete deny in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 219: delete deny in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 220: status WARN: Checks disabled Status: active 221: limit in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 222: limit in on eth0:1 from 10.0.0.1 app Samba 223: limit in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 224: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba on eth0 LIMIT Anywhere Samba on eth0 LIMIT 10.0.0.1 ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' 225: delete limit in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 226: delete limit in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 227: status WARN: Checks disabled Status: active 228: reject in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 229: reject in on eth0:1 from 10.0.0.1 app Samba 230: reject in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 231: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba on eth0 REJECT Anywhere Samba on eth0 REJECT 10.0.0.1 ### tuple ### reject udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### 232: delete reject in on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 233: delete reject in on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 234: status WARN: Checks disabled Status: active 235: allow in on eth0 to any app Bind9 WARN: Checks disabled Rule added Rule added (v6) 236: insert 1 allow in on eth2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 237: status WARN: Checks disabled Status: active To Action From -- ------ ---- Samba on eth2 ALLOW Anywhere Bind9 on eth0 ALLOW Anywhere Samba (v6) on eth2 ALLOW Anywhere (v6) Bind9 (v6) on eth0 ALLOW Anywhere (v6) ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in_eth0 -A ufw-user-input -i eth0 -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -i eth0 -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth2 -A ufw6-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth2 -A ufw6-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 53 ::/0 any ::/0 Bind9 - in_eth0 -A ufw6-user-input -i eth0 -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw6-user-input -i eth0 -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' 238: delete allow in on eth0 to any app Bind9 WARN: Checks disabled Rule deleted Rule deleted (v6) 239: delete allow in on eth2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 240: status WARN: Checks disabled Status: active 241: allow out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 242: allow out on eth0:1 from 10.0.0.1 app Samba 243: allow out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 244: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba ALLOW OUT Anywhere on eth0 Samba ALLOW OUT 10.0.0.1 on eth0 ### tuple ### allow udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### 245: delete allow out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 246: delete allow out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 247: status WARN: Checks disabled Status: active 248: deny out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 249: deny out on eth0:1 from 10.0.0.1 app Samba 250: deny out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 251: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba DENY OUT Anywhere on eth0 Samba DENY OUT 10.0.0.1 on eth0 ### tuple ### deny udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### 252: delete deny out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 253: delete deny out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 254: status WARN: Checks disabled Status: active 255: limit out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 256: limit out on eth0:1 from 10.0.0.1 app Samba 257: limit out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 258: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba LIMIT OUT Anywhere on eth0 Samba LIMIT OUT 10.0.0.1 on eth0 ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' -- ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' 259: delete limit out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 260: delete limit out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 261: status WARN: Checks disabled Status: active 262: reject out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule added 263: reject out on eth0:1 from 10.0.0.1 app Samba 264: reject out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule added 265: status WARN: Checks disabled Status: active To Action From -- ------ ---- 192.168.0.1 Samba REJECT OUT Anywhere on eth0 Samba REJECT OUT 10.0.0.1 on eth0 ### tuple ### reject udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### 266: delete reject out on eth0 to 192.168.0.1 app Samba WARN: Checks disabled Rule deleted 267: delete reject out on eth0 from 10.0.0.1 to any app Samba WARN: Checks disabled Rule deleted 268: status WARN: Checks disabled Status: active 269: allow out on eth0 to any app Bind9 WARN: Checks disabled Rule added Rule added (v6) 270: insert 1 allow out on eth2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 271: status WARN: Checks disabled Status: active To Action From -- ------ ---- Samba ALLOW OUT Anywhere on eth2 Bind9 ALLOW OUT Anywhere on eth0 Samba (v6) ALLOW OUT Anywhere (v6) on eth2 Bind9 (v6) ALLOW OUT Anywhere (v6) on eth0 ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - out_eth0 -A ufw-user-output -o eth0 -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-output -o eth0 -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth2 -A ufw6-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - out_eth2 -A ufw6-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 53 ::/0 any ::/0 Bind9 - out_eth0 -A ufw6-user-output -o eth0 -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw6-user-output -o eth0 -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' 272: delete allow out on eth0 to any app Bind9 WARN: Checks disabled Rule deleted Rule deleted (v6) 273: delete allow out on eth2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 274: status WARN: Checks disabled Status: active Delete by number Setting IPV6 to yes 275: disable 276: enable 277: allow from any app Samba 278: allow Samba 279: allow 13/tcp ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT ### tuple ### allow udp any ::/0 137,138 ::/0 - Samba in -A ufw6-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any ::/0 139,445 ::/0 - Samba in -A ufw6-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 13 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 13 -j ACCEPT 280: --force delete 6 ### tuple ### allow udp any ::/0 137,138 ::/0 - Samba in -A ufw6-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any ::/0 139,445 ::/0 - Samba in -A ufw6-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 281: --force delete 3 ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 282: --force delete 4 ### tuple ### allow udp any ::/0 137,138 ::/0 - Samba in -A ufw6-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any ::/0 139,445 ::/0 - Samba in -A ufw6-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' 283: --force delete 2 ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' 284: --force delete 2 285: --force delete 1 Setting IPV6 to no 286: disable 287: enable 288: allow from any app Samba 289: allow Samba 290: allow 13/tcp ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT 291: --force delete 3 ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 292: --force delete 2 ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' 293: --force delete 1 294: disable 295: disable ufw-0.36/tests/root/normalization/0000755000175000017500000000000013257512304016214 5ustar jamiejamieufw-0.36/tests/root/normalization/orig0000777000175000017500000000000013226727543021265 2../../defaultsustar jamiejamieufw-0.36/tests/root/normalization/runtest.sh0000755000175000017500000000637013257512304020265 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" do_cmd "0" nostats enable echo "TESTING EQUIVALENT PORTS" >> $TESTTMP/result do_cmd "0" http-or-www allow http do_cmd "0" delete allow 80/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 80/tcp do_cmd "0" http-or-www delete allow http grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" http-or-www allow http do_cmd "0" delete allow to any port 80 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 80 proto tcp do_cmd "0" http-or-www delete allow http grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow 80/tcp do_cmd "0" delete allow to any port 80 proto tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow to any port 80 proto tcp do_cmd "0" delete allow 80/tcp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING EQUIVALENT NETMASKS (HOST)" >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/255.255.255.255 do_cmd "0" delete allow from 192.168.0.1 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/255.255.255.255 do_cmd "0" delete allow from 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1 do_cmd "0" delete allow from 192.168.0.1/32 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1 do_cmd "0" delete allow from 192.168.0.1/255.255.255.255 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/32 do_cmd "0" delete allow from 192.168.0.1 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.1/32 do_cmd "0" delete allow from 192.168.0.1/255.255.255.255 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING EQUIVALENT NETMASKS (NETWORK)" >> $TESTTMP/result cidr=32 for i in 255 254 252 248 240 224 192 128 255 254 252 248 240 224 192 128 255 254 252 248 240 224 192 128 255 254 252 248 240 224 192 128; do mask="" if [ $cidr -le 8 ]; then mask="$i.0.0.0" elif [ $cidr -le 16 ]; then mask="255.$i.0.0" elif [ $cidr -le 24 ]; then mask="255.255.$i.0" else mask="255.255.255.$i" fi do_cmd "0" allow from 192.168.0.0/$mask do_cmd "0" delete allow from 192.168.0.0/$cidr grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" allow from 192.168.0.0/$cidr do_cmd "0" delete allow from 192.168.0.0/$mask grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result cidr=$((cidr-1)) done cleanup exit 0 ufw-0.36/tests/root/normalization/result0000644000175000017500000003156713226727543017502 0ustar jamiejamie0: enable TESTING EQUIVALENT PORTS 1: allow http WARN: Checks disabled Rule added 2: delete allow 80/tcp WARN: Checks disabled Rule deleted 3: allow 80/tcp WARN: Checks disabled Rule added 4: delete allow http WARN: Checks disabled Rule deleted 5: allow http WARN: Checks disabled Rule added 6: delete allow to any port 80 proto tcp WARN: Checks disabled Rule deleted 7: allow to any port 80 proto tcp WARN: Checks disabled Rule added 8: delete allow http WARN: Checks disabled Rule deleted 9: allow 80/tcp WARN: Checks disabled Rule added 10: delete allow to any port 80 proto tcp WARN: Checks disabled Rule deleted 11: allow to any port 80 proto tcp WARN: Checks disabled Rule added 12: delete allow 80/tcp WARN: Checks disabled Rule deleted TESTING EQUIVALENT NETMASKS (HOST) 13: allow from 192.168.0.1/255.255.255.255 WARN: Checks disabled Rule added 14: delete allow from 192.168.0.1 WARN: Checks disabled Rule deleted 15: allow from 192.168.0.1/255.255.255.255 WARN: Checks disabled Rule added 16: delete allow from 192.168.0.1/32 WARN: Checks disabled Rule deleted 17: allow from 192.168.0.1 WARN: Checks disabled Rule added 18: delete allow from 192.168.0.1/32 WARN: Checks disabled Rule deleted 19: allow from 192.168.0.1 WARN: Checks disabled Rule added 20: delete allow from 192.168.0.1/255.255.255.255 WARN: Checks disabled Rule deleted 21: allow from 192.168.0.1/32 WARN: Checks disabled Rule added 22: delete allow from 192.168.0.1 WARN: Checks disabled Rule deleted 23: allow from 192.168.0.1/32 WARN: Checks disabled Rule added 24: delete allow from 192.168.0.1/255.255.255.255 WARN: Checks disabled Rule deleted TESTING EQUIVALENT NETMASKS (NETWORK) 25: allow from 192.168.0.0/255.255.255.255 WARN: Checks disabled Rule added 26: delete allow from 192.168.0.0/32 WARN: Checks disabled Rule deleted 27: allow from 192.168.0.0/32 WARN: Checks disabled Rule added 28: delete allow from 192.168.0.0/255.255.255.255 WARN: Checks disabled Rule deleted 29: allow from 192.168.0.0/255.255.255.254 WARN: Checks disabled Rule added 30: delete allow from 192.168.0.0/31 WARN: Checks disabled Rule deleted 31: allow from 192.168.0.0/31 WARN: Checks disabled Rule added 32: delete allow from 192.168.0.0/255.255.255.254 WARN: Checks disabled Rule deleted 33: allow from 192.168.0.0/255.255.255.252 WARN: Checks disabled Rule added 34: delete allow from 192.168.0.0/30 WARN: Checks disabled Rule deleted 35: allow from 192.168.0.0/30 WARN: Checks disabled Rule added 36: delete allow from 192.168.0.0/255.255.255.252 WARN: Checks disabled Rule deleted 37: allow from 192.168.0.0/255.255.255.248 WARN: Checks disabled Rule added 38: delete allow from 192.168.0.0/29 WARN: Checks disabled Rule deleted 39: allow from 192.168.0.0/29 WARN: Checks disabled Rule added 40: delete allow from 192.168.0.0/255.255.255.248 WARN: Checks disabled Rule deleted 41: allow from 192.168.0.0/255.255.255.240 WARN: Checks disabled Rule added 42: delete allow from 192.168.0.0/28 WARN: Checks disabled Rule deleted 43: allow from 192.168.0.0/28 WARN: Checks disabled Rule added 44: delete allow from 192.168.0.0/255.255.255.240 WARN: Checks disabled Rule deleted 45: allow from 192.168.0.0/255.255.255.224 WARN: Checks disabled Rule added 46: delete allow from 192.168.0.0/27 WARN: Checks disabled Rule deleted 47: allow from 192.168.0.0/27 WARN: Checks disabled Rule added 48: delete allow from 192.168.0.0/255.255.255.224 WARN: Checks disabled Rule deleted 49: allow from 192.168.0.0/255.255.255.192 WARN: Checks disabled Rule added 50: delete allow from 192.168.0.0/26 WARN: Checks disabled Rule deleted 51: allow from 192.168.0.0/26 WARN: Checks disabled Rule added 52: delete allow from 192.168.0.0/255.255.255.192 WARN: Checks disabled Rule deleted 53: allow from 192.168.0.0/255.255.255.128 WARN: Checks disabled Rule added 54: delete allow from 192.168.0.0/25 WARN: Checks disabled Rule deleted 55: allow from 192.168.0.0/25 WARN: Checks disabled Rule added 56: delete allow from 192.168.0.0/255.255.255.128 WARN: Checks disabled Rule deleted 57: allow from 192.168.0.0/255.255.255.0 WARN: Checks disabled Rule added 58: delete allow from 192.168.0.0/24 WARN: Checks disabled Rule deleted 59: allow from 192.168.0.0/24 WARN: Checks disabled Rule added 60: delete allow from 192.168.0.0/255.255.255.0 WARN: Checks disabled Rule deleted 61: allow from 192.168.0.0/255.255.254.0 WARN: Checks disabled Rule added 62: delete allow from 192.168.0.0/23 WARN: Checks disabled Rule deleted 63: allow from 192.168.0.0/23 WARN: Checks disabled Rule added 64: delete allow from 192.168.0.0/255.255.254.0 WARN: Checks disabled Rule deleted 65: allow from 192.168.0.0/255.255.252.0 WARN: Checks disabled Rule added 66: delete allow from 192.168.0.0/22 WARN: Checks disabled Rule deleted 67: allow from 192.168.0.0/22 WARN: Checks disabled Rule added 68: delete allow from 192.168.0.0/255.255.252.0 WARN: Checks disabled Rule deleted 69: allow from 192.168.0.0/255.255.248.0 WARN: Checks disabled Rule added 70: delete allow from 192.168.0.0/21 WARN: Checks disabled Rule deleted 71: allow from 192.168.0.0/21 WARN: Checks disabled Rule added 72: delete allow from 192.168.0.0/255.255.248.0 WARN: Checks disabled Rule deleted 73: allow from 192.168.0.0/255.255.240.0 WARN: Checks disabled Rule added 74: delete allow from 192.168.0.0/20 WARN: Checks disabled Rule deleted 75: allow from 192.168.0.0/20 WARN: Checks disabled Rule added 76: delete allow from 192.168.0.0/255.255.240.0 WARN: Checks disabled Rule deleted 77: allow from 192.168.0.0/255.255.224.0 WARN: Checks disabled Rule added 78: delete allow from 192.168.0.0/19 WARN: Checks disabled Rule deleted 79: allow from 192.168.0.0/19 WARN: Checks disabled Rule added 80: delete allow from 192.168.0.0/255.255.224.0 WARN: Checks disabled Rule deleted 81: allow from 192.168.0.0/255.255.192.0 WARN: Checks disabled Rule added 82: delete allow from 192.168.0.0/18 WARN: Checks disabled Rule deleted 83: allow from 192.168.0.0/18 WARN: Checks disabled Rule added 84: delete allow from 192.168.0.0/255.255.192.0 WARN: Checks disabled Rule deleted 85: allow from 192.168.0.0/255.255.128.0 WARN: Checks disabled Rule added 86: delete allow from 192.168.0.0/17 WARN: Checks disabled Rule deleted 87: allow from 192.168.0.0/17 WARN: Checks disabled Rule added 88: delete allow from 192.168.0.0/255.255.128.0 WARN: Checks disabled Rule deleted 89: allow from 192.168.0.0/255.255.0.0 WARN: Checks disabled Rule added 90: delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 91: allow from 192.168.0.0/16 WARN: Checks disabled Rule added 92: delete allow from 192.168.0.0/255.255.0.0 WARN: Checks disabled Rule deleted 93: allow from 192.168.0.0/255.254.0.0 WARN: Checks disabled Rule added 94: delete allow from 192.168.0.0/15 WARN: Checks disabled Rule deleted 95: allow from 192.168.0.0/15 WARN: Checks disabled Rule added 96: delete allow from 192.168.0.0/255.254.0.0 WARN: Checks disabled Rule deleted 97: allow from 192.168.0.0/255.252.0.0 WARN: Checks disabled Rule added 98: delete allow from 192.168.0.0/14 WARN: Checks disabled Rule deleted 99: allow from 192.168.0.0/14 WARN: Checks disabled Rule added 100: delete allow from 192.168.0.0/255.252.0.0 WARN: Checks disabled Rule deleted 101: allow from 192.168.0.0/255.248.0.0 WARN: Checks disabled Rule added 102: delete allow from 192.168.0.0/13 WARN: Checks disabled Rule deleted 103: allow from 192.168.0.0/13 WARN: Checks disabled Rule added 104: delete allow from 192.168.0.0/255.248.0.0 WARN: Checks disabled Rule deleted 105: allow from 192.168.0.0/255.240.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 106: delete allow from 192.168.0.0/12 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 107: allow from 192.168.0.0/12 WARN: Checks disabled WARN: Rule changed after normalization Rule added 108: delete allow from 192.168.0.0/255.240.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 109: allow from 192.168.0.0/255.224.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 110: delete allow from 192.168.0.0/11 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 111: allow from 192.168.0.0/11 WARN: Checks disabled WARN: Rule changed after normalization Rule added 112: delete allow from 192.168.0.0/255.224.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 113: allow from 192.168.0.0/255.192.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 114: delete allow from 192.168.0.0/10 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 115: allow from 192.168.0.0/10 WARN: Checks disabled WARN: Rule changed after normalization Rule added 116: delete allow from 192.168.0.0/255.192.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 117: allow from 192.168.0.0/255.128.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 118: delete allow from 192.168.0.0/9 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 119: allow from 192.168.0.0/9 WARN: Checks disabled WARN: Rule changed after normalization Rule added 120: delete allow from 192.168.0.0/255.128.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 121: allow from 192.168.0.0/255.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 122: delete allow from 192.168.0.0/8 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 123: allow from 192.168.0.0/8 WARN: Checks disabled WARN: Rule changed after normalization Rule added 124: delete allow from 192.168.0.0/255.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 125: allow from 192.168.0.0/254.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 126: delete allow from 192.168.0.0/7 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 127: allow from 192.168.0.0/7 WARN: Checks disabled WARN: Rule changed after normalization Rule added 128: delete allow from 192.168.0.0/254.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 129: allow from 192.168.0.0/252.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 130: delete allow from 192.168.0.0/6 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 131: allow from 192.168.0.0/6 WARN: Checks disabled WARN: Rule changed after normalization Rule added 132: delete allow from 192.168.0.0/252.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 133: allow from 192.168.0.0/248.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 134: delete allow from 192.168.0.0/5 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 135: allow from 192.168.0.0/5 WARN: Checks disabled WARN: Rule changed after normalization Rule added 136: delete allow from 192.168.0.0/248.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 137: allow from 192.168.0.0/240.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 138: delete allow from 192.168.0.0/4 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 139: allow from 192.168.0.0/4 WARN: Checks disabled WARN: Rule changed after normalization Rule added 140: delete allow from 192.168.0.0/240.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 141: allow from 192.168.0.0/224.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 142: delete allow from 192.168.0.0/3 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 143: allow from 192.168.0.0/3 WARN: Checks disabled WARN: Rule changed after normalization Rule added 144: delete allow from 192.168.0.0/224.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 145: allow from 192.168.0.0/192.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 146: delete allow from 192.168.0.0/2 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 147: allow from 192.168.0.0/2 WARN: Checks disabled WARN: Rule changed after normalization Rule added 148: delete allow from 192.168.0.0/192.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 149: allow from 192.168.0.0/128.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule added 150: delete allow from 192.168.0.0/1 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 151: allow from 192.168.0.0/1 WARN: Checks disabled WARN: Rule changed after normalization Rule added 152: delete allow from 192.168.0.0/128.0.0.0 WARN: Checks disabled WARN: Rule changed after normalization Rule deleted 153: disable ufw-0.36/tests/root/live/0000755000175000017500000000000013404772663014277 5ustar jamiejamieufw-0.36/tests/root/live/orig0000777000175000017500000000000013226727543017336 2../../defaultsustar jamiejamieufw-0.36/tests/root/live/runtest.sh0000755000175000017500000004251513404772663016351 0ustar jamiejamie#!/bin/bash # Copyright 2008-2016 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" # This isn't available everywhere, so we will test it later sed -i "s/self.caps\['limit'\]\['6'\] = True/self.caps['limit']['6'] = False/" $TESTPATH/lib/python/ufw/backend.py for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "0" logging on grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" logging off grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result echo "TESTING ARGS (allow/deny to/from)" >> $TESTTMP/result do_cmd "0" allow 53 do_cmd "0" allow 23/tcp do_cmd "0" allow smtp do_cmd "0" deny proto tcp to any port 80 do_cmd "0" deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" allow from 10.0.0.0/8 do_cmd "0" allow from 172.16.0.0/12 do_cmd "0" allow from 192.168.0.0/16 do_cmd "0" deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING ARGS (delete allow/deny to/from)" >> $TESTTMP/result do_cmd "0" delete allow 53 do_cmd "0" delete allow 23/tcp do_cmd "0" delete allow smtp do_cmd "0" delete deny proto tcp to any port 80 do_cmd "0" delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" delete allow from 10.0.0.0/8 do_cmd "0" delete allow from 172.16.0.0/12 do_cmd "0" delete allow from 192.168.0.0/16 do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Checking status" >> $TESTTMP/result do_cmd "0" null status do_cmd "0" null status verbose do_cmd "0" null status numbered echo "Checking reject" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" reject 113 do_cmd "0" reject 114/tcp do_cmd "0" reject 115/udp do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete reject 113 do_cmd "0" delete reject 114/tcp do_cmd "0" delete reject 115/udp do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Checking flush builtins" >> $TESTTMP/result for ans in yes no do str="ufw_test_builtins" do_cmd "0" nostats disable sed -i "s/MANAGE_BUILTINS=.*/MANAGE_BUILTINS=$ans/" $TESTPATH/etc/default/ufw echo iptables -I INPUT -j ACCEPT -m comment --comment $str >> $TESTTMP/result iptables -I INPUT -j ACCEPT -m comment --comment $str >> $TESTTMP/result do_cmd "0" nostats enable iptables -n -L INPUT | grep "$str" >> $TESTTMP/result iptables -D INPUT -j ACCEPT -m comment --comment $str 2>/dev/null done echo "Testing status numbered" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow 53 do_cmd "0" allow 23/tcp do_cmd "0" allow smtp do_cmd "0" deny proto tcp to any port 80 do_cmd "0" deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" allow from 10.0.0.0/8 do_cmd "0" allow from 172.16.0.0/12 do_cmd "0" allow from 192.168.0.0/16 do_cmd "0" deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status numbered do_cmd "0" delete allow 53 do_cmd "0" delete allow 23/tcp do_cmd "0" delete allow smtp do_cmd "0" delete deny proto tcp to any port 80 do_cmd "0" delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" delete allow from 10.0.0.0/8 do_cmd "0" delete allow from 172.16.0.0/12 do_cmd "0" delete allow from 192.168.0.0/16 do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status numbered done echo "Testing interfaces" >> $TESTTMP/result for ipv6 in yes no do for i in "in" "out"; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow $i on eth1 do_cmd "1" null deny $i on eth1:1 do_cmd "0" reject $i on eth1 to 192.168.0.1 port 13 do_cmd "0" limit $i on eth1 from 10.0.0.1 port 80 do_cmd "0" allow $i on eth1 to 192.168.0.1 from 10.0.0.1 do_cmd "0" deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" allow $i on eth0 log do_cmd "0" allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" deny $i on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" allow $i on eth0 to any app Samba do_cmd "0" status numbered do_cmd "0" insert 8 allow $i on eth2 to any app Samba do_cmd "0" status numbered grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result # delete what we added do_cmd "0" delete allow $i on eth1 do_cmd "0" delete reject $i on eth1 to 192.168.0.1 port 13 do_cmd "0" delete limit $i on eth1 from 10.0.0.1 port 80 do_cmd "0" delete allow $i on eth1 to 192.168.0.1 from 10.0.0.1 do_cmd "0" delete deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" delete reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" delete limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" delete allow $i on eth0 log do_cmd "0" delete allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" delete deny $i on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" delete allow $i on eth0 to any app Samba do_cmd "0" delete allow $i on eth2 to any app Samba grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done done echo "Compare enable and ufw-init" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats allow 23/tcp do_cmd "0" nostats logging medium do_cmd "0" null enable iptables-save | grep '^-' > $TESTTMP/ipt.enable ip6tables-save | grep '^-' > $TESTTMP/ip6t.enable do_cmd "0" null disable iptables-save | grep '^-' > $TESTTMP/ipt.disable ip6tables-save | grep '^-' > $TESTTMP/ip6t.disable sed -i 's/^ENABLED=no/ENABLED=yes/' $TESTPATH/etc/ufw/ufw.conf do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init start iptables-save | grep '^-' > $TESTTMP/ipt.start ip6tables-save | grep '^-' > $TESTTMP/ip6t.start do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init stop iptables-save | grep '^-' > $TESTTMP/ipt.stop ip6tables-save | grep '^-' > $TESTTMP/ip6t.stop diff $TESTTMP/ipt.enable $TESTTMP/ipt.start || { echo "'ufw enable' and 'ufw-init start' are different" exit 1 } diff $TESTTMP/ip6t.enable $TESTTMP/ip6t.start || { echo "'ufw enable' and 'ufw-init start' are different (ipv6)" exit 1 } diff $TESTTMP/ipt.disable $TESTTMP/ipt.stop || { echo "'ufw disable' and 'ufw-init stop' are different" exit 1 } diff $TESTTMP/ip6t.disable $TESTTMP/ip6t.stop || { echo "'ufw disable' and 'ufw-init stop' are different (ipv6)" exit 1 } do_cmd "0" nostats enable do_cmd "0" nostats delete allow 23/tcp do_cmd "0" nostats logging low do_cmd "0" nostats disable sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw echo "Verify toplevel chains" >> $TESTTMP/result for l in off on low medium high full; do do_cmd "0" nostats logging $l do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all >/dev/null do_cmd "0" nostats enable for b in INPUT OUTPUT FORWARD; do for c in before-logging before after after-logging reject track ; do suffix=`echo $b | tr [A-Z] [a-z]` echo "$count: iptables -L $b -n | egrep -q 'ufw-$c-$suffix'" >> $TESTTMP/result iptables -L $b -n | egrep -q "ufw-$c-$suffix" || { echo "'iptables -L $b -n' does not contain 'ufw-$c-$suffix'" exit 1 } echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done done done echo "Verify secondary chains" >> $TESTTMP/result for l in off on low medium high full; do do_cmd "0" nostats logging $l do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all >/dev/null do_cmd "0" nostats enable for c in logging-deny not-local user-forward user-input user-output skip-to-policy-input ; do echo "$count: ! iptables -L ufw-$c -n | egrep -q '0 references'" >> $TESTTMP/result iptables -L ufw-$c -n | egrep -q '0 references' && { echo "'iptables -L ufw-user-input -n' had 0 references" exit 1 } echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done for c in logging-allow user-limit user-limit-accept user-logging-forward user-logging-input user-logging-output skip-to-policy-output skip-to-policy-forward ; do echo "$count: iptables -L ufw-$c -n | egrep -q '0 references'" >> $TESTTMP/result iptables -L ufw-$c -n | egrep -q '0 references' || { echo "'iptables -L ufw-user-input -n' had more than 0 references" exit 1 } echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done done do_cmd "0" nostats logging on do_cmd "0" nostats disable echo "'Resource temporarily unavailable' test" >> $TESTTMP/result do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all >/dev/null do_cmd "0" nostats allow 13/tcp do_cmd "0" nostats enable $TESTSTATE/ufw-init stop >/dev/null for i in `seq 1 25`; do echo "$count: ufw-init start/flush-all" >> $TESTTMP/result $TESTSTATE/ufw-init start >/dev/null || { echo "'ufw-init start' failed" exit 1 } $TESTSTATE/ufw-init flush-all >/dev/null echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result let count=count+1 done do_cmd "0" nostats enable do_cmd "0" nostats delete allow 13/tcp echo "Reset test" >> $TESTTMP/result do_cmd "0" nostats enable do_cmd "0" nostats allow 12345 let rules_num="0" for i in `ls $TESTPATH/etc/ufw/*.rules` ; do let rules_num=rules_num+1 done do_cmd "0" null reset let rules_bak_num="0" for i in `ls $TESTPATH/etc/ufw/*.rules.2*` ; do let rules_bak_num=rules_bak_num+1 done if [ "$rules_num" != "$rules_bak_num" ]; then echo "'ufw-init reset' failed ('$rules_num' != '$rules_bak_num')" >> $TESTTMP/result exit 1 fi iptables -L ufw-user-input -n >/dev/null 2>&1 && { echo "Failed: found 'ufw-user-input', still running." >> $TESTTMP/result exit 1 } grep -v -q 12345 $TESTCONFIG/user.rules || { echo "Failed: found '12345' in user.rules" >> $TESTTMP/result exit 1 } echo "Show" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable cmds="raw builtins before-rules user-rules after-rules logging-rules listening" for i in $cmds; do do_cmd "0" null show $i done done do_cmd "0" nostats disable echo "Delete by number" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable for i in 1 2 3 4; do do_cmd "0" nostats allow $i done grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result if [ "$ipv6" = "yes" ]; then grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi for i in 4 3 2 1; do grep -q "^### tuple ### allow any $i " $TESTCONFIG/user.rules || { echo "Failed: Could not find port '$i' user.rules" >> $TESTTMP/result exit 1 } if [ "$ipv6" = "yes" ]; then grep -q "^### tuple ### allow any $i " $TESTCONFIG/user6.rules || { echo "Failed: Could not find port '$i' user6.rules" >> $TESTTMP/result exit 1 } fi if [ "$ipv6" = "yes" ]; then do_cmd "0" null --force delete $((i+i)) grep -v -q "^### tuple ### allow any $i " $TESTCONFIG/user6.rules || { echo "Failed: Found port '$i' user6.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi do_cmd "0" null --force delete $i grep -v -q "^### tuple ### allow any $i " $TESTCONFIG/user.rules || { echo "Failed: Found port '$i' user.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result done done grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Testing interface with '+'" >> $TESTTMP/result for ipv6 in yes no do for i in "in" "out"; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" allow $i on lo+ grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result # delete what we added do_cmd "0" delete allow $i on lo+ grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done done do_cmd "0" nostats disable echo "Show added" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" nostats limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp fi do_cmd "0" nostats deny Samba do_cmd "0" show added do_cmd "0" nostats delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp fi do_cmd "0" nostats delete deny Samba do_cmd "0" show added done do_cmd "0" nostats disable echo "Prepend" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" nostats allow 22/tcp do_cmd "0" nostats allow from 1.2.3.4 if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats allow from 2001:db8::/32 do_cmd "0" prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 fi do_cmd "0" prepend deny from 6.7.8.9 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result # delete what we added do_cmd "0" nostats delete allow 22/tcp do_cmd "0" nostats delete allow from 1.2.3.4 if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats delete allow from 2001:db8::/32 do_cmd "0" delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 fi do_cmd "0" delete deny from 6.7.8.9 grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done cleanup exit 0 ufw-0.36/tests/root/live/result0000644000175000017500000023167313404772663015554 0ustar jamiejamieSetting IPV6 to yes 0: disable 1: enable TESTING ARGS (logging) 2: logging on WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### 3: logging off WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### TESTING ARGS (allow/deny to/from) 4: allow 53 WARN: Checks disabled Rule added Rule added (v6) 5: allow 23/tcp WARN: Checks disabled Rule added Rule added (v6) 6: allow smtp WARN: Checks disabled Rule added Rule added (v6) 7: deny proto tcp to any port 80 WARN: Checks disabled Rule added Rule added (v6) 8: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 9: allow from 10.0.0.0/8 WARN: Checks disabled Rule added 10: allow from 172.16.0.0/12 WARN: Checks disabled Rule added 11: allow from 192.168.0.0/16 WARN: Checks disabled Rule added 12: deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 13: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 14: limit 13/tcp WARN: Checks disabled Rule added Skipping unsupported IPv6 'limit' rule 15: deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule added (v6) 16: deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule added (v6) 17: status WARN: Checks disabled Status: active To Action From -- ------ ---- 53 ALLOW Anywhere 23/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere 80/tcp DENY Anywhere 192.168.0.1 25/tcp DENY 10.0.0.0/8 Anywhere ALLOW 10.0.0.0/8 Anywhere ALLOW 172.16.0.0/12 Anywhere ALLOW 192.168.0.0/16 514/udp DENY 1.2.3.4 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp 13/tcp LIMIT Anywhere 53 (v6) ALLOW Anywhere (v6) 23/tcp (v6) ALLOW Anywhere (v6) 25/tcp (v6) ALLOW Anywhere (v6) 80/tcp (v6) DENY Anywhere (v6) 25/tcp DENY 2001:db8::/32 2001:db8:3:4:5:6:7:8 DENY 2001:db8::/32 26 ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 -j ACCEPT ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit ### tuple ### allow any 53 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 53 -j ACCEPT -A ufw6-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 23 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 23 -j ACCEPT ### tuple ### allow tcp 25 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 ::/0 any 2001:db8::/32 in -A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j DROP ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 26 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP TESTING ARGS (delete allow/deny to/from) 18: delete allow 53 WARN: Checks disabled Rule deleted Rule deleted (v6) 19: delete allow 23/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 20: delete allow smtp WARN: Checks disabled Rule deleted Rule deleted (v6) 21: delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted Rule deleted (v6) 22: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 23: delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 24: delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 25: delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 26: delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 27: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 28: delete limit 13/tcp WARN: Checks disabled Rule deleted Skipping unsupported IPv6 'limit' rule 29: delete deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule deleted (v6) 30: delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule deleted (v6) 31: status WARN: Checks disabled Status: active Setting IPV6 to no 32: disable 33: enable TESTING ARGS (logging) 34: logging on WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### ### END LOGGING ### 35: logging off WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### TESTING ARGS (allow/deny to/from) 36: allow 53 WARN: Checks disabled Rule added 37: allow 23/tcp WARN: Checks disabled Rule added 38: allow smtp WARN: Checks disabled Rule added 39: deny proto tcp to any port 80 WARN: Checks disabled Rule added 40: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 41: allow from 10.0.0.0/8 WARN: Checks disabled Rule added 42: allow from 172.16.0.0/12 WARN: Checks disabled Rule added 43: allow from 192.168.0.0/16 WARN: Checks disabled Rule added 44: deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 45: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 46: limit 13/tcp WARN: Checks disabled Rule added 47: status WARN: Checks disabled Status: active To Action From -- ------ ---- 53 ALLOW Anywhere 23/tcp ALLOW Anywhere 25/tcp ALLOW Anywhere 80/tcp DENY Anywhere 192.168.0.1 25/tcp DENY 10.0.0.0/8 Anywhere ALLOW 10.0.0.0/8 Anywhere ALLOW 172.16.0.0/12 Anywhere ALLOW 192.168.0.0/16 514/udp DENY 1.2.3.4 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp 13/tcp LIMIT Anywhere ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT -- ### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 -j ACCEPT ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit TESTING ARGS (delete allow/deny to/from) 48: delete allow 53 WARN: Checks disabled Rule deleted 49: delete allow 23/tcp WARN: Checks disabled Rule deleted 50: delete allow smtp WARN: Checks disabled Rule deleted 51: delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted 52: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 53: delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 54: delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 55: delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 56: delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 57: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 58: delete limit 13/tcp WARN: Checks disabled Rule deleted 59: status WARN: Checks disabled Status: active Checking status 60: status 61: status verbose 62: status numbered Checking reject Setting IPV6 to yes 63: disable 64: enable 65: reject 113 WARN: Checks disabled Rule added Rule added (v6) 66: reject 114/tcp WARN: Checks disabled Rule added Rule added (v6) 67: reject 115/udp WARN: Checks disabled Rule added Rule added (v6) 68: status WARN: Checks disabled Status: active To Action From -- ------ ---- 113 REJECT Anywhere 114/tcp REJECT Anywhere 115/udp REJECT Anywhere 113 (v6) REJECT Anywhere (v6) 114/tcp (v6) REJECT Anywhere (v6) 115/udp (v6) REJECT Anywhere (v6) ### tuple ### reject any 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp --dport 113 -j REJECT -- ### tuple ### reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 115 -j REJECT ### tuple ### reject any 113 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp --dport 113 -j REJECT -- ### tuple ### reject tcp 114 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### reject udp 115 ::/0 any ::/0 in -A ufw6-user-input -p udp --dport 115 -j REJECT 69: delete reject 113 WARN: Checks disabled Rule deleted Rule deleted (v6) 70: delete reject 114/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 71: delete reject 115/udp WARN: Checks disabled Rule deleted Rule deleted (v6) 72: status WARN: Checks disabled Status: active Setting IPV6 to no 73: disable 74: enable 75: reject 113 WARN: Checks disabled Rule added 76: reject 114/tcp WARN: Checks disabled Rule added 77: reject 115/udp WARN: Checks disabled Rule added 78: status WARN: Checks disabled Status: active To Action From -- ------ ---- 113 REJECT Anywhere 114/tcp REJECT Anywhere 115/udp REJECT Anywhere ### tuple ### reject any 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp --dport 113 -j REJECT -- ### tuple ### reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 115 -j REJECT 79: delete reject 113 WARN: Checks disabled Rule deleted 80: delete reject 114/tcp WARN: Checks disabled Rule deleted 81: delete reject 115/udp WARN: Checks disabled Rule deleted 82: status WARN: Checks disabled Status: active Checking flush builtins 83: disable iptables -I INPUT -j ACCEPT -m comment --comment ufw_test_builtins 84: enable 85: disable iptables -I INPUT -j ACCEPT -m comment --comment ufw_test_builtins 86: enable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* ufw_test_builtins */ Testing status numbered Setting IPV6 to yes 87: disable 88: enable 89: allow 53 WARN: Checks disabled Rule added Rule added (v6) 90: allow 23/tcp WARN: Checks disabled Rule added Rule added (v6) 91: allow smtp WARN: Checks disabled Rule added Rule added (v6) 92: deny proto tcp to any port 80 WARN: Checks disabled Rule added Rule added (v6) 93: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 94: allow from 10.0.0.0/8 WARN: Checks disabled Rule added 95: allow from 172.16.0.0/12 WARN: Checks disabled Rule added 96: allow from 192.168.0.0/16 WARN: Checks disabled Rule added 97: deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 98: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 99: limit 13/tcp WARN: Checks disabled Rule added Skipping unsupported IPv6 'limit' rule 100: deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule added (v6) 101: deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule added (v6) 102: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 53 ALLOW IN Anywhere [ 2] 23/tcp ALLOW IN Anywhere [ 3] 25/tcp ALLOW IN Anywhere [ 4] 80/tcp DENY IN Anywhere [ 5] 192.168.0.1 25/tcp DENY IN 10.0.0.0/8 [ 6] Anywhere ALLOW IN 10.0.0.0/8 [ 7] Anywhere ALLOW IN 172.16.0.0/12 [ 8] Anywhere ALLOW IN 192.168.0.0/16 [ 9] 514/udp DENY IN 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp [11] 13/tcp LIMIT IN Anywhere [12] 53 (v6) ALLOW IN Anywhere (v6) [13] 23/tcp (v6) ALLOW IN Anywhere (v6) [14] 25/tcp (v6) ALLOW IN Anywhere (v6) [15] 80/tcp (v6) DENY IN Anywhere (v6) [16] 25/tcp DENY IN 2001:db8::/32 [17] 2001:db8:3:4:5:6:7:8 DENY IN 2001:db8::/32 26 103: delete allow 53 WARN: Checks disabled Rule deleted Rule deleted (v6) 104: delete allow 23/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 105: delete allow smtp WARN: Checks disabled Rule deleted Rule deleted (v6) 106: delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted Rule deleted (v6) 107: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 108: delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 109: delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 110: delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 111: delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 112: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 113: delete limit 13/tcp WARN: Checks disabled Rule deleted Skipping unsupported IPv6 'limit' rule 114: delete deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule deleted (v6) 115: delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule deleted (v6) 116: status numbered WARN: Checks disabled Status: active Setting IPV6 to no 117: disable 118: enable 119: allow 53 WARN: Checks disabled Rule added 120: allow 23/tcp WARN: Checks disabled Rule added 121: allow smtp WARN: Checks disabled Rule added 122: deny proto tcp to any port 80 WARN: Checks disabled Rule added 123: deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 124: allow from 10.0.0.0/8 WARN: Checks disabled Rule added 125: allow from 172.16.0.0/12 WARN: Checks disabled Rule added 126: allow from 192.168.0.0/16 WARN: Checks disabled Rule added 127: deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 128: allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 129: limit 13/tcp WARN: Checks disabled Rule added 130: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 53 ALLOW IN Anywhere [ 2] 23/tcp ALLOW IN Anywhere [ 3] 25/tcp ALLOW IN Anywhere [ 4] 80/tcp DENY IN Anywhere [ 5] 192.168.0.1 25/tcp DENY IN 10.0.0.0/8 [ 6] Anywhere ALLOW IN 10.0.0.0/8 [ 7] Anywhere ALLOW IN 172.16.0.0/12 [ 8] Anywhere ALLOW IN 192.168.0.0/16 [ 9] 514/udp DENY IN 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp [11] 13/tcp LIMIT IN Anywhere 131: delete allow 53 WARN: Checks disabled Rule deleted 132: delete allow 23/tcp WARN: Checks disabled Rule deleted 133: delete allow smtp WARN: Checks disabled Rule deleted 134: delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted 135: delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 136: delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 137: delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 138: delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 139: delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 140: delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 141: delete limit 13/tcp WARN: Checks disabled Rule deleted 142: status numbered WARN: Checks disabled Status: active Testing interfaces Setting IPV6 to yes 143: disable 144: enable 145: allow in on eth1 WARN: Checks disabled Rule added Rule added (v6) 146: deny in on eth1:1 147: reject in on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 148: limit in on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 149: allow in on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 150: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 151: reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 152: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 153: allow in on eth0 log WARN: Checks disabled Rule added Rule added (v6) 154: allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 155: deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 156: allow in on eth0 to any app Samba WARN: Checks disabled Rule added Rule added (v6) 157: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on eth1 ALLOW IN Anywhere [ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 [ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 [ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 [ 8] Anywhere on eth0 ALLOW IN Anywhere (log) [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) [11] Samba on eth0 ALLOW IN Anywhere [12] Anywhere (v6) on eth1 ALLOW IN Anywhere (v6) [13] Anywhere (v6) on eth0 ALLOW IN Anywhere (v6) (log) [14] Samba (v6) on eth0 ALLOW IN Anywhere (v6) 158: insert 8 allow in on eth2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 159: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on eth1 ALLOW IN Anywhere [ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 [ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 [ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 [ 8] Samba on eth2 ALLOW IN Anywhere [ 9] Anywhere on eth0 ALLOW IN Anywhere (log) [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) [11] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) [12] Samba on eth0 ALLOW IN Anywhere [13] Anywhere (v6) on eth1 ALLOW IN Anywhere (v6) [14] Samba (v6) on eth2 ALLOW IN Anywhere (v6) [15] Anywhere (v6) on eth0 ALLOW IN Anywhere (v6) (log) [16] Samba (v6) on eth0 ALLOW IN Anywhere (v6) ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -j ACCEPT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -j RETURN -- ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any any ::/0 any ::/0 in_eth1 -A ufw6-user-input -i eth1 -j ACCEPT ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth2 -A ufw6-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth2 -A ufw6-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 -A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -i eth0 -j RETURN -- ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth0 -A ufw6-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth0 -A ufw6-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 160: delete allow in on eth1 WARN: Checks disabled Rule deleted Rule deleted (v6) 161: delete reject in on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 162: delete limit in on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 163: delete allow in on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 164: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 165: delete reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 166: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 167: delete allow in on eth0 log WARN: Checks disabled Rule deleted Rule deleted (v6) 168: delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 169: delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 170: delete allow in on eth0 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 171: delete allow in on eth2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to yes 172: disable 173: enable 174: allow out on eth1 WARN: Checks disabled Rule added Rule added (v6) 175: deny out on eth1:1 176: reject out on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 177: limit out on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 178: allow out on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 179: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 180: reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 181: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 182: allow out on eth0 log WARN: Checks disabled Rule added Rule added (v6) 183: allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 184: deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 185: allow out on eth0 to any app Samba WARN: Checks disabled Rule added Rule added (v6) 186: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) [ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) [ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) [ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) [11] Samba ALLOW OUT Anywhere on eth0 (out) [12] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth1 (out) [13] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth0 (log, out) [14] Samba (v6) ALLOW OUT Anywhere (v6) on eth0 (out) 187: insert 8 allow out on eth2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 188: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) [ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) [ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) [ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 8] Samba ALLOW OUT Anywhere on eth2 (out) [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) [11] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) [12] Samba ALLOW OUT Anywhere on eth0 (out) [13] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth1 (out) [14] Samba (v6) ALLOW OUT Anywhere (v6) on eth2 (out) [15] Anywhere (v6) ALLOW OUT Anywhere (v6) on eth0 (log, out) [16] Samba (v6) ALLOW OUT Anywhere (v6) on eth0 (out) ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 -A ufw-user-output -o eth1 -j ACCEPT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -j RETURN -- ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any any ::/0 any ::/0 out_eth1 -A ufw6-user-output -o eth1 -j ACCEPT ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth2 -A ufw6-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - out_eth2 -A ufw6-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 -A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-output -o eth0 -j RETURN -- ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth0 -A ufw6-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - out_eth0 -A ufw6-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 189: delete allow out on eth1 WARN: Checks disabled Rule deleted Rule deleted (v6) 190: delete reject out on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 191: delete limit out on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 192: delete allow out on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 193: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 194: delete reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 195: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 196: delete allow out on eth0 log WARN: Checks disabled Rule deleted Rule deleted (v6) 197: delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 198: delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 199: delete allow out on eth0 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 200: delete allow out on eth2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to no 201: disable 202: enable 203: allow in on eth1 WARN: Checks disabled Rule added 204: deny in on eth1:1 205: reject in on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 206: limit in on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 207: allow in on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 208: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 209: reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 210: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 211: allow in on eth0 log WARN: Checks disabled Rule added 212: allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 213: deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 214: allow in on eth0 to any app Samba WARN: Checks disabled Rule added 215: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on eth1 ALLOW IN Anywhere [ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 [ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 [ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 [ 8] Anywhere on eth0 ALLOW IN Anywhere (log) [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) [11] Samba on eth0 ALLOW IN Anywhere 216: insert 8 allow in on eth2 to any app Samba WARN: Checks disabled Rule inserted 217: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on eth1 ALLOW IN Anywhere [ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80 [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1 [ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1 [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80 [ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80 [ 8] Samba on eth2 ALLOW IN Anywhere [ 9] Anywhere on eth0 ALLOW IN Anywhere (log) [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log) [11] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all) [12] Samba on eth0 ALLOW IN Anywhere ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -j ACCEPT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1 -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -j RETURN -- ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 218: delete allow in on eth1 WARN: Checks disabled Rule deleted 219: delete reject in on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 220: delete limit in on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 221: delete allow in on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 222: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 223: delete reject in on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 224: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 225: delete allow in on eth0 log WARN: Checks disabled Rule deleted 226: delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 227: delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 228: delete allow in on eth0 to any app Samba WARN: Checks disabled Rule deleted 229: delete allow in on eth2 to any app Samba WARN: Checks disabled Rule deleted Setting IPV6 to no 230: disable 231: enable 232: allow out on eth1 WARN: Checks disabled Rule added 233: deny out on eth1:1 234: reject out on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 235: limit out on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 236: allow out on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 237: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 238: reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 239: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 240: allow out on eth0 log WARN: Checks disabled Rule added 241: allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 242: deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 243: allow out on eth0 to any app Samba WARN: Checks disabled Rule added 244: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) [ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) [ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) [ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out) [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) [11] Samba ALLOW OUT Anywhere on eth0 (out) 245: insert 8 allow out on eth2 to any app Samba WARN: Checks disabled Rule inserted 246: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out) [ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out) [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out) [ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out) [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out) [ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out) [ 8] Samba ALLOW OUT Anywhere on eth2 (out) [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out) [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out) [11] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out) [12] Samba ALLOW OUT Anywhere on eth0 (out) ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1 -A ufw-user-output -o eth1 -j ACCEPT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1 -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -j RETURN -- ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 247: delete allow out on eth1 WARN: Checks disabled Rule deleted 248: delete reject out on eth1 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 249: delete limit out on eth1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 250: delete allow out on eth1 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 251: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 252: delete reject out on eth1 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 253: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 254: delete allow out on eth0 log WARN: Checks disabled Rule deleted 255: delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 256: delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 257: delete allow out on eth0 to any app Samba WARN: Checks disabled Rule deleted 258: delete allow out on eth2 to any app Samba WARN: Checks disabled Rule deleted Compare enable and ufw-init 259: disable 260: allow 23/tcp 261: logging medium 262: enable 263: disable 264: tests/testarea/lib/ufw/ufw-init start 265: tests/testarea/lib/ufw/ufw-init stop 266: enable 267: delete allow 23/tcp 268: logging low 269: disable Verify toplevel chains 270: logging off 271: disable 272: enable 273: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 274: iptables -L INPUT -n | egrep -q 'ufw-before-input' 275: iptables -L INPUT -n | egrep -q 'ufw-after-input' 276: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 277: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 278: iptables -L INPUT -n | egrep -q 'ufw-track-input' 279: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 280: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 281: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 282: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 283: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 284: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 285: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 286: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 287: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 288: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 289: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 290: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' 291: logging on 292: disable 293: enable 294: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 295: iptables -L INPUT -n | egrep -q 'ufw-before-input' 296: iptables -L INPUT -n | egrep -q 'ufw-after-input' 297: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 298: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 299: iptables -L INPUT -n | egrep -q 'ufw-track-input' 300: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 301: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 302: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 303: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 304: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 305: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 306: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 307: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 308: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 309: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 310: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 311: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' 312: logging low 313: disable 314: enable 315: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 316: iptables -L INPUT -n | egrep -q 'ufw-before-input' 317: iptables -L INPUT -n | egrep -q 'ufw-after-input' 318: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 319: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 320: iptables -L INPUT -n | egrep -q 'ufw-track-input' 321: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 322: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 323: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 324: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 325: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 326: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 327: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 328: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 329: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 330: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 331: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 332: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' 333: logging medium 334: disable 335: enable 336: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 337: iptables -L INPUT -n | egrep -q 'ufw-before-input' 338: iptables -L INPUT -n | egrep -q 'ufw-after-input' 339: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 340: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 341: iptables -L INPUT -n | egrep -q 'ufw-track-input' 342: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 343: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 344: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 345: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 346: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 347: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 348: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 349: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 350: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 351: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 352: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 353: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' 354: logging high 355: disable 356: enable 357: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 358: iptables -L INPUT -n | egrep -q 'ufw-before-input' 359: iptables -L INPUT -n | egrep -q 'ufw-after-input' 360: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 361: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 362: iptables -L INPUT -n | egrep -q 'ufw-track-input' 363: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 364: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 365: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 366: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 367: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 368: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 369: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 370: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 371: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 372: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 373: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 374: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' 375: logging full 376: disable 377: enable 378: iptables -L INPUT -n | egrep -q 'ufw-before-logging-input' 379: iptables -L INPUT -n | egrep -q 'ufw-before-input' 380: iptables -L INPUT -n | egrep -q 'ufw-after-input' 381: iptables -L INPUT -n | egrep -q 'ufw-after-logging-input' 382: iptables -L INPUT -n | egrep -q 'ufw-reject-input' 383: iptables -L INPUT -n | egrep -q 'ufw-track-input' 384: iptables -L OUTPUT -n | egrep -q 'ufw-before-logging-output' 385: iptables -L OUTPUT -n | egrep -q 'ufw-before-output' 386: iptables -L OUTPUT -n | egrep -q 'ufw-after-output' 387: iptables -L OUTPUT -n | egrep -q 'ufw-after-logging-output' 388: iptables -L OUTPUT -n | egrep -q 'ufw-reject-output' 389: iptables -L OUTPUT -n | egrep -q 'ufw-track-output' 390: iptables -L FORWARD -n | egrep -q 'ufw-before-logging-forward' 391: iptables -L FORWARD -n | egrep -q 'ufw-before-forward' 392: iptables -L FORWARD -n | egrep -q 'ufw-after-forward' 393: iptables -L FORWARD -n | egrep -q 'ufw-after-logging-forward' 394: iptables -L FORWARD -n | egrep -q 'ufw-reject-forward' 395: iptables -L FORWARD -n | egrep -q 'ufw-track-forward' Verify secondary chains 396: logging off 397: disable 398: enable 399: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 400: ! iptables -L ufw-not-local -n | egrep -q '0 references' 401: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 402: ! iptables -L ufw-user-input -n | egrep -q '0 references' 403: ! iptables -L ufw-user-output -n | egrep -q '0 references' 404: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 405: iptables -L ufw-logging-allow -n | egrep -q '0 references' 406: iptables -L ufw-user-limit -n | egrep -q '0 references' 407: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 408: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 409: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 410: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 411: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 412: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 413: logging on 414: disable 415: enable 416: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 417: ! iptables -L ufw-not-local -n | egrep -q '0 references' 418: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 419: ! iptables -L ufw-user-input -n | egrep -q '0 references' 420: ! iptables -L ufw-user-output -n | egrep -q '0 references' 421: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 422: iptables -L ufw-logging-allow -n | egrep -q '0 references' 423: iptables -L ufw-user-limit -n | egrep -q '0 references' 424: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 425: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 426: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 427: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 428: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 429: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 430: logging low 431: disable 432: enable 433: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 434: ! iptables -L ufw-not-local -n | egrep -q '0 references' 435: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 436: ! iptables -L ufw-user-input -n | egrep -q '0 references' 437: ! iptables -L ufw-user-output -n | egrep -q '0 references' 438: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 439: iptables -L ufw-logging-allow -n | egrep -q '0 references' 440: iptables -L ufw-user-limit -n | egrep -q '0 references' 441: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 442: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 443: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 444: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 445: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 446: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 447: logging medium 448: disable 449: enable 450: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 451: ! iptables -L ufw-not-local -n | egrep -q '0 references' 452: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 453: ! iptables -L ufw-user-input -n | egrep -q '0 references' 454: ! iptables -L ufw-user-output -n | egrep -q '0 references' 455: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 456: iptables -L ufw-logging-allow -n | egrep -q '0 references' 457: iptables -L ufw-user-limit -n | egrep -q '0 references' 458: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 459: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 460: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 461: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 462: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 463: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 464: logging high 465: disable 466: enable 467: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 468: ! iptables -L ufw-not-local -n | egrep -q '0 references' 469: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 470: ! iptables -L ufw-user-input -n | egrep -q '0 references' 471: ! iptables -L ufw-user-output -n | egrep -q '0 references' 472: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 473: iptables -L ufw-logging-allow -n | egrep -q '0 references' 474: iptables -L ufw-user-limit -n | egrep -q '0 references' 475: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 476: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 477: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 478: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 479: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 480: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 481: logging full 482: disable 483: enable 484: ! iptables -L ufw-logging-deny -n | egrep -q '0 references' 485: ! iptables -L ufw-not-local -n | egrep -q '0 references' 486: ! iptables -L ufw-user-forward -n | egrep -q '0 references' 487: ! iptables -L ufw-user-input -n | egrep -q '0 references' 488: ! iptables -L ufw-user-output -n | egrep -q '0 references' 489: ! iptables -L ufw-skip-to-policy-input -n | egrep -q '0 references' 490: iptables -L ufw-logging-allow -n | egrep -q '0 references' 491: iptables -L ufw-user-limit -n | egrep -q '0 references' 492: iptables -L ufw-user-limit-accept -n | egrep -q '0 references' 493: iptables -L ufw-user-logging-forward -n | egrep -q '0 references' 494: iptables -L ufw-user-logging-input -n | egrep -q '0 references' 495: iptables -L ufw-user-logging-output -n | egrep -q '0 references' 496: iptables -L ufw-skip-to-policy-output -n | egrep -q '0 references' 497: iptables -L ufw-skip-to-policy-forward -n | egrep -q '0 references' 498: logging on 499: disable 'Resource temporarily unavailable' test 500: disable 501: allow 13/tcp 502: enable 503: ufw-init start/flush-all 504: ufw-init start/flush-all 505: ufw-init start/flush-all 506: ufw-init start/flush-all 507: ufw-init start/flush-all 508: ufw-init start/flush-all 509: ufw-init start/flush-all 510: ufw-init start/flush-all 511: ufw-init start/flush-all 512: ufw-init start/flush-all 513: ufw-init start/flush-all 514: ufw-init start/flush-all 515: ufw-init start/flush-all 516: ufw-init start/flush-all 517: ufw-init start/flush-all 518: ufw-init start/flush-all 519: ufw-init start/flush-all 520: ufw-init start/flush-all 521: ufw-init start/flush-all 522: ufw-init start/flush-all 523: ufw-init start/flush-all 524: ufw-init start/flush-all 525: ufw-init start/flush-all 526: ufw-init start/flush-all 527: ufw-init start/flush-all 528: enable 529: delete allow 13/tcp Reset test 530: enable 531: allow 12345 532: reset Show Setting IPV6 to yes 533: disable 534: enable 535: show raw 536: show builtins 537: show before-rules 538: show user-rules 539: show after-rules 540: show logging-rules 541: show listening Setting IPV6 to no 542: disable 543: enable 544: show raw 545: show builtins 546: show before-rules 547: show user-rules 548: show after-rules 549: show logging-rules 550: show listening 551: disable Delete by number Setting IPV6 to yes 552: disable 553: enable 554: allow 1 555: allow 2 556: allow 3 557: allow 4 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 3 -j ACCEPT -A ufw-user-input -p udp --dport 3 -j ACCEPT -- ### tuple ### allow any 4 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 4 -j ACCEPT -A ufw-user-input -p udp --dport 4 -j ACCEPT ### tuple ### allow any 1 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 1 -j ACCEPT -A ufw6-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 2 -j ACCEPT -A ufw6-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 3 -j ACCEPT -A ufw6-user-input -p udp --dport 3 -j ACCEPT -- ### tuple ### allow any 4 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 4 -j ACCEPT -A ufw6-user-input -p udp --dport 4 -j ACCEPT 558: --force delete 8 ### tuple ### allow any 1 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 1 -j ACCEPT -A ufw6-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 2 -j ACCEPT -A ufw6-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 3 -j ACCEPT -A ufw6-user-input -p udp --dport 3 -j ACCEPT 559: --force delete 4 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 3 -j ACCEPT -A ufw-user-input -p udp --dport 3 -j ACCEPT 560: --force delete 6 ### tuple ### allow any 1 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 1 -j ACCEPT -A ufw6-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 2 -j ACCEPT -A ufw6-user-input -p udp --dport 2 -j ACCEPT 561: --force delete 3 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT 562: --force delete 4 ### tuple ### allow any 1 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 1 -j ACCEPT -A ufw6-user-input -p udp --dport 1 -j ACCEPT 563: --force delete 2 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT 564: --force delete 2 565: --force delete 1 Setting IPV6 to no 566: disable 567: enable 568: allow 1 569: allow 2 570: allow 3 571: allow 4 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 3 -j ACCEPT -A ufw-user-input -p udp --dport 3 -j ACCEPT -- ### tuple ### allow any 4 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 4 -j ACCEPT -A ufw-user-input -p udp --dport 4 -j ACCEPT 572: --force delete 4 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT -- ### tuple ### allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 3 -j ACCEPT -A ufw-user-input -p udp --dport 3 -j ACCEPT 573: --force delete 3 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT -- ### tuple ### allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 2 -j ACCEPT -A ufw-user-input -p udp --dport 2 -j ACCEPT 574: --force delete 2 ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT 575: --force delete 1 Testing interface with '+' Setting IPV6 to yes 576: disable 577: enable 578: allow in on lo+ WARN: Checks disabled Rule added Rule added (v6) ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_lo+ -A ufw-user-input -i lo+ -j ACCEPT ### tuple ### allow any any ::/0 any ::/0 in_lo+ -A ufw6-user-input -i lo+ -j ACCEPT 579: delete allow in on lo+ WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to yes 580: disable 581: enable 582: allow out on lo+ WARN: Checks disabled Rule added Rule added (v6) ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_lo+ -A ufw-user-output -o lo+ -j ACCEPT ### tuple ### allow any any ::/0 any ::/0 out_lo+ -A ufw6-user-output -o lo+ -j ACCEPT 583: delete allow out on lo+ WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to no 584: disable 585: enable 586: allow in on lo+ WARN: Checks disabled Rule added ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_lo+ -A ufw-user-input -i lo+ -j ACCEPT 587: delete allow in on lo+ WARN: Checks disabled Rule deleted Setting IPV6 to no 588: disable 589: enable 590: allow out on lo+ WARN: Checks disabled Rule added ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_lo+ -A ufw-user-output -o lo+ -j ACCEPT 591: delete allow out on lo+ WARN: Checks disabled Rule deleted 592: disable Show added Setting IPV6 to yes 593: disable 594: enable 595: limit 13/tcp 596: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 597: deny Samba 598: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw limit 13/tcp ufw deny Samba ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 599: delete limit 13/tcp 600: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 601: delete deny Samba 602: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): (None) Setting IPV6 to no 603: disable 604: enable 605: limit 13/tcp 606: deny Samba 607: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw limit 13/tcp ufw deny Samba 608: delete limit 13/tcp 609: delete deny Samba 610: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): (None) 611: disable Prepend Setting IPV6 to yes 612: disable 613: enable 614: allow 22/tcp 615: allow from 1.2.3.4 616: allow from 2001:db8::/32 617: prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 WARN: Checks disabled Rule inserted (v6) 618: prepend deny from 6.7.8.9 WARN: Checks disabled Rule inserted ### tuple ### deny any any 0.0.0.0/0 any 6.7.8.9 in -A ufw-user-input -s 6.7.8.9 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### tuple ### deny any any ::/0 any 2a02:2210:12:a:b820:fff:fea2:25d1 in -A ufw6-user-input -s 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP ### tuple ### allow tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT 619: delete allow 22/tcp 620: delete allow from 1.2.3.4 621: delete allow from 2001:db8::/32 622: delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 WARN: Checks disabled Rule deleted (v6) 623: delete deny from 6.7.8.9 WARN: Checks disabled Rule deleted Setting IPV6 to no 624: disable 625: enable 626: allow 22/tcp 627: allow from 1.2.3.4 628: prepend deny from 6.7.8.9 WARN: Checks disabled Rule inserted ### tuple ### deny any any 0.0.0.0/0 any 6.7.8.9 in -A ufw-user-input -s 6.7.8.9 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT 629: delete allow 22/tcp 630: delete allow from 1.2.3.4 631: delete deny from 6.7.8.9 WARN: Checks disabled Rule deleted 632: disable ufw-0.36/tests/root/live_route/0000755000175000017500000000000013404772663015515 5ustar jamiejamieufw-0.36/tests/root/live_route/orig0000777000175000017500000000000013257507473020556 2../../defaultsustar jamiejamieufw-0.36/tests/root/live_route/runtest.sh0000755000175000017500000003323313404772663017564 0ustar jamiejamie#!/bin/bash # Copyright 2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" # This isn't available everywhere, so we will test it later sed -i "s/self.caps\['route limit'\]\['6'\] = True/self.caps['route limit']['6'] = False/" $TESTPATH/lib/python/ufw/backend.py for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable echo "TESTING ARGS (route allow/route deny to/from)" >> $TESTTMP/result do_cmd "0" route allow 53 do_cmd "0" route allow 23/tcp do_cmd "0" route allow smtp do_cmd "0" route deny proto tcp to any port 80 do_cmd "0" route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" route allow from 10.0.0.0/8 do_cmd "0" route allow from 172.16.0.0/12 do_cmd "0" route allow from 192.168.0.0/16 do_cmd "0" route deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" route limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" route deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" route deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING ARGS (delete route allow/route deny to/from)" >> $TESTTMP/result do_cmd "0" route delete allow 53 do_cmd "0" route delete allow 23/tcp do_cmd "0" route delete allow smtp do_cmd "0" route delete deny proto tcp to any port 80 do_cmd "0" route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" route delete allow from 10.0.0.0/8 do_cmd "0" route delete allow from 172.16.0.0/12 do_cmd "0" route delete allow from 192.168.0.0/16 do_cmd "0" route delete deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" route delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" route delete deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" route delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Checking route reject" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" route reject 113 do_cmd "0" route reject 114/tcp do_cmd "0" route reject 115/udp do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" route delete reject 113 do_cmd "0" route delete reject 114/tcp do_cmd "0" route delete reject 115/udp do_cmd "0" status grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "Checking flush builtins" >> $TESTTMP/result for ans in yes no do str="ufw_test_builtins" do_cmd "0" nostats disable sed -i "s/MANAGE_BUILTINS=.*/MANAGE_BUILTINS=$ans/" $TESTPATH/etc/default/ufw echo iptables -I FORWARD -j ACCEPT -m comment --comment $str >> $TESTTMP/result iptables -I FORWARD -j ACCEPT -m comment --comment $str >> $TESTTMP/result do_cmd "0" nostats enable iptables -n -L FORWARD | grep "$str" >> $TESTTMP/result iptables -D FORWARD -j ACCEPT -m comment --comment $str 2>/dev/null done echo "Testing status numbered" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" route allow 53 do_cmd "0" route allow 23/tcp do_cmd "0" route allow smtp do_cmd "0" route deny proto tcp to any port 80 do_cmd "0" route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" route allow from 10.0.0.0/8 do_cmd "0" route allow from 172.16.0.0/12 do_cmd "0" route allow from 192.168.0.0/16 do_cmd "0" route deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" route limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" route deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" route deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status numbered do_cmd "0" route delete allow 53 do_cmd "0" route delete allow 23/tcp do_cmd "0" route delete allow smtp do_cmd "0" route delete deny proto tcp to any port 80 do_cmd "0" route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" route delete allow from 10.0.0.0/8 do_cmd "0" route delete allow from 172.16.0.0/12 do_cmd "0" route delete allow from 192.168.0.0/16 do_cmd "0" route delete deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" route delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" route delete deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" route delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 fi do_cmd "0" status numbered done in_if="fake0" fake_if="$in_if" out_if="fake1" dmz_if="fake2" echo "Testing interfaces" >> $TESTTMP/result for ipv6 in yes no do for i in "in" "out"; do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" route allow $i on $fake_if do_cmd "1" null route deny $i on $fake_if:1 do_cmd "0" route reject $i on $fake_if to 192.168.0.1 port 13 do_cmd "0" route limit $i on $fake_if from 10.0.0.1 port 80 do_cmd "0" route allow $i on $fake_if to 192.168.0.1 from 10.0.0.1 do_cmd "0" route deny $i on $fake_if to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" route reject $i on $fake_if to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" route limit $i on $fake_if to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" route allow $i on $dmz_if log do_cmd "0" route allow $i on $fake_if log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" route deny $i on $fake_if log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" route allow $i on $fake_if to any app Samba # These hardcode in and out do_cmd "0" route allow in on $in_if out on $out_if from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp do_cmd "0" route allow in on $in_if out on $dmz_if do_cmd "0" status numbered do_cmd "0" route insert 8 allow $i on $dmz_if to any app Samba do_cmd "0" status numbered grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result # delete what we added do_cmd "0" route delete allow $i on $fake_if do_cmd "0" route delete reject $i on $fake_if to 192.168.0.1 port 13 do_cmd "0" route delete limit $i on $fake_if from 10.0.0.1 port 80 do_cmd "0" route delete allow $i on $fake_if to 192.168.0.1 from 10.0.0.1 do_cmd "0" route delete deny $i on $fake_if to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" route delete reject $i on $fake_if to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" route delete limit $i on $fake_if to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" route delete allow $i on $dmz_if log do_cmd "0" route delete allow $i on $fake_if log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" route delete deny $i on $fake_if log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" route delete allow $i on $fake_if to any app Samba do_cmd "0" route delete allow $i on $dmz_if to any app Samba do_cmd "0" route delete allow in on $in_if out on $out_if from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp do_cmd "0" route delete allow in on $in_if out on $dmz_if grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done done echo "Compare enable and ufw-init" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats route allow 23/tcp do_cmd "0" nostats logging medium do_cmd "0" null enable iptables-save | grep '^-' > $TESTTMP/ipt.enable ip6tables-save | grep '^-' > $TESTTMP/ip6t.enable do_cmd "0" null disable iptables-save | grep '^-' > $TESTTMP/ipt.disable ip6tables-save | grep '^-' > $TESTTMP/ip6t.disable sed -i 's/^ENABLED=no/ENABLED=yes/' $TESTPATH/etc/ufw/ufw.conf do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init start iptables-save | grep '^-' > $TESTTMP/ipt.start ip6tables-save | grep '^-' > $TESTTMP/ip6t.start do_extcmd "0" null $TESTPATH/lib/ufw/ufw-init stop iptables-save | grep '^-' > $TESTTMP/ipt.stop ip6tables-save | grep '^-' > $TESTTMP/ip6t.stop diff $TESTTMP/ipt.enable $TESTTMP/ipt.start || { echo "'ufw enable' and 'ufw-init start' are different" exit 1 } diff $TESTTMP/ip6t.enable $TESTTMP/ip6t.start || { echo "'ufw enable' and 'ufw-init start' are different (ipv6)" exit 1 } diff $TESTTMP/ipt.disable $TESTTMP/ipt.stop || { echo "'ufw disable' and 'ufw-init stop' are different" exit 1 } diff $TESTTMP/ip6t.disable $TESTTMP/ip6t.stop || { echo "'ufw disable' and 'ufw-init stop' are different (ipv6)" exit 1 } do_cmd "0" nostats enable do_cmd "0" nostats route delete allow 23/tcp do_cmd "0" nostats logging low do_cmd "0" nostats disable sed -i "s/IPV6=.*/IPV6=no/" $TESTPATH/etc/default/ufw echo "Delete by number" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable for i in 1 2 3 4; do do_cmd "0" nostats route allow $i done grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result if [ "$ipv6" = "yes" ]; then grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi for i in 4 3 2 1; do grep -q "^### tuple ### route:allow any $i " $TESTCONFIG/user.rules || { echo "Failed: Could not find port '$i' user.rules" >> $TESTTMP/result exit 1 } if [ "$ipv6" = "yes" ]; then grep -q "^### tuple ### route:allow any $i " $TESTCONFIG/user6.rules || { echo "Failed: Could not find port '$i' user6.rules" >> $TESTTMP/result exit 1 } fi if [ "$ipv6" = "yes" ]; then do_cmd "0" null --force delete $((i+i)) grep -v -q "^### tuple ### route:allow any $i " $TESTCONFIG/user6.rules || { echo "Failed: Found port '$i' user6.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result fi do_cmd "0" null --force delete $i grep -v -q "^### tuple ### route:allow any $i " $TESTCONFIG/user.rules || { echo "Failed: Found port '$i' user.rules" >> $TESTTMP/result exit 1 } grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result done done grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Show added" >> $TESTTMP/result for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw do_cmd "0" nostats disable do_cmd "0" nostats enable do_cmd "0" nostats route limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats route allow in on $in_if to 2001::211:aaaa:bbbb:d54c port 123 proto tcp fi do_cmd "0" nostats route deny Samba do_cmd "0" show added do_cmd "0" nostats route delete limit 13/tcp if [ "$ipv6" = "yes" ]; then do_cmd "0" nostats route delete allow in on $in_if to 2001::211:aaaa:bbbb:d54c port 123 proto tcp fi do_cmd "0" nostats route delete deny Samba do_cmd "0" show added done do_cmd "0" nostats disable echo "Checking status" >> $TESTTMP/result for default in allow deny reject ; do for ipv6 in yes no do echo "Setting IPV6 to $ipv6" >> $TESTTMP/result sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw for forward in 0 1 ; do echo "Running: sysctl -w net.ipv4.ip_forward=$forward" >> $TESTTMP/result sysctl -w net.ipv4.ip_forward=$forward >/dev/null if [ "$ipv6" = "yes" ]; then echo "Running: sysctl -w net.ipv6.conf.default.forwarding=$forward" >> $TESTTMP/result sysctl -w net.ipv6.conf.default.forwarding=$forward >/dev/null echo "Running: sysctl -w net.ipv6.conf.all.forwarding=$forward" >> $TESTTMP/result sysctl -w net.ipv6.conf.all.forwarding=$forward >/dev/null fi do_cmd "0" nostats disable do_cmd "0" default $default routed do_cmd "0" nostats enable do_cmd "0" status verbose done done done cleanup exit 0 ufw-0.36/tests/root/live_route/result0000644000175000017500000021411313404772663016760 0ustar jamiejamieSetting IPV6 to yes 0: disable 1: enable TESTING ARGS (route allow/route deny to/from) 2: route allow 53 WARN: Checks disabled Rule added Rule added (v6) 3: route allow 23/tcp WARN: Checks disabled Rule added Rule added (v6) 4: route allow smtp WARN: Checks disabled Rule added Rule added (v6) 5: route deny proto tcp to any port 80 WARN: Checks disabled Rule added Rule added (v6) 6: route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 7: route allow from 10.0.0.0/8 WARN: Checks disabled Rule added 8: route allow from 172.16.0.0/12 WARN: Checks disabled Rule added 9: route allow from 192.168.0.0/16 WARN: Checks disabled Rule added 10: route deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 11: route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 12: route limit 13/tcp WARN: Checks disabled Rule added Skipping unsupported IPv6 'limit' rule 13: route deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule added (v6) 14: route deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule added (v6) 15: status WARN: Checks disabled Status: active To Action From -- ------ ---- 53 ALLOW FWD Anywhere 23/tcp ALLOW FWD Anywhere 25/tcp ALLOW FWD Anywhere 80/tcp DENY FWD Anywhere 192.168.0.1 25/tcp DENY FWD 10.0.0.0/8 Anywhere ALLOW FWD 10.0.0.0/8 Anywhere ALLOW FWD 172.16.0.0/12 Anywhere ALLOW FWD 192.168.0.0/16 514/udp DENY FWD 1.2.3.4 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp 13/tcp LIMIT FWD Anywhere 53 (v6) ALLOW FWD Anywhere (v6) 23/tcp (v6) ALLOW FWD Anywhere (v6) 25/tcp (v6) ALLOW FWD Anywhere (v6) 80/tcp (v6) DENY FWD Anywhere (v6) 25/tcp DENY FWD 2001:db8::/32 2001:db8:3:4:5:6:7:8 DENY FWD 2001:db8::/32 26 ### tuple ### route:allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 53 -j ACCEPT -A ufw-user-forward -p udp --dport 53 -j ACCEPT -- ### tuple ### route:allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 23 -j ACCEPT ### tuple ### route:allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 25 -j ACCEPT ### tuple ### route:deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 80 -j DROP ### tuple ### route:deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-forward -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### route:allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-forward -s 10.0.0.0/8 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-forward -s 172.16.0.0/12 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-forward -s 192.168.0.0/16 -j ACCEPT ### tuple ### route:deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-forward -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### route:allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-forward -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### tuple ### route:limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit ### tuple ### route:allow any 53 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 53 -j ACCEPT -A ufw6-user-forward -p udp --dport 53 -j ACCEPT -- ### tuple ### route:allow tcp 23 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 23 -j ACCEPT ### tuple ### route:allow tcp 25 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 25 -j ACCEPT ### tuple ### route:deny tcp 80 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 80 -j DROP ### tuple ### route:deny tcp 25 ::/0 any 2001:db8::/32 in -A ufw6-user-forward -p tcp --dport 25 -s 2001:db8::/32 -j DROP ### tuple ### route:deny any any 2001:db8:3:4:5:6:7:8 26 2001:db8::/32 in -A ufw6-user-forward -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP -A ufw6-user-forward -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 26 -j DROP TESTING ARGS (delete route allow/route deny to/from) 16: route delete allow 53 WARN: Checks disabled Rule deleted Rule deleted (v6) 17: route delete allow 23/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 18: route delete allow smtp WARN: Checks disabled Rule deleted Rule deleted (v6) 19: route delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted Rule deleted (v6) 20: route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 21: route delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 22: route delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 23: route delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 24: route delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 25: route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 26: route delete limit 13/tcp WARN: Checks disabled Rule deleted Skipping unsupported IPv6 'limit' rule 27: route delete deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule deleted (v6) 28: route delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule deleted (v6) 29: status WARN: Checks disabled Status: active Setting IPV6 to no 30: disable 31: enable TESTING ARGS (route allow/route deny to/from) 32: route allow 53 WARN: Checks disabled Rule added 33: route allow 23/tcp WARN: Checks disabled Rule added 34: route allow smtp WARN: Checks disabled Rule added 35: route deny proto tcp to any port 80 WARN: Checks disabled Rule added 36: route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 37: route allow from 10.0.0.0/8 WARN: Checks disabled Rule added 38: route allow from 172.16.0.0/12 WARN: Checks disabled Rule added 39: route allow from 192.168.0.0/16 WARN: Checks disabled Rule added 40: route deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 41: route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 42: route limit 13/tcp WARN: Checks disabled Rule added 43: status WARN: Checks disabled Status: active To Action From -- ------ ---- 53 ALLOW FWD Anywhere 23/tcp ALLOW FWD Anywhere 25/tcp ALLOW FWD Anywhere 80/tcp DENY FWD Anywhere 192.168.0.1 25/tcp DENY FWD 10.0.0.0/8 Anywhere ALLOW FWD 10.0.0.0/8 Anywhere ALLOW FWD 172.16.0.0/12 Anywhere ALLOW FWD 192.168.0.0/16 514/udp DENY FWD 1.2.3.4 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp 13/tcp LIMIT FWD Anywhere ### tuple ### route:allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 53 -j ACCEPT -A ufw-user-forward -p udp --dport 53 -j ACCEPT -- ### tuple ### route:allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 23 -j ACCEPT ### tuple ### route:allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 25 -j ACCEPT ### tuple ### route:deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 80 -j DROP ### tuple ### route:deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-forward -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### tuple ### route:allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-forward -s 10.0.0.0/8 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-forward -s 172.16.0.0/12 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-forward -s 192.168.0.0/16 -j ACCEPT ### tuple ### route:deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-forward -p udp --dport 514 -s 1.2.3.4 -j DROP ### tuple ### route:allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-forward -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### tuple ### route:limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit TESTING ARGS (delete route allow/route deny to/from) 44: route delete allow 53 WARN: Checks disabled Rule deleted 45: route delete allow 23/tcp WARN: Checks disabled Rule deleted 46: route delete allow smtp WARN: Checks disabled Rule deleted 47: route delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted 48: route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 49: route delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 50: route delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 51: route delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 52: route delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 53: route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 54: route delete limit 13/tcp WARN: Checks disabled Rule deleted 55: status WARN: Checks disabled Status: active Checking route reject Setting IPV6 to yes 56: disable 57: enable 58: route reject 113 WARN: Checks disabled Rule added Rule added (v6) 59: route reject 114/tcp WARN: Checks disabled Rule added Rule added (v6) 60: route reject 115/udp WARN: Checks disabled Rule added Rule added (v6) 61: status WARN: Checks disabled Status: active To Action From -- ------ ---- 113 REJECT FWD Anywhere 114/tcp REJECT FWD Anywhere 115/udp REJECT FWD Anywhere 113 (v6) REJECT FWD Anywhere (v6) 114/tcp (v6) REJECT FWD Anywhere (v6) 115/udp (v6) REJECT FWD Anywhere (v6) ### tuple ### route:reject any 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw-user-forward -p udp --dport 113 -j REJECT -- ### tuple ### route:reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### route:reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p udp --dport 115 -j REJECT ### tuple ### route:reject any 113 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw6-user-forward -p udp --dport 113 -j REJECT -- ### tuple ### route:reject tcp 114 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### route:reject udp 115 ::/0 any ::/0 in -A ufw6-user-forward -p udp --dport 115 -j REJECT 62: route delete reject 113 WARN: Checks disabled Rule deleted Rule deleted (v6) 63: route delete reject 114/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 64: route delete reject 115/udp WARN: Checks disabled Rule deleted Rule deleted (v6) 65: status WARN: Checks disabled Status: active Setting IPV6 to no 66: disable 67: enable 68: route reject 113 WARN: Checks disabled Rule added 69: route reject 114/tcp WARN: Checks disabled Rule added 70: route reject 115/udp WARN: Checks disabled Rule added 71: status WARN: Checks disabled Status: active To Action From -- ------ ---- 113 REJECT FWD Anywhere 114/tcp REJECT FWD Anywhere 115/udp REJECT FWD Anywhere ### tuple ### route:reject any 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 113 -j REJECT --reject-with tcp-reset -A ufw-user-forward -p udp --dport 113 -j REJECT -- ### tuple ### route:reject tcp 114 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 114 -j REJECT --reject-with tcp-reset ### tuple ### route:reject udp 115 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p udp --dport 115 -j REJECT 72: route delete reject 113 WARN: Checks disabled Rule deleted 73: route delete reject 114/tcp WARN: Checks disabled Rule deleted 74: route delete reject 115/udp WARN: Checks disabled Rule deleted 75: status WARN: Checks disabled Status: active Checking flush builtins 76: disable iptables -I FORWARD -j ACCEPT -m comment --comment ufw_test_builtins 77: enable 78: disable iptables -I FORWARD -j ACCEPT -m comment --comment ufw_test_builtins 79: enable ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* ufw_test_builtins */ Testing status numbered Setting IPV6 to yes 80: disable 81: enable 82: route allow 53 WARN: Checks disabled Rule added Rule added (v6) 83: route allow 23/tcp WARN: Checks disabled Rule added Rule added (v6) 84: route allow smtp WARN: Checks disabled Rule added Rule added (v6) 85: route deny proto tcp to any port 80 WARN: Checks disabled Rule added Rule added (v6) 86: route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 87: route allow from 10.0.0.0/8 WARN: Checks disabled Rule added 88: route allow from 172.16.0.0/12 WARN: Checks disabled Rule added 89: route allow from 192.168.0.0/16 WARN: Checks disabled Rule added 90: route deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 91: route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 92: route limit 13/tcp WARN: Checks disabled Rule added Skipping unsupported IPv6 'limit' rule 93: route deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule added (v6) 94: route deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule added (v6) 95: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 53 ALLOW FWD Anywhere [ 2] 23/tcp ALLOW FWD Anywhere [ 3] 25/tcp ALLOW FWD Anywhere [ 4] 80/tcp DENY FWD Anywhere [ 5] 192.168.0.1 25/tcp DENY FWD 10.0.0.0/8 [ 6] Anywhere ALLOW FWD 10.0.0.0/8 [ 7] Anywhere ALLOW FWD 172.16.0.0/12 [ 8] Anywhere ALLOW FWD 192.168.0.0/16 [ 9] 514/udp DENY FWD 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp [11] 13/tcp LIMIT FWD Anywhere [12] 53 (v6) ALLOW FWD Anywhere (v6) [13] 23/tcp (v6) ALLOW FWD Anywhere (v6) [14] 25/tcp (v6) ALLOW FWD Anywhere (v6) [15] 80/tcp (v6) DENY FWD Anywhere (v6) [16] 25/tcp DENY FWD 2001:db8::/32 [17] 2001:db8:3:4:5:6:7:8 DENY FWD 2001:db8::/32 26 96: route delete allow 53 WARN: Checks disabled Rule deleted Rule deleted (v6) 97: route delete allow 23/tcp WARN: Checks disabled Rule deleted Rule deleted (v6) 98: route delete allow smtp WARN: Checks disabled Rule deleted Rule deleted (v6) 99: route delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted Rule deleted (v6) 100: route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 101: route delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 102: route delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 103: route delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 104: route delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 105: route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 106: route delete limit 13/tcp WARN: Checks disabled Rule deleted Skipping unsupported IPv6 'limit' rule 107: route delete deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rule deleted (v6) 108: route delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rule deleted (v6) 109: status numbered WARN: Checks disabled Status: active Setting IPV6 to no 110: disable 111: enable 112: route allow 53 WARN: Checks disabled Rule added 113: route allow 23/tcp WARN: Checks disabled Rule added 114: route allow smtp WARN: Checks disabled Rule added 115: route deny proto tcp to any port 80 WARN: Checks disabled Rule added 116: route deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule added 117: route allow from 10.0.0.0/8 WARN: Checks disabled Rule added 118: route allow from 172.16.0.0/12 WARN: Checks disabled Rule added 119: route allow from 192.168.0.0/16 WARN: Checks disabled Rule added 120: route deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule added 121: route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule added 122: route limit 13/tcp WARN: Checks disabled Rule added 123: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] 53 ALLOW FWD Anywhere [ 2] 23/tcp ALLOW FWD Anywhere [ 3] 25/tcp ALLOW FWD Anywhere [ 4] 80/tcp DENY FWD Anywhere [ 5] 192.168.0.1 25/tcp DENY FWD 10.0.0.0/8 [ 6] Anywhere ALLOW FWD 10.0.0.0/8 [ 7] Anywhere ALLOW FWD 172.16.0.0/12 [ 8] Anywhere ALLOW FWD 192.168.0.0/16 [ 9] 514/udp DENY FWD 1.2.3.4 [10] 1.2.3.4 5469/udp ALLOW FWD 1.2.3.5 5469/udp [11] 13/tcp LIMIT FWD Anywhere 124: route delete allow 53 WARN: Checks disabled Rule deleted 125: route delete allow 23/tcp WARN: Checks disabled Rule deleted 126: route delete allow smtp WARN: Checks disabled Rule deleted 127: route delete deny proto tcp to any port 80 WARN: Checks disabled Rule deleted 128: route delete deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled Rule deleted 129: route delete allow from 10.0.0.0/8 WARN: Checks disabled Rule deleted 130: route delete allow from 172.16.0.0/12 WARN: Checks disabled Rule deleted 131: route delete allow from 192.168.0.0/16 WARN: Checks disabled Rule deleted 132: route delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled Rule deleted 133: route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled Rule deleted 134: route delete limit 13/tcp WARN: Checks disabled Rule deleted 135: status numbered WARN: Checks disabled Status: active Testing interfaces Setting IPV6 to yes 136: disable 137: enable 138: route allow in on fake0 WARN: Checks disabled Rule added Rule added (v6) 139: route deny in on fake0:1 140: route reject in on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 141: route limit in on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 142: route allow in on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 143: route deny in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 144: route reject in on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 145: route limit in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 146: route allow in on fake2 log WARN: Checks disabled Rule added Rule added (v6) 147: route allow in on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 148: route deny in on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 149: route allow in on fake0 to any app Samba WARN: Checks disabled Rule added Rule added (v6) 150: route allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 151: route allow in on fake0 out on fake2 WARN: Checks disabled Rule added Rule added (v6) 152: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW FWD Anywhere on fake0 [ 2] 192.168.0.1 13 REJECT FWD Anywhere on fake0 [ 3] Anywhere LIMIT FWD 10.0.0.1 80 on fake0 [ 4] 192.168.0.1 ALLOW FWD 10.0.0.1 on fake0 [ 5] 192.168.0.1 13 DENY FWD 10.0.0.1 on fake0 [ 6] 192.168.0.1 REJECT FWD 10.0.0.1 80 on fake0 [ 7] 192.168.0.1 13 LIMIT FWD 10.0.0.1 80 on fake0 [ 8] Anywhere ALLOW FWD Anywhere on fake2 (log) [ 9] 10.0.0.1 24/tcp ALLOW FWD 192.168.0.1 on fake0 (log) [10] 10.0.0.1 25/tcp DENY FWD 192.168.0.1 on fake0 (log-all) [11] Samba ALLOW FWD Anywhere on fake0 [12] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [13] Anywhere on fake2 ALLOW FWD Anywhere on fake0 [14] Anywhere (v6) ALLOW FWD Anywhere (v6) on fake0 [15] Anywhere (v6) ALLOW FWD Anywhere (v6) on fake2 (log) [16] Samba (v6) ALLOW FWD Anywhere (v6) on fake0 [17] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) on fake0 153: route insert 8 allow in on fake2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 154: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW FWD Anywhere on fake0 [ 2] 192.168.0.1 13 REJECT FWD Anywhere on fake0 [ 3] Anywhere LIMIT FWD 10.0.0.1 80 on fake0 [ 4] 192.168.0.1 ALLOW FWD 10.0.0.1 on fake0 [ 5] 192.168.0.1 13 DENY FWD 10.0.0.1 on fake0 [ 6] 192.168.0.1 REJECT FWD 10.0.0.1 80 on fake0 [ 7] 192.168.0.1 13 LIMIT FWD 10.0.0.1 80 on fake0 [ 8] Samba ALLOW FWD Anywhere on fake2 [ 9] Anywhere ALLOW FWD Anywhere on fake2 (log) [10] 10.0.0.1 24/tcp ALLOW FWD 192.168.0.1 on fake0 (log) [11] 10.0.0.1 25/tcp DENY FWD 192.168.0.1 on fake0 (log-all) [12] Samba ALLOW FWD Anywhere on fake0 [13] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [14] Anywhere on fake2 ALLOW FWD Anywhere on fake0 [15] Anywhere (v6) ALLOW FWD Anywhere (v6) on fake0 [16] Samba (v6) ALLOW FWD Anywhere (v6) on fake2 [17] Anywhere (v6) ALLOW FWD Anywhere (v6) on fake2 (log) [18] Samba (v6) ALLOW FWD Anywhere (v6) on fake0 [19] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) on fake0 ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -j ACCEPT ### tuple ### route:reject any 13 192.168.0.1 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### route:limit any any 0.0.0.0/0 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow any any 192.168.0.1 any 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### route:deny any 13 192.168.0.1 any 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### route:reject any any 192.168.0.1 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### route:limit any 13 192.168.0.1 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake2 -A ufw-user-forward -i fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake2 -A ufw-user-forward -i fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_fake2 -A ufw-user-logging-forward -i fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -i fake2 -j RETURN -- ### tuple ### route:allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_fake0 -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### route:deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_fake0 -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake0 -A ufw-user-forward -i fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake0 -A ufw-user-forward -i fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 25 10.0.0.1 25 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0!out_fake2 -A ufw-user-forward -i fake0 -o fake2 -j ACCEPT ### tuple ### route:allow any any ::/0 any ::/0 in_fake0 -A ufw6-user-forward -i fake0 -j ACCEPT ### tuple ### route:allow udp 137,138 ::/0 any ::/0 Samba - in_fake2 -A ufw6-user-forward -i fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 ::/0 any ::/0 Samba - in_fake2 -A ufw6-user-forward -i fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any ::/0 any ::/0 in_fake2 -A ufw6-user-logging-forward -i fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-forward -i fake2 -j RETURN -- ### tuple ### route:allow udp 137,138 ::/0 any ::/0 Samba - in_fake0 -A ufw6-user-forward -i fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 ::/0 any ::/0 Samba - in_fake0 -A ufw6-user-forward -i fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow any any ::/0 any ::/0 in_fake0!out_fake2 -A ufw6-user-forward -i fake0 -o fake2 -j ACCEPT 155: route delete allow in on fake0 WARN: Checks disabled Rule deleted Rule deleted (v6) 156: route delete reject in on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 157: route delete limit in on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 158: route delete allow in on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 159: route delete deny in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 160: route delete reject in on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 161: route delete limit in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 162: route delete allow in on fake2 log WARN: Checks disabled Rule deleted Rule deleted (v6) 163: route delete allow in on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 164: route delete deny in on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 165: route delete allow in on fake0 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 166: route delete allow in on fake2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 167: route delete allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 168: route delete allow in on fake0 out on fake2 WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to yes 169: disable 170: enable 171: route allow out on fake0 WARN: Checks disabled Rule added Rule added (v6) 172: route deny out on fake0:1 173: route reject out on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 174: route limit out on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 175: route allow out on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 176: route deny out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 177: route reject out on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 178: route limit out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 179: route allow out on fake2 log WARN: Checks disabled Rule added Rule added (v6) 180: route allow out on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 181: route deny out on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 182: route allow out on fake0 to any app Samba WARN: Checks disabled Rule added Rule added (v6) 183: route allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 184: route allow in on fake0 out on fake2 WARN: Checks disabled Rule added Rule added (v6) 185: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on fake0 ALLOW FWD Anywhere (out) [ 2] 192.168.0.1 13 on fake0 REJECT FWD Anywhere (out) [ 3] Anywhere on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 4] 192.168.0.1 on fake0 ALLOW FWD 10.0.0.1 (out) [ 5] 192.168.0.1 13 on fake0 DENY FWD 10.0.0.1 (out) [ 6] 192.168.0.1 on fake0 REJECT FWD 10.0.0.1 80 (out) [ 7] 192.168.0.1 13 on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 8] Anywhere on fake2 ALLOW FWD Anywhere (log, out) [ 9] 10.0.0.1 24/tcp on fake0 ALLOW FWD 192.168.0.1 (log, out) [10] 10.0.0.1 25/tcp on fake0 DENY FWD 192.168.0.1 (log-all, out) [11] Samba on fake0 ALLOW FWD Anywhere (out) [12] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [13] Anywhere on fake2 ALLOW FWD Anywhere on fake0 [14] Anywhere (v6) on fake0 ALLOW FWD Anywhere (v6) (out) [15] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) (log, out) [16] Samba (v6) on fake0 ALLOW FWD Anywhere (v6) (out) [17] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) on fake0 186: route insert 8 allow out on fake2 to any app Samba WARN: Checks disabled Rule inserted Rule inserted (v6) 187: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on fake0 ALLOW FWD Anywhere (out) [ 2] 192.168.0.1 13 on fake0 REJECT FWD Anywhere (out) [ 3] Anywhere on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 4] 192.168.0.1 on fake0 ALLOW FWD 10.0.0.1 (out) [ 5] 192.168.0.1 13 on fake0 DENY FWD 10.0.0.1 (out) [ 6] 192.168.0.1 on fake0 REJECT FWD 10.0.0.1 80 (out) [ 7] 192.168.0.1 13 on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 8] Samba on fake2 ALLOW FWD Anywhere (out) [ 9] Anywhere on fake2 ALLOW FWD Anywhere (log, out) [10] 10.0.0.1 24/tcp on fake0 ALLOW FWD 192.168.0.1 (log, out) [11] 10.0.0.1 25/tcp on fake0 DENY FWD 192.168.0.1 (log-all, out) [12] Samba on fake0 ALLOW FWD Anywhere (out) [13] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [14] Anywhere on fake2 ALLOW FWD Anywhere on fake0 [15] Anywhere (v6) on fake0 ALLOW FWD Anywhere (v6) (out) [16] Samba (v6) on fake2 ALLOW FWD Anywhere (v6) (out) [17] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) (log, out) [18] Samba (v6) on fake0 ALLOW FWD Anywhere (v6) (out) [19] Anywhere (v6) on fake2 ALLOW FWD Anywhere (v6) on fake0 ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 out_fake0 -A ufw-user-forward -o fake0 -j ACCEPT ### tuple ### route:reject any 13 192.168.0.1 any 0.0.0.0/0 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### route:limit any any 0.0.0.0/0 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -o fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow any any 192.168.0.1 any 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### route:deny any 13 192.168.0.1 any 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### route:reject any any 192.168.0.1 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### route:limit any 13 192.168.0.1 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake2 -A ufw-user-forward -o fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake2 -A ufw-user-forward -o fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_fake2 -A ufw-user-logging-forward -o fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -o fake2 -j RETURN -- ### tuple ### route:allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_fake0 -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### route:deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_fake0 -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake0 -A ufw-user-forward -o fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake0 -A ufw-user-forward -o fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 25 10.0.0.1 25 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0!out_fake2 -A ufw-user-forward -i fake0 -o fake2 -j ACCEPT ### tuple ### route:allow any any ::/0 any ::/0 out_fake0 -A ufw6-user-forward -o fake0 -j ACCEPT ### tuple ### route:allow udp 137,138 ::/0 any ::/0 Samba - out_fake2 -A ufw6-user-forward -o fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 ::/0 any ::/0 Samba - out_fake2 -A ufw6-user-forward -o fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any ::/0 any ::/0 out_fake2 -A ufw6-user-logging-forward -o fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-forward -o fake2 -j RETURN -- ### tuple ### route:allow udp 137,138 ::/0 any ::/0 Samba - out_fake0 -A ufw6-user-forward -o fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 ::/0 any ::/0 Samba - out_fake0 -A ufw6-user-forward -o fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow any any ::/0 any ::/0 in_fake0!out_fake2 -A ufw6-user-forward -i fake0 -o fake2 -j ACCEPT 188: route delete allow out on fake0 WARN: Checks disabled Rule deleted Rule deleted (v6) 189: route delete reject out on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 190: route delete limit out on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 191: route delete allow out on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 192: route delete deny out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 193: route delete reject out on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 194: route delete limit out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 195: route delete allow out on fake2 log WARN: Checks disabled Rule deleted Rule deleted (v6) 196: route delete allow out on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 197: route delete deny out on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 198: route delete allow out on fake0 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 199: route delete allow out on fake2 to any app Samba WARN: Checks disabled Rule deleted Rule deleted (v6) 200: route delete allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 201: route delete allow in on fake0 out on fake2 WARN: Checks disabled Rule deleted Rule deleted (v6) Setting IPV6 to no 202: disable 203: enable 204: route allow in on fake0 WARN: Checks disabled Rule added 205: route deny in on fake0:1 206: route reject in on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 207: route limit in on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 208: route allow in on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 209: route deny in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 210: route reject in on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 211: route limit in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 212: route allow in on fake2 log WARN: Checks disabled Rule added 213: route allow in on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 214: route deny in on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 215: route allow in on fake0 to any app Samba WARN: Checks disabled Rule added 216: route allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 217: route allow in on fake0 out on fake2 WARN: Checks disabled Rule added 218: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW FWD Anywhere on fake0 [ 2] 192.168.0.1 13 REJECT FWD Anywhere on fake0 [ 3] Anywhere LIMIT FWD 10.0.0.1 80 on fake0 [ 4] 192.168.0.1 ALLOW FWD 10.0.0.1 on fake0 [ 5] 192.168.0.1 13 DENY FWD 10.0.0.1 on fake0 [ 6] 192.168.0.1 REJECT FWD 10.0.0.1 80 on fake0 [ 7] 192.168.0.1 13 LIMIT FWD 10.0.0.1 80 on fake0 [ 8] Anywhere ALLOW FWD Anywhere on fake2 (log) [ 9] 10.0.0.1 24/tcp ALLOW FWD 192.168.0.1 on fake0 (log) [10] 10.0.0.1 25/tcp DENY FWD 192.168.0.1 on fake0 (log-all) [11] Samba ALLOW FWD Anywhere on fake0 [12] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [13] Anywhere on fake2 ALLOW FWD Anywhere on fake0 219: route insert 8 allow in on fake2 to any app Samba WARN: Checks disabled Rule inserted 220: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere ALLOW FWD Anywhere on fake0 [ 2] 192.168.0.1 13 REJECT FWD Anywhere on fake0 [ 3] Anywhere LIMIT FWD 10.0.0.1 80 on fake0 [ 4] 192.168.0.1 ALLOW FWD 10.0.0.1 on fake0 [ 5] 192.168.0.1 13 DENY FWD 10.0.0.1 on fake0 [ 6] 192.168.0.1 REJECT FWD 10.0.0.1 80 on fake0 [ 7] 192.168.0.1 13 LIMIT FWD 10.0.0.1 80 on fake0 [ 8] Samba ALLOW FWD Anywhere on fake2 [ 9] Anywhere ALLOW FWD Anywhere on fake2 (log) [10] 10.0.0.1 24/tcp ALLOW FWD 192.168.0.1 on fake0 (log) [11] 10.0.0.1 25/tcp DENY FWD 192.168.0.1 on fake0 (log-all) [12] Samba ALLOW FWD Anywhere on fake0 [13] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [14] Anywhere on fake2 ALLOW FWD Anywhere on fake0 ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -j ACCEPT ### tuple ### route:reject any 13 192.168.0.1 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### route:limit any any 0.0.0.0/0 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow any any 192.168.0.1 any 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### route:deny any 13 192.168.0.1 any 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### route:reject any any 192.168.0.1 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-forward -i fake0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### route:limit any 13 192.168.0.1 80 10.0.0.1 in_fake0 -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake2 -A ufw-user-forward -i fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake2 -A ufw-user-forward -i fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_fake2 -A ufw-user-logging-forward -i fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -i fake2 -j RETURN -- ### tuple ### route:allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_fake0 -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### route:deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_fake0 -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-forward -i fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake0 -A ufw-user-forward -i fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_fake0 -A ufw-user-forward -i fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 25 10.0.0.1 25 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0!out_fake2 -A ufw-user-forward -i fake0 -o fake2 -j ACCEPT 221: route delete allow in on fake0 WARN: Checks disabled Rule deleted 222: route delete reject in on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 223: route delete limit in on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 224: route delete allow in on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 225: route delete deny in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 226: route delete reject in on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 227: route delete limit in on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 228: route delete allow in on fake2 log WARN: Checks disabled Rule deleted 229: route delete allow in on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 230: route delete deny in on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 231: route delete allow in on fake0 to any app Samba WARN: Checks disabled Rule deleted 232: route delete allow in on fake2 to any app Samba WARN: Checks disabled Rule deleted 233: route delete allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 234: route delete allow in on fake0 out on fake2 WARN: Checks disabled Rule deleted Setting IPV6 to no 235: disable 236: enable 237: route allow out on fake0 WARN: Checks disabled Rule added 238: route deny out on fake0:1 239: route reject out on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule added 240: route limit out on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 241: route allow out on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule added 242: route deny out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule added 243: route reject out on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 244: route limit out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule added 245: route allow out on fake2 log WARN: Checks disabled Rule added 246: route allow out on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule added 247: route deny out on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 248: route allow out on fake0 to any app Samba WARN: Checks disabled Rule added 249: route allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule added 250: route allow in on fake0 out on fake2 WARN: Checks disabled Rule added 251: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on fake0 ALLOW FWD Anywhere (out) [ 2] 192.168.0.1 13 on fake0 REJECT FWD Anywhere (out) [ 3] Anywhere on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 4] 192.168.0.1 on fake0 ALLOW FWD 10.0.0.1 (out) [ 5] 192.168.0.1 13 on fake0 DENY FWD 10.0.0.1 (out) [ 6] 192.168.0.1 on fake0 REJECT FWD 10.0.0.1 80 (out) [ 7] 192.168.0.1 13 on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 8] Anywhere on fake2 ALLOW FWD Anywhere (log, out) [ 9] 10.0.0.1 24/tcp on fake0 ALLOW FWD 192.168.0.1 (log, out) [10] 10.0.0.1 25/tcp on fake0 DENY FWD 192.168.0.1 (log-all, out) [11] Samba on fake0 ALLOW FWD Anywhere (out) [12] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [13] Anywhere on fake2 ALLOW FWD Anywhere on fake0 252: route insert 8 allow out on fake2 to any app Samba WARN: Checks disabled Rule inserted 253: status numbered WARN: Checks disabled Status: active To Action From -- ------ ---- [ 1] Anywhere on fake0 ALLOW FWD Anywhere (out) [ 2] 192.168.0.1 13 on fake0 REJECT FWD Anywhere (out) [ 3] Anywhere on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 4] 192.168.0.1 on fake0 ALLOW FWD 10.0.0.1 (out) [ 5] 192.168.0.1 13 on fake0 DENY FWD 10.0.0.1 (out) [ 6] 192.168.0.1 on fake0 REJECT FWD 10.0.0.1 80 (out) [ 7] 192.168.0.1 13 on fake0 LIMIT FWD 10.0.0.1 80 (out) [ 8] Samba on fake2 ALLOW FWD Anywhere (out) [ 9] Anywhere on fake2 ALLOW FWD Anywhere (log, out) [10] 10.0.0.1 24/tcp on fake0 ALLOW FWD 192.168.0.1 (log, out) [11] 10.0.0.1 25/tcp on fake0 DENY FWD 192.168.0.1 (log-all, out) [12] Samba on fake0 ALLOW FWD Anywhere (out) [13] 10.0.0.1 25/tcp on fake1 ALLOW FWD 192.168.0.1 25/tcp on fake0 [14] Anywhere on fake2 ALLOW FWD Anywhere on fake0 ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 out_fake0 -A ufw-user-forward -o fake0 -j ACCEPT ### tuple ### route:reject any 13 192.168.0.1 any 0.0.0.0/0 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 --dport 13 -j REJECT -- ### tuple ### route:limit any any 0.0.0.0/0 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -o fake0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow any any 192.168.0.1 any 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### route:deny any 13 192.168.0.1 any 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -- ### tuple ### route:reject any any 192.168.0.1 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-forward -o fake0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT -- ### tuple ### route:limit any 13 192.168.0.1 80 10.0.0.1 out_fake0 -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -o fake0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake2 -A ufw-user-forward -o fake2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake2 -A ufw-user-forward -o fake2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_fake2 -A ufw-user-logging-forward -o fake2 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -o fake2 -j RETURN -- ### tuple ### route:allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_fake0 -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -- ### tuple ### route:deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_fake0 -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-forward -o fake0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -- ### tuple ### route:allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake0 -A ufw-user-forward -o fake0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_fake0 -A ufw-user-forward -o fake0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### route:allow tcp 25 10.0.0.1 25 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0!out_fake2 -A ufw-user-forward -i fake0 -o fake2 -j ACCEPT 254: route delete allow out on fake0 WARN: Checks disabled Rule deleted 255: route delete reject out on fake0 to 192.168.0.1 port 13 WARN: Checks disabled Rule deleted 256: route delete limit out on fake0 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 257: route delete allow out on fake0 to 192.168.0.1 from 10.0.0.1 WARN: Checks disabled Rule deleted 258: route delete deny out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 WARN: Checks disabled Rule deleted 259: route delete reject out on fake0 to 192.168.0.1 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 260: route delete limit out on fake0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 WARN: Checks disabled Rule deleted 261: route delete allow out on fake2 log WARN: Checks disabled Rule deleted 262: route delete allow out on fake0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp WARN: Checks disabled Rule deleted 263: route delete deny out on fake0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 264: route delete allow out on fake0 to any app Samba WARN: Checks disabled Rule deleted 265: route delete allow out on fake2 to any app Samba WARN: Checks disabled Rule deleted 266: route delete allow in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled Rule deleted 267: route delete allow in on fake0 out on fake2 WARN: Checks disabled Rule deleted Compare enable and ufw-init 268: disable 269: route allow 23/tcp 270: logging medium 271: enable 272: disable 273: tests/testarea/lib/ufw/ufw-init start 274: tests/testarea/lib/ufw/ufw-init stop 275: enable 276: route delete allow 23/tcp 277: logging low 278: disable Delete by number Setting IPV6 to yes 279: disable 280: enable 281: route allow 1 282: route allow 2 283: route allow 3 284: route allow 4 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 3 -j ACCEPT -A ufw-user-forward -p udp --dport 3 -j ACCEPT -- ### tuple ### route:allow any 4 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 4 -j ACCEPT -A ufw-user-forward -p udp --dport 4 -j ACCEPT ### tuple ### route:allow any 1 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 1 -j ACCEPT -A ufw6-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 2 -j ACCEPT -A ufw6-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 3 -j ACCEPT -A ufw6-user-forward -p udp --dport 3 -j ACCEPT -- ### tuple ### route:allow any 4 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 4 -j ACCEPT -A ufw6-user-forward -p udp --dport 4 -j ACCEPT 285: --force delete 8 ### tuple ### route:allow any 1 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 1 -j ACCEPT -A ufw6-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 2 -j ACCEPT -A ufw6-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 3 -j ACCEPT -A ufw6-user-forward -p udp --dport 3 -j ACCEPT 286: --force delete 4 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 3 -j ACCEPT -A ufw-user-forward -p udp --dport 3 -j ACCEPT 287: --force delete 6 ### tuple ### route:allow any 1 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 1 -j ACCEPT -A ufw6-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 2 -j ACCEPT -A ufw6-user-forward -p udp --dport 2 -j ACCEPT 288: --force delete 3 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT 289: --force delete 4 ### tuple ### route:allow any 1 ::/0 any ::/0 in -A ufw6-user-forward -p tcp --dport 1 -j ACCEPT -A ufw6-user-forward -p udp --dport 1 -j ACCEPT 290: --force delete 2 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT 291: --force delete 2 292: --force delete 1 Setting IPV6 to no 293: disable 294: enable 295: route allow 1 296: route allow 2 297: route allow 3 298: route allow 4 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 3 -j ACCEPT -A ufw-user-forward -p udp --dport 3 -j ACCEPT -- ### tuple ### route:allow any 4 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 4 -j ACCEPT -A ufw-user-forward -p udp --dport 4 -j ACCEPT 299: --force delete 4 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT -- ### tuple ### route:allow any 3 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 3 -j ACCEPT -A ufw-user-forward -p udp --dport 3 -j ACCEPT 300: --force delete 3 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT -- ### tuple ### route:allow any 2 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 2 -j ACCEPT -A ufw-user-forward -p udp --dport 2 -j ACCEPT 301: --force delete 2 ### tuple ### route:allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 1 -j ACCEPT -A ufw-user-forward -p udp --dport 1 -j ACCEPT 302: --force delete 1 Show added Setting IPV6 to yes 303: disable 304: enable 305: route limit 13/tcp 306: route allow in on fake0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 307: route deny Samba 308: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw route limit 13/tcp ufw route deny Samba ufw route allow in on fake0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 309: route delete limit 13/tcp 310: route delete allow in on fake0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 311: route delete deny Samba 312: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): (None) Setting IPV6 to no 313: disable 314: enable 315: route limit 13/tcp 316: route deny Samba 317: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw route limit 13/tcp ufw route deny Samba 318: route delete limit 13/tcp 319: route delete deny Samba 320: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): (None) 321: disable Checking status Setting IPV6 to yes Running: sysctl -w net.ipv4.ip_forward=0 Running: sysctl -w net.ipv6.conf.default.forwarding=0 Running: sysctl -w net.ipv6.conf.all.forwarding=0 322: disable 323: default allow routed WARN: Checks disabled Default routed policy changed to 'allow' (be sure to update your rules accordingly) 324: enable 325: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 Running: sysctl -w net.ipv6.conf.default.forwarding=1 Running: sysctl -w net.ipv6.conf.all.forwarding=1 326: disable 327: default allow routed WARN: Checks disabled Default routed policy changed to 'allow' (be sure to update your rules accordingly) 328: enable 329: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), allow (routed) New profiles: skip Setting IPV6 to no Running: sysctl -w net.ipv4.ip_forward=0 330: disable 331: default allow routed WARN: Checks disabled Default routed policy changed to 'allow' (be sure to update your rules accordingly) 332: enable 333: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 334: disable 335: default allow routed WARN: Checks disabled Default routed policy changed to 'allow' (be sure to update your rules accordingly) 336: enable 337: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), allow (routed) New profiles: skip Setting IPV6 to yes Running: sysctl -w net.ipv4.ip_forward=0 Running: sysctl -w net.ipv6.conf.default.forwarding=0 Running: sysctl -w net.ipv6.conf.all.forwarding=0 338: disable 339: default deny routed WARN: Checks disabled Default routed policy changed to 'deny' (be sure to update your rules accordingly) 340: enable 341: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 Running: sysctl -w net.ipv6.conf.default.forwarding=1 Running: sysctl -w net.ipv6.conf.all.forwarding=1 342: disable 343: default deny routed WARN: Checks disabled Default routed policy changed to 'deny' (be sure to update your rules accordingly) 344: enable 345: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip Setting IPV6 to no Running: sysctl -w net.ipv4.ip_forward=0 346: disable 347: default deny routed WARN: Checks disabled Default routed policy changed to 'deny' (be sure to update your rules accordingly) 348: enable 349: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 350: disable 351: default deny routed WARN: Checks disabled Default routed policy changed to 'deny' (be sure to update your rules accordingly) 352: enable 353: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip Setting IPV6 to yes Running: sysctl -w net.ipv4.ip_forward=0 Running: sysctl -w net.ipv6.conf.default.forwarding=0 Running: sysctl -w net.ipv6.conf.all.forwarding=0 354: disable 355: default reject routed WARN: Checks disabled Default routed policy changed to 'reject' (be sure to update your rules accordingly) 356: enable 357: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 Running: sysctl -w net.ipv6.conf.default.forwarding=1 Running: sysctl -w net.ipv6.conf.all.forwarding=1 358: disable 359: default reject routed WARN: Checks disabled Default routed policy changed to 'reject' (be sure to update your rules accordingly) 360: enable 361: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), reject (routed) New profiles: skip Setting IPV6 to no Running: sysctl -w net.ipv4.ip_forward=0 362: disable 363: default reject routed WARN: Checks disabled Default routed policy changed to 'reject' (be sure to update your rules accordingly) 364: enable 365: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip Running: sysctl -w net.ipv4.ip_forward=1 366: disable 367: default reject routed WARN: Checks disabled Default routed policy changed to 'reject' (be sure to update your rules accordingly) 368: enable 369: status verbose WARN: Checks disabled Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), reject (routed) New profiles: skip 370: disable ufw-0.36/tests/root/requirements/0000755000175000017500000000000013257465544016066 5ustar jamiejamieufw-0.36/tests/root/requirements/orig0000777000175000017500000000000013226727543021122 2../../defaultsustar jamiejamieufw-0.36/tests/root/requirements/runtest.sh0000755000175000017500000000135113257465544020131 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" do_extcmd "0" null ./tests/check-requirements -f exit 0 ufw-0.36/tests/root/requirements/result0000644000175000017500000000004313257465544017324 0ustar jamiejamie0: ./tests/check-requirements -f ufw-0.36/tests/root/valid6/0000755000175000017500000000000013404772663014525 5ustar jamiejamieufw-0.36/tests/root/valid6/orig0000777000175000017500000000000013226727543017564 2../../defaultsustar jamiejamieufw-0.36/tests/root/valid6/runtest.sh0000755000175000017500000004631113404772663016575 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw # This isn't available everywhere, so we will test it later sed -i "s/self.caps\['limit'\]\['6'\] = True/self.caps['limit']['6'] = False/" $TESTPATH/lib/python/ufw/backend.py echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "0" logging on grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" logging off grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" LOGGING ON grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result do_cmd "0" LOGGING OFF grep -h "LOG" `ls $TESTPATH/etc/ufw/*.rules` >> $TESTTMP/result echo "TESTING ARGS (default)" >> $TESTTMP/result do_cmd "0" enable do_cmd "0" default allow echo "ipv4:" >> $TESTTMP/result iptables -L -n | grep 'policy ' >> $TESTTMP/result echo "ipv6:" >> $TESTTMP/result ip6tables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" default deny echo "ipv4:" >> $TESTTMP/result iptables -L -n | grep 'policy ' >> $TESTTMP/result echo "ipv6:" >> $TESTTMP/result ip6tables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" DEFAULT ALLOW echo "ipv4:" >> $TESTTMP/result iptables -L -n | grep 'policy ' >> $TESTTMP/result echo "ipv6:" >> $TESTTMP/result ip6tables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" DEFAULT DENY echo "ipv4:" >> $TESTTMP/result iptables -L -n | grep 'policy ' >> $TESTTMP/result echo "ipv6:" >> $TESTTMP/result ip6tables -L -n | grep 'policy ' >> $TESTTMP/result grep -h "DEFAULT" $TESTPATH/etc/default/ufw >> $TESTTMP/result do_cmd "0" default deny do_cmd "0" disable echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result do_cmd "0" enable cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" disable cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" ENABLE cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result do_cmd "0" DISABLE cat $TESTPATH/etc/ufw/ufw.conf | egrep '^ENABLED' >> $TESTTMP/result echo "TESTING ARGS (allow/deny to/from)" >> $TESTTMP/result echo "Man page" >> $TESTTMP/result do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TO/FROM" >> $TESTTMP/result from="2001:db8::/32" to="2001:db8:3:4:5:6:7:8" for x in allow deny limit reject do context="2" if [ "$x" = "limit" ]; then context="5" fi do_cmd "0" $x from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 from $from grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 from $from port 80 grep -A$context "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result for y in udp tcp do do_cmd "0" $x from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to from $from port 80 proto $y grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y from $from grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y from $from grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" $x to $to port 25 proto $y from $from port 80 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete $x to $to port 25 proto $y from $from port 80 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result done done do_cmd "0" null --dry-run allow to 2001:db8:0000:0000:0000:0000:0000:0001/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port smtp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port tftp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port smtp from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port smtp from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port smtp proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port tftp from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port tftp from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port tftp proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port 23 proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23 from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23 from any port daytime proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port daytime from any port domain proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port daytime from any port domain proto udp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING NETMASK" >> $TESTTMP/result do_cmd "0" allow to ::1/0 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to ::1/0 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to ::1/32 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to ::1/32 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow from ::1/0 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow from ::1/0 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow from ::1/32 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow from ::1/32 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow from ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow from ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow from ::1/32 to ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow from ::1/32 to ::1/128 grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING MULTIPORT" >> $TESTTMP/result do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow 23,21,15:19,13/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow 23,21,15:19,13/udp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING IPSec" >> $TESTTMP/result do_cmd "0" allow to 10.0.0.1 proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete allow to 10.0.0.1 proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" deny to 10.0.0.1 from 10.4.0.0/16 proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete deny to 10.0.0.1 from 10.4.0.0/16 proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" limit to 10.0.0.1 proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete limit to 10.0.0.1 proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" reject to 10.0.0.1 from 10.4.0.0/16 proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" delete reject to 10.0.0.1 from 10.4.0.0/16 proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" reject to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete reject to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" deny to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete deny to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" allow to any proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow to any proto esp grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" deny to any proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete deny to any proto ah grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result cleanup exit 0 ufw-0.36/tests/root/valid6/result0000644000175000017500000013440113404772663015771 0ustar jamiejamieTESTING ARGS (logging) 0: logging on WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### 1: logging off WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### 2: LOGGING ON WARN: Checks disabled Logging enabled ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### 3: LOGGING OFF WARN: Checks disabled Logging disabled ### LOGGING ### ### END LOGGING ### ### LOGGING ### ### END LOGGING ### TESTING ARGS (default) 4: enable WARN: Checks disabled Firewall is active and enabled on system startup 5: default allow WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) ipv4: Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) ipv6: Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 6: default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) ipv4: Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) ipv6: Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="DROP" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 7: DEFAULT ALLOW WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) ipv4: Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) ipv6: Chain INPUT (policy ACCEPT) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="ACCEPT" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 8: DEFAULT DENY WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) ipv4: Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) ipv6: Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy ACCEPT) DEFAULT_INPUT_POLICY="DROP" DEFAULT_OUTPUT_POLICY="ACCEPT" DEFAULT_FORWARD_POLICY="DROP" DEFAULT_APPLICATION_POLICY="SKIP" 9: default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 10: disable WARN: Checks disabled Firewall stopped and disabled on system startup TESTING ARGS (enable/disable) 11: enable WARN: Checks disabled Firewall is active and enabled on system startup ENABLED=yes 12: disable WARN: Checks disabled Firewall stopped and disabled on system startup ENABLED=no 13: ENABLE WARN: Checks disabled Firewall is active and enabled on system startup ENABLED=yes 14: DISABLE WARN: Checks disabled Firewall stopped and disabled on system startup ENABLED=no TESTING ARGS (allow/deny to/from) Man page 15: deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp 25 ::/0 any 2001:db8::/32 in -A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j DROP 16: delete deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled Rules updated (v6) TO/FROM 17: allow from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT 18: delete allow from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 19: allow to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -j ACCEPT 20: delete allow to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) 21: allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 -j ACCEPT 22: delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 23: allow from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j ACCEPT 24: delete allow from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 25: allow to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT 26: delete allow to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) 27: allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT 28: delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 29: allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT 30: delete allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 31: allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT 32: delete allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 33: allow from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### allow udp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j ACCEPT 34: delete allow from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 35: allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT 36: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) 37: allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### allow udp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT 38: delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 39: allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT 40: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 41: allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT 42: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 43: allow from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j ACCEPT 44: delete allow from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 45: allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT 46: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) 47: allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT 48: delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 49: allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT 50: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 51: allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT 52: delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 53: deny from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j DROP 54: delete deny from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 55: deny to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -j DROP 56: delete deny to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) 57: deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 -j DROP 58: delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 59: deny from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j DROP 60: delete deny from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 61: deny to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP 62: delete deny to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) 63: deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP 64: delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 65: deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP 66: delete deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 67: deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP 68: delete deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 69: deny from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### deny udp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j DROP 70: delete deny from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 71: deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP 72: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) 73: deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### deny udp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP 74: delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 75: deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP 76: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 77: deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP 78: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 79: deny from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j DROP 80: delete deny from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 81: deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP 82: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) 83: deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP 84: delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 85: deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP 86: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 87: deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP 88: delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 89: limit from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 90: delete limit from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 91: limit to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 92: delete limit to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 93: limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 94: delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 95: limit from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 96: delete limit from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 97: limit to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 98: delete limit to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 99: limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 100: delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 101: limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 102: delete limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 103: limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 104: delete limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 105: limit from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 106: delete limit from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 107: limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 108: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 109: limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 110: delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 111: limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 112: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 113: limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 114: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 115: limit from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 116: delete limit from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 117: limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 118: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 119: limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 120: delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 121: limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 122: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 123: limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 124: delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 125: reject from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j REJECT 126: delete reject from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 127: reject to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any any 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -j REJECT 128: delete reject to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Rules updated (v6) 129: reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any any 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 -j REJECT 130: delete reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 131: reject from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j REJECT 132: delete reject from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 133: reject to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j REJECT 134: delete reject to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Rules updated (v6) 135: reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j REJECT 136: delete reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 137: reject to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT 138: delete reject to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 139: reject to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### reject any 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j REJECT 140: delete reject to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 141: reject from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### reject udp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j REJECT 142: delete reject from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 143: reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### reject udp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j REJECT 144: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Rules updated (v6) 145: reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) ### tuple ### reject udp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j REJECT 146: delete reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Rules updated (v6) 147: reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### reject udp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT 148: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 149: reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### reject udp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j REJECT 150: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 151: reject from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### reject tcp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset 152: delete reject from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 153: reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### reject tcp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j REJECT --reject-with tcp-reset 154: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Rules updated (v6) 155: reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### reject tcp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset 156: delete reject to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Rules updated (v6) 157: reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) ### tuple ### reject tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset 158: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Rules updated (v6) 159: reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) ### tuple ### reject tcp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j REJECT --reject-with tcp-reset 160: delete reject to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Rules updated (v6) 161: --dry-run allow to 2001:db8:0000:0000:0000:0000:0000:0001/128 162: allow to any port smtp from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 25 -j ACCEPT 163: delete allow to any port smtp from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) 164: allow to any port smtp from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 13 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT 165: delete allow to any port smtp from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) 166: allow to any port daytime from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 13 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT 167: delete allow to any port daytime from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) 168: allow to any port smtp from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 23 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 23 -j ACCEPT 169: delete allow to any port smtp from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) 170: allow to any port 23 from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 23 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 23 --sport 25 -j ACCEPT 171: delete allow to any port 23 from any port smtp WARN: Checks disabled Rules updated Rules updated (v6) 172: allow to any port tftp from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 69 -j ACCEPT 173: delete allow to any port tftp from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) 174: allow to any port tftp from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 13 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT 175: delete allow to any port tftp from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) 176: allow to any port daytime from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT 177: delete allow to any port daytime from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) 178: allow to any port tftp from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 23 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 23 -j ACCEPT 179: delete allow to any port tftp from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) 180: allow to any port 23 from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 23 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 23 --sport 69 -j ACCEPT 181: delete allow to any port 23 from any port tftp WARN: Checks disabled Rules updated Rules updated (v6) 182: allow to any port daytime from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow any 13 ::/0 23 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT -A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT 183: delete allow to any port daytime from any port 23 WARN: Checks disabled Rules updated Rules updated (v6) 184: allow to any port 23 from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow any 23 ::/0 13 ::/0 in -A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT -A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT 185: delete allow to any port 23 from any port daytime WARN: Checks disabled Rules updated Rules updated (v6) 186: allow to any port daytime from any port domain WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow any 13 ::/0 53 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT -A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT 187: delete allow to any port daytime from any port domain WARN: Checks disabled Rules updated Rules updated (v6) 188: allow to any port smtp from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 25 -j ACCEPT 189: delete allow to any port smtp from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 190: allow to any port smtp from any port daytime proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 13 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT 191: delete allow to any port smtp from any port daytime proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 192: allow to any port daytime from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 13 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT 193: delete allow to any port daytime from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 194: allow to any port smtp from any port 23 proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 25 ::/0 23 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 23 -j ACCEPT 195: delete allow to any port smtp from any port 23 proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 196: allow to any port 23 from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 23 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 23 --sport 25 -j ACCEPT 197: delete allow to any port 23 from any port smtp proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 198: allow to any port tftp from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 69 -j ACCEPT 199: delete allow to any port tftp from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) 200: allow to any port tftp from any port daytime proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 13 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT 201: delete allow to any port tftp from any port daytime proto udp WARN: Checks disabled Rules updated Rules updated (v6) 202: allow to any port daytime from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT 203: delete allow to any port daytime from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) 204: allow to any port tftp from any port 23 proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 69 ::/0 23 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 23 -j ACCEPT 205: delete allow to any port tftp from any port 23 proto udp WARN: Checks disabled Rules updated Rules updated (v6) 206: allow to any port 23 from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 23 ::/0 69 ::/0 in -A ufw6-user-input -p udp --dport 23 --sport 69 -j ACCEPT 207: delete allow to any port 23 from any port tftp proto udp WARN: Checks disabled Rules updated Rules updated (v6) 208: allow to any port daytime from any port 23 proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 13 ::/0 23 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT 209: delete allow to any port daytime from any port 23 proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 210: allow to any port 23 from any port daytime proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 23 ::/0 13 ::/0 in -A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT 211: delete allow to any port 23 from any port daytime proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 212: allow to any port daytime from any port domain proto tcp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow tcp 13 ::/0 53 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT 213: delete allow to any port daytime from any port domain proto tcp WARN: Checks disabled Rules updated Rules updated (v6) 214: allow to any port daytime from any port 23 proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13 ::/0 23 ::/0 in -A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT 215: delete allow to any port daytime from any port 23 proto udp WARN: Checks disabled Rules updated Rules updated (v6) 216: allow to any port 23 from any port daytime proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 23 ::/0 13 ::/0 in -A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT 217: delete allow to any port 23 from any port daytime proto udp WARN: Checks disabled Rules updated Rules updated (v6) 218: allow to any port daytime from any port domain proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13 ::/0 53 ::/0 in -A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT 219: delete allow to any port daytime from any port domain proto udp WARN: Checks disabled Rules updated Rules updated (v6) TESTING NETMASK 220: allow to ::1/0 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::1/0 any ::/0 in -A ufw6-user-input -d ::1/0 -j ACCEPT 221: delete allow to ::1/0 WARN: Checks disabled Rules updated (v6) 222: allow to ::1/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::1/32 any ::/0 in -A ufw6-user-input -d ::1/32 -j ACCEPT 223: delete allow to ::1/32 WARN: Checks disabled Rules updated (v6) 224: allow to ::1/128 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::1 any ::/0 in -A ufw6-user-input -d ::1 -j ACCEPT 225: delete allow to ::1/128 WARN: Checks disabled Rules updated (v6) 226: allow from ::1/0 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::/0 any ::1/0 in -A ufw6-user-input -s ::1/0 -j ACCEPT 227: delete allow from ::1/0 WARN: Checks disabled Rules updated (v6) 228: allow from ::1/32 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::/0 any ::1/32 in -A ufw6-user-input -s ::1/32 -j ACCEPT 229: delete allow from ::1/32 WARN: Checks disabled Rules updated (v6) 230: allow from ::1/128 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::/0 any ::1 in -A ufw6-user-input -s ::1 -j ACCEPT 231: delete allow from ::1/128 WARN: Checks disabled Rules updated (v6) 232: allow from ::1/32 to ::1/128 WARN: Checks disabled Rules updated (v6) ### tuple ### allow any any ::1 any ::1/32 in -A ufw6-user-input -d ::1 -s ::1/32 -j ACCEPT 233: delete allow from ::1/32 to ::1/128 WARN: Checks disabled Rules updated (v6) TESTING MULTIPORT 234: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT 235: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp WARN: Checks disabled Rules updated (v6) 236: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 13,80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 13,80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT 237: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp WARN: Checks disabled Rules updated (v6) 238: allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp WARN: Checks disabled Rules updated (v6) ### tuple ### allow tcp 13 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT 239: delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp WARN: Checks disabled Rules updated (v6) 240: allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT ### tuple ### allow udp 13,15:19,21,23 ::/0 24:26 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT 241: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled Rules updated Rules updated (v6) 242: allow 23,21,15:19,13/udp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### tuple ### allow udp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT 243: delete allow 23,21,15:19,13/udp WARN: Checks disabled Rules updated Rules updated (v6) TESTING IPSec 244: allow to 10.0.0.1 proto esp WARN: Checks disabled Rules updated ### tuple ### allow esp any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p esp -d 10.0.0.1 -j ACCEPT 245: delete allow to 10.0.0.1 proto esp WARN: Checks disabled Rules updated 246: deny to 10.0.0.1 from 10.4.0.0/16 proto esp WARN: Checks disabled Rules updated ### tuple ### deny esp any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p esp -d 10.0.0.1 -s 10.4.0.0/16 -j DROP 247: delete deny to 10.0.0.1 from 10.4.0.0/16 proto esp WARN: Checks disabled Rules updated 248: limit to 10.0.0.1 proto ah WARN: Checks disabled Rules updated ### tuple ### limit ah any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit 249: delete limit to 10.0.0.1 proto ah WARN: Checks disabled Rules updated 250: reject to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled Rules updated ### tuple ### reject ah any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p ah -d 10.0.0.1 -s 10.4.0.0/16 -j REJECT 251: delete reject to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled Rules updated 252: reject to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp WARN: Checks disabled Rules updated (v6) ### tuple ### reject esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j REJECT 253: delete reject to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp WARN: Checks disabled Rules updated (v6) 254: allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp WARN: Checks disabled Rules updated (v6) ### tuple ### allow esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT 255: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp WARN: Checks disabled Rules updated (v6) 256: deny to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah WARN: Checks disabled Rules updated (v6) ### tuple ### deny ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j DROP 257: delete deny to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah WARN: Checks disabled Rules updated (v6) 258: allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah WARN: Checks disabled Rules updated (v6) ### tuple ### allow ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT 259: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah WARN: Checks disabled Rules updated (v6) 260: allow to any proto esp WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow esp any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p esp -j ACCEPT ### tuple ### allow esp any ::/0 any ::/0 in -A ufw6-user-input -p esp -j ACCEPT 261: delete allow to any proto esp WARN: Checks disabled Rules updated Rules updated (v6) 262: deny to any proto ah WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### deny ah any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p ah -j DROP ### tuple ### deny ah any ::/0 any ::/0 in -A ufw6-user-input -p ah -j DROP 263: delete deny to any proto ah WARN: Checks disabled Rules updated Rules updated (v6) 264: disable ufw-0.36/tests/bugs/0000755000175000017500000000000013226727543013314 5ustar jamiejamieufw-0.36/tests/bugs/rules/0000755000175000017500000000000013257507473014450 5ustar jamiejamieufw-0.36/tests/bugs/rules/orig0000777000175000017500000000000013226727543017506 2../../defaultsustar jamiejamieufw-0.36/tests/bugs/rules/runtest.sh0000755000175000017500000000177013257465544016522 0ustar jamiejamie#!/bin/bash # Copyright 2008-2011 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "Bug #237446" >> $TESTTMP/result do_cmd "0" --dry-run allow to 111.12.34.2/4 # IPv6 Bugs sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "proto ipv6 when IPV6=yes" >> $TESTTMP/result do_cmd "0" --dry-run allow to any proto ipv6 sed -i 's/IPV6=yes/IPV6=no/' $TESTPATH/etc/default/ufw # End IPv6 Bugs exit 0 ufw-0.36/tests/bugs/rules/result0000644000175000017500000000561313257507473015716 0ustar jamiejamieBug #237446 0: --dry-run allow to 111.12.34.2/4 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 96.0.0.0/4 any 0.0.0.0/0 in -A ufw-user-input -d 96.0.0.0/4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT WARN: Rule changed after normalization Rules updated proto ipv6 when IPV6=yes 1: --dry-run allow to any proto ipv6 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ipv6 any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p ipv6 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated ufw-0.36/tests/bugs/misc/0000755000175000017500000000000013404772663014250 5ustar jamiejamieufw-0.36/tests/bugs/misc/orig0000777000175000017500000000000013226727543017307 2../../defaultsustar jamiejamieufw-0.36/tests/bugs/misc/runtest.sh0000755000175000017500000000646613404772663016327 0ustar jamiejamie#!/bin/bash # Copyright 2009-2012 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "Bug #319226" >> $TESTTMP/result mkdir $TESTPATH/etc/ufw/applications.d/.svn touch $TESTPATH/etc/ufw/applications.d/.hgignore cat > $TESTPATH/etc/ufw/applications.d/.testme << EOM [Bug319226] title=test 319226 description=test description ports=23/tcp EOM do_cmd "0" app list echo "Bug #337705" >> $TESTTMP/result sed -i 's/import ufw.frontend/import ufw.nonexistent/' $TESTPATH/usr/sbin/ufw do_cmd "1" null help sed -i 's/import ufw.nonexistent/import ufw.frontend/' $TESTPATH/usr/sbin/ufw echo "Bug #430053" >> $TESTTMP/result # files permissions are overridden when root expected="1" if [ "$UID" = "0" ]; then expected="0" fi sed -i 's/IPV6=.*/IPV6=no/' $TESTPATH/etc/default/ufw chmod 444 $TESTCONFIG/user.rules do_cmd "$expected" null allow 12345 chmod 644 $TESTCONFIG/user.rules sed -i 's/IPV6=.*/IPV6=yes/' $TESTPATH/etc/default/ufw chmod 444 $TESTCONFIG/user6.rules do_cmd "$expected" null allow 12345 chmod 644 $TESTCONFIG/user6.rules sed -i 's/IPV6=.*/IPV6=no/' $TESTPATH/etc/default/ufw chmod 444 $TESTPATH/etc/default/ufw do_cmd "$expected" null default deny chmod 644 $TESTPATH/etc/default/ufw chmod 444 $TESTPATH/etc/ufw/ufw.conf do_cmd "$expected" null logging medium chmod 644 $TESTPATH/etc/ufw/ufw.conf echo "Bug #480789" >> $TESTTMP/result sed -i 's/IPV6=.*/IPV6=yes/' $TESTPATH/etc/default/ufw for i in low on medium high full ; do do_cmd "0" null --dry-run logging $i e="1" if [ "$i" = "low" ] || [ "$i" = "on" ]; then e="0" fi do_cmd "0" nostats allow 13 for j in user.rules user6.rules ; do echo "checking for 'INVALID -j RETURN' in $j" >> $TESTTMP/result grep -q 'logging-deny .* INVALID -j RETURN' $TESTCONFIG/$j rc="$?" if [ "$rc" != "$e" ]; then echo "$i: got '$rc', expected '$e'" exit 1 fi done do_cmd "0" nostats delete allow 13 done sed -i 's/IPV6=.*/IPV6=yes/' $TESTPATH/etc/default/ufw echo "Bug #512131" >> $TESTTMP/result for i in off low on medium high full off ; do do_cmd "0" null logging $i e="0" if [ "$i" = "off" ]; then e="1" fi grep -q 'UFW LIMIT BLOCK' $TESTCONFIG/user.rules rc="$?" if [ "$rc" != "$e" ]; then echo "$i: got '$rc', expected '$e'" exit 1 fi done echo "Bug #568877" >> $TESTTMP/result do_cmd "0" null --dry-run allow in on iaslab echo "Bug #946332" >> $TESTTMP/result do_cmd "1" --dry-run echo "Bug #787955" >> $TESTTMP/result sed -i "s/DEFAULT_INPUT_POLICY=.*/DEFAULT_INPUT_POLICY=ACCEPT_NO_TRACK/" $TESTPATH/etc/default/ufw do_cmd "1" null --dry-run status sed -i "s/DEFAULT_INPUT_POLICY=.*/DEFAULT_INPUT_POLICY=ACCEPT/" $TESTPATH/etc/default/ufw exit 0 ufw-0.36/tests/bugs/misc/result0000644000175000017500000000355113404772663015515 0ustar jamiejamieBug #319226 0: app list WARN: Checks disabled Available applications: 0verkill A aZ9 _-.+ AIM Apache Apache Full Apache Secure Bind9 Bonjour CIFS Custom Web App Custom Web App2 DNS Deluge Dovecot IMAP Dovecot POP3 Dovecot Secure IMAP Dovecot Secure POP3 IMAP IMAPS IPP KTorrent Kerberos Admin Kerberos Full Kerberos KDC Kerberos Password LDAP LDAPS LPD MSN MSN SSL Mail submission Multi TCP Multi UDP NFS No Protocol OpenNTPD POP3 POP3S PeopleNearby SMTP SSH Samba Socks Telnet Transmission Transparent Proxy VNC WWW WWW Cache WWW Full WWW Secure XMPP Yahoo a aZ9 _-.+ qBittorrent svnserve Bug #337705 1: help Bug #430053 2: allow 12345 3: allow 12345 4: default deny 5: logging medium Bug #480789 6: --dry-run logging low 7: allow 13 checking for 'INVALID -j RETURN' in user.rules checking for 'INVALID -j RETURN' in user6.rules 8: delete allow 13 9: --dry-run logging on 10: allow 13 checking for 'INVALID -j RETURN' in user.rules checking for 'INVALID -j RETURN' in user6.rules 11: delete allow 13 12: --dry-run logging medium 13: allow 13 checking for 'INVALID -j RETURN' in user.rules checking for 'INVALID -j RETURN' in user6.rules 14: delete allow 13 15: --dry-run logging high 16: allow 13 checking for 'INVALID -j RETURN' in user.rules checking for 'INVALID -j RETURN' in user6.rules 17: delete allow 13 18: --dry-run logging full 19: allow 13 checking for 'INVALID -j RETURN' in user.rules checking for 'INVALID -j RETURN' in user6.rules 20: delete allow 13 Bug #512131 21: logging off 22: logging low 23: logging on 24: logging medium 25: logging high 26: logging full 27: logging off Bug #568877 28: --dry-run allow in on iaslab Bug #946332 29: --dry-run ERROR: not enough args Bug #787955 30: --dry-run status ufw-0.36/tests/bugs/apps/0000755000175000017500000000000013257512304014246 5ustar jamiejamieufw-0.36/tests/bugs/apps/orig0000777000175000017500000000000013226727543017317 2../../defaultsustar jamiejamieufw-0.36/tests/bugs/apps/runtest.sh0000755000175000017500000000612613257512304016316 0ustar jamiejamie#!/bin/bash # Copyright 2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "Bug (Samba IPV4 tuple text wrong when IPV6 is enabled" >> $TESTTMP/result sed -i 's/IPV6=.*/IPV6=yes/' $TESTPATH/etc/default/ufw do_cmd "0" allow in on eth1 to any app Samba grep -A2 "tuple" $TESTCONFIG/user.rules >> $TESTTMP/result grep -A2 "tuple" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow in on eth1 to any app Samba sed -i 's/IPV6=.*/IPV6=no/' $TESTPATH/etc/default/ufw echo "Bug (inserted Samba rules out of order when IPV6 is enabled" >> $TESTTMP/result sed -i 's/IPV6=.*/IPV6=yes/' $TESTPATH/etc/default/ufw do_cmd "0" allow in on eth0 do_cmd "0" allow to 192.168.0.2 do_cmd "0" allow to 192.168.0.3 do_cmd "0" allow in on eth1 do_cmd "0" allow in on eth2 do_cmd "0" insert 8 deny to any app Bind9 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result grep "^-A .*user-input" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete deny to any app Bind9 do_cmd "0" insert 8 deny to any app Samba grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result grep "^-A .*user-input" $TESTCONFIG/user6.rules >> $TESTTMP/result # this insert should look the same as the above do_cmd "0" delete deny to any app Samba do_cmd "0" insert 5 deny to any app Bind9 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result grep "^-A .*user-input" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete deny to any app Bind9 do_cmd "0" insert 5 deny to any app Samba grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result grep "^-A .*user-input" $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" delete allow in on eth0 do_cmd "0" delete allow to 192.168.0.2 do_cmd "0" delete allow to 192.168.0.3 do_cmd "0" delete allow in on eth1 do_cmd "0" delete allow in on eth2 do_cmd "0" delete deny to any app Samba grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result grep "^-A .*user-input" $TESTCONFIG/user6.rules >> $TESTTMP/result sed -i 's/IPV6=.*/IPV6=no/' $TESTPATH/etc/default/ufw echo "Bug #407810" >> $TESTTMP/result cp "$TESTPATH/etc/ufw/applications.d/samba" "$TESTPATH/etc/ufw/applications.d/bug407810" sed -i 's/Samba/bug407810/' "$TESTPATH/etc/ufw/applications.d/bug407810" do_cmd "0" app info bug407810 do_cmd "0" null allow bug407810 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result rm -f "$TESTPATH/etc/ufw/applications.d/bug407810" do_cmd "0" null delete allow bug407810 grep "^-A .*user-input" $TESTCONFIG/user.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/bugs/apps/result0000644000175000017500000001321613226727543015523 0ustar jamiejamieBug (Samba IPV4 tuple text wrong when IPV6 is enabled 0: allow in on eth1 to any app Samba WARN: Checks disabled Rules updated Rules updated (v6) ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth1 -A ufw-user-input -i eth1 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth1 -A ufw-user-input -i eth1 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth1 -A ufw6-user-input -i eth1 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in_eth1 -A ufw6-user-input -i eth1 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 1: delete allow in on eth1 to any app Samba Bug (inserted Samba rules out of order when IPV6 is enabled 2: allow in on eth0 WARN: Checks disabled Rules updated Rules updated (v6) 3: allow to 192.168.0.2 WARN: Checks disabled Rules updated 4: allow to 192.168.0.3 WARN: Checks disabled Rules updated 5: allow in on eth1 WARN: Checks disabled Rules updated Rules updated (v6) 6: allow in on eth2 WARN: Checks disabled Rules updated Rules updated (v6) 7: insert 8 deny to any app Bind9 WARN: Checks disabled Rules updated Rules updated (v6) -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw6-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw6-user-input -i eth2 -j ACCEPT 8: delete deny to any app Bind9 WARN: Checks disabled Rules updated Rules updated (v6) 9: insert 8 deny to any app Samba WARN: Checks disabled Rules updated Rules updated (v6) -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw6-user-input -i eth2 -j ACCEPT 10: delete deny to any app Samba WARN: Checks disabled Rules updated Rules updated (v6) 11: insert 5 deny to any app Bind9 WARN: Checks disabled Rules updated Rules updated (v6) -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw6-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw6-user-input -i eth2 -j ACCEPT 12: delete deny to any app Bind9 WARN: Checks disabled Rules updated Rules updated (v6) 13: insert 5 deny to any app Samba WARN: Checks disabled Rules updated Rules updated (v6) -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw6-user-input -i eth2 -j ACCEPT 14: delete allow in on eth0 WARN: Checks disabled Rules updated Rules updated (v6) 15: delete allow to 192.168.0.2 WARN: Checks disabled Rules updated 16: delete allow to 192.168.0.3 WARN: Checks disabled Rules updated 17: delete allow in on eth1 WARN: Checks disabled Rules updated Rules updated (v6) 18: delete allow in on eth2 WARN: Checks disabled Rules updated Rules updated (v6) 19: delete deny to any app Samba WARN: Checks disabled Rules updated Rules updated (v6) Bug #407810 20: app info bug407810 WARN: Checks disabled Profile: bug407810 Title: LanManager-like file and printer server for Unix Description: The bug407810 software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Ports: 137,138/udp 139,445/tcp 21: allow bug407810 -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_bug407810' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_bug407810' 22: delete allow bug407810 ufw-0.36/tests/bugs/apps/result.1.30000644000175000017500000001173413226727543016026 0ustar jamiejamieBug (Samba IPV4 tuple text wrong when IPV6 is enabled 0: allow in on eth1 to any app Samba WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth1 -A ufw-user-input -i eth1 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth1 -A ufw-user-input -i eth1 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' 1: delete allow in on eth1 to any app Samba Bug (inserted Samba rules out of order when IPV6 is enabled 2: allow in on eth0 WARN: Checks disabled Rules updated Rules updated (v6) 3: allow to 192.168.0.2 WARN: Checks disabled Rules updated 4: allow to 192.168.0.3 WARN: Checks disabled Rules updated 5: allow in on eth1 WARN: Checks disabled Rules updated Rules updated (v6) 6: allow in on eth2 WARN: Checks disabled Rules updated Rules updated (v6) 7: insert 8 deny to any app Bind9 WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -i eth2 -j ACCEPT 8: delete deny to any app Bind9 WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 9: insert 8 deny to any app Samba WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -i eth2 -j ACCEPT 10: delete deny to any app Samba WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 11: insert 5 deny to any app Bind9 WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -i eth2 -j ACCEPT 12: delete deny to any app Bind9 WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 13: insert 5 deny to any app Samba WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 -A ufw-user-input -i eth0 -j ACCEPT -A ufw-user-input -d 192.168.0.2 -j ACCEPT -A ufw-user-input -d 192.168.0.3 -j ACCEPT -A ufw-user-input -i eth1 -j ACCEPT -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth2 -j ACCEPT -A ufw6-user-input -i eth0 -j ACCEPT -A ufw6-user-input -i eth1 -j ACCEPT -A ufw6-user-input -i eth2 -j ACCEPT 14: delete allow in on eth0 WARN: Checks disabled Rules updated Rules updated (v6) 15: delete allow to 192.168.0.2 WARN: Checks disabled Rules updated 16: delete allow to 192.168.0.3 WARN: Checks disabled Rules updated 17: delete allow in on eth1 WARN: Checks disabled Rules updated Rules updated (v6) 18: delete allow in on eth2 WARN: Checks disabled Rules updated Rules updated (v6) 19: delete deny to any app Samba WARN: Checks disabled Rules updated Skipping IPv6 application rule. Need at least iptables 1.4 Bug #407810 20: app info bug407810 WARN: Checks disabled Profile: bug407810 Title: LanManager-like file and printer server for Unix Description: The bug407810 software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Ports: 137,138/udp 139,445/tcp 21: allow bug407810 -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_bug407810' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_bug407810' 22: delete allow bug407810 ufw-0.36/tests/check-locales0000755000175000017500000001433513257507473015007 0ustar jamiejamie#!/bin/sh # check-locales: verify ufw with the existing locales. This is Ubuntu/Debian # specific # # Copyright 2012-2015 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e usage() { cat <] -f force installation of locales -d directory with ufw mo files -p directory with ufw po files -D directory with to place mo files after converting from po -l locale to test -v verbose output Eg: # Run the C tests $ sudo `basename $0` -l C # Run the en tests $ sudo `basename $0` -l en # Run the sk tests, installing language-pack-sk* if needed $ sudo `basename $0` -l sk -i # Run the C tests $ sudo `basename $0` -d /tmp/ufw-translations # Run the all tests where we have translations, installing language-packs as # needed. $ sudo `basename $0` -l sk -i EOM } is_root() { if id | egrep -q '^uid=0' ; then return 0 fi return 1 } install_langpack() { local myloc=`echo "$1" | sed 's#_.*$##'` langpack="language-pack-$myloc*" if ! dpkg-query -l "$langpack" 2>&1 | egrep -q '^ii' ; then echo "Installing '$langpack'" apt-get install -y --force-yes "$langpack" fi } has_locale() { local myloc="$1" if locale -a | egrep -q "^${myloc}.utf8$" ; then return 0 elif locale -a | egrep -q "^${myloc}_.*.utf8$" ; then return 0 fi return 1 } gen_locale() { local myloc="${1}".UTF-8 echo "Running 'locale-gen $myloc'" locale-gen "$myloc" echo "" } runcmd() { local myloc="$1" shift myargs=$* echo "Test ($myloc): $myargs" count=$((count+1)) if [ "$verbose" = "yes" ]; then LC_ALL="$myloc" ufw $myargs || { err_count=$((err_count+1)) return 1 } else LC_ALL="$myloc" ufw $myargs >/dev/null || { err_count=$((err_count+1)) return 1 } fi echo "" } run_tests() { local myloc="$1" local locales="$myloc" if [ "$myloc" != "C" ] && echo "$myloc" | grep -qv "_" ; then locales="${myloc}.utf8 `locale -a | egrep "^${myloc}_.*.utf8$"`" fi local loc= myerr="" for loc in $locales ; do runcmd "$loc" status || myerr="yes" runcmd "$loc" allow 22/tcp || myerr="yes" runcmd "$loc" --force enable || myerr="yes" runcmd "$loc" allow 80 || myerr="yes" runcmd "$loc" allow from 192.168.254.1 || myerr="yes" runcmd "$loc" status || myerr="yes" runcmd "$loc" status verbose || myerr="yes" runcmd "$loc" status numbered || myerr="yes" runcmd "$loc" delete allow from 192.168.254.1 || myerr="yes" runcmd "$loc" delete allow 80 || myerr="yes" runcmd "$loc" delete allow 22/tcp || myerr="yes" # nonexistent rules runcmd "$loc" delete allow 23 || myerr="yes" # disable runcmd "$loc" disable || myerr="yes" done if [ "$myerr" = "yes" ]; then return 1 fi return 0 } # # Main # if ! is_root ; then echo "Must be root to run this script" >&2 exit 2 fi force= ufw_locales="/usr/share/ufw/messages" ufw_locale="*" verbose= install= while getopts "hfid:l:v" opt do case "$opt" in f) force="yes";; d) ufw_locales=`echo "$OPTARG" | sed 's#/\+$##'`;; l) ufw_locale="$OPTARG";; i) install="yes";; v) verbose="yes";; h) usage ; exit 0;; ?) usage;; esac done shift $(($OPTIND - 1)) if [ "$ufw_locale" != "*" ]; then if [ "$ufw_locale" = "C" ]; then ufw_locale="C" elif ls -1 "$ufw_locales/$ufw_locale"*.mo >/dev/null 2>&1 ; then ufw_locale="${ufw_locale}*" fi fi if [ ! -d "$ufw_locales" ]; then echo "'$ufw_locales' is not a directory" >&2 usage exit 1 fi if [ "$force" != "yes" ]; then echo "This script will alter your system by generating locales and running" echo "various ufw commands. It will not clean up generated locales and may" echo "alter your system in other ways. This should not be used on a" echo -n "production system. Proceed (y|N)? " read ans if [ "$ans" != "y" ] && [ "$ans" != "Y" ]; then echo "Aborting" >&2 exit 2 fi fi if [ "$install" = "yes" ] && [ "$ufw_locale" != "C" ]; then echo "Configuring locales..." if ls -1 "$ufw_locales"/$ufw_locale.mo >/dev/null 2>&1 ; then for i in `ls "$ufw_locales"/$ufw_locale.mo` ; do loc=`basename $i | sed 's#\.mo$##'` if ! install_langpack "$loc" ; then echo "Could not install langpack for '$loc'. Skipping" continue fi if ! has_locale "$loc" ; then if ! gen_locale "$loc" ; then echo "Could not generate locale '$loc'. Skipping" continue fi fi done else if ! install_langpack "$ufw_locale" ; then echo "Could not install langpack for '$ufw_locale'. Skipping" continue fi if ! has_locale "$ufw_locale" ; then if ! gen_locale "$ufw_locale" ; then echo "Could not generate locale '$ufw_locale'. Skipping" continue fi fi fi echo "Done configuring locales" fi count=0 err_count=0 if [ "$ufw_locale" = "C" ] || ! ls -1 "$ufw_locales"/$ufw_locale.mo >/dev/null 2>&1 ; then run_tests "$ufw_locale" || echo FAIL else echo "Testing locales in '$ufw_locales'" for i in `ls "$ufw_locales"/$ufw_locale.mo` ; do loc=`basename $i | sed 's#\.mo$##'` run_tests "$loc" || echo FAIL done fi echo "--" echo "Test summary: $count tests, $err_count failures" if [ $err_count -ne 0 ]; then exit 1 fi ufw-0.36/tests/defaults/0000755000175000017500000000000013226727543014163 5ustar jamiejamieufw-0.36/tests/defaults/profiles/0000755000175000017500000000000013257465544016012 5ustar jamiejamieufw-0.36/tests/defaults/profiles/dovecot0000644000175000017500000000120013226727543017365 0ustar jamiejamie[Dovecot POP3] title=Secure mail server (POP3) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=110/tcp [Dovecot Secure POP3] title=Secure mail server (POP3S) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=995/tcp [Dovecot IMAP] title=Secure mail server (IMAP) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=143/tcp [Dovecot Secure IMAP] title=Secure mail server (IMAPS) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=993/tcp ufw-0.36/tests/defaults/profiles/webapp0000644000175000017500000000040613226727543017207 0ustar jamiejamie[Custom Web App] title=Example profile for a custom web application description=Some nice descriptive text here ports=8080/tcp [Custom Web App2] title=Example profile for a custom web application description=Some nice descriptive text here ports=8080:8089/tcp ufw-0.36/tests/defaults/profiles/apache.rpmnew0000644000175000017500000000021513226727543020457 0ustar jamiejamie[Apache-rpmnew] title=Apache Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/openntpd0000644000175000017500000000043113226727543017556 0ustar jamiejamie[OpenNTPD] title=OpenBSD NTP daemon description=NTP, the Network Time Protocol, is used to keep the computer clocks synchronized. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. ports=123/udp ufw-0.36/tests/defaults/profiles/apache0000644000175000017500000000062713226727543017157 0ustar jamiejamie[Apache] title=Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80/tcp [Apache Secure] title=Web Server (HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=443/tcp [Apache Full] title=Web Server (HTTP,HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/good_name0000644000175000017500000000023313226727543017657 0ustar jamiejamie[a aZ9 _-.+] title=Example title description=Example description ports=80/tcp [A aZ9 _-.+] title=Example title description=Example description ports=80 ufw-0.36/tests/defaults/profiles/apache.dpkg-new0000644000175000017500000000021713226727543020665 0ustar jamiejamie[Apache-dpkg-new] title=Apache Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/apache.dpkg-dist0000644000175000017500000000022013226727543021031 0ustar jamiejamie[Apache-dpkg-dist] title=Apache Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/bind90000644000175000017500000000043413226727543016737 0ustar jamiejamie[Bind9] title=Internet Domain Name Server description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supportsed by the Internet Software Consortium, www.isc.org. ports=53 ufw-0.36/tests/defaults/profiles/good_multi0000644000175000017500000000024213226727543020071 0ustar jamiejamie[Multi TCP] title=Mutli TCP description=Example description ports=1234,5678/tcp [Multi UDP] title=Multi UDP description=Example description ports=1234,5678/udp ufw-0.36/tests/defaults/profiles/apache.dpkg-old0000644000175000017500000000021713226727543020652 0ustar jamiejamie[Apache-dpkg-old] title=Apache Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/apache.rpmsave0000644000175000017500000000021613226727543020625 0ustar jamiejamie[Apache-rpmsave] title=Apache Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/tests/defaults/profiles/good_no_proto0000644000175000017500000000011413226727543020574 0ustar jamiejamie[No Protocol] title=No Protocol description=Example description ports=1234 ufw-0.36/tests/defaults/profiles/samba0000644000175000017500000000057113226727543017017 0ustar jamiejamie[Samba] title=LanManager-like file and printer server for Unix description=The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. ports=137,138/udp|139,445/tcp ufw-0.36/tests/defaults/profiles/0verkill0000644000175000017500000000013513257465544017464 0ustar jamiejamie[0verkill] title=0verkill description=A ASCII-art 2D deathmatch game ports=6666/udp|6666/tcp ufw-0.36/tests/defaults/profiles.bad/0000755000175000017500000000000013226727543016533 5ustar jamiejamieufw-0.36/tests/defaults/profiles.bad/bad_no_proto0000644000175000017500000000013513226727543021122 0ustar jamiejamie[No Protocol Multi] title=No Protocol Multi description=Example description ports=1234,5678 ufw-0.36/tests/defaults/profiles.bad/bad_title0000644000175000017500000000031313226727543020402 0ustar jamiejamie[bad-title1] titl=Example profile for a custom web application description=Some nice descriptive text here ports=8080/tcp [bad-title2] title= description=Some nice descriptive text here ports=8080/tcp ufw-0.36/tests/defaults/profiles.bad/bad_description0000644000175000017500000000021613226727543021606 0ustar jamiejamie[bad-description1] title=Example title description= ports=80 [bad-description2] title=Example title descriptin=Example description ports=80 ufw-0.36/tests/defaults/profiles.bad/bad_name20000644000175000017500000000021713226727543020266 0ustar jamiejamie[bad-name title=Example title description=Example description ports=80 bad-name] title=Example title description=Example description ports=80 ufw-0.36/tests/defaults/profiles.bad/bad_ports0000644000175000017500000000060013226727543020427 0ustar jamiejamie[bad-ports1] title=Example title description=Example description port=80 [bad-ports2] title=Example title description=Example description ports=8o [bad-ports3] title=Example title description=Example description ports=:80 [bad-ports4] title=Example title description=Example description ports=80/tcp 53/udp [bad-ports5] title=Example title description=Example description ports= ufw-0.36/tests/defaults/profiles.bad/bad_name0000644000175000017500000000057513226727543020213 0ustar jamiejamie[bad-name&] title=Example title description=Example description ports=80 [;bad-name] title=Example title description=Example description ports=80 [22] title=Example title description=Example description ports=80 [foo;cat /etc/passwd] title=Example title description=Example description ports=80 [ssh] title=OpenSSH Server description=profile name in /etc/services ports=22/tcp ufw-0.36/tests/unit/0000755000175000017500000000000013404772663013334 5ustar jamiejamieufw-0.36/tests/unit/test_skeleton.py0000644000175000017500000000221313404772663016567 0ustar jamiejamie# # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import unittest import tests.unit.support class SkeletonTestCase(unittest.TestCase): def setUp(self): pass def tearDown(self): pass def test_example(self): '''Test example dummy test''' import ufw.common try: raise ufw.common.UFWError("test") except ufw.common.UFWError: pass def test_main(): # used by runner.py tests.unit.support.run_unittest( SkeletonTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/runner.py0000755000175000017500000000665113404772663015232 0ustar jamiejamie#!/usr/bin/python # # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # find_tests(), runtest() and main() inspired by regrtest.py from Python 3.1 # Copyright (c) 2001-2010 Python Software Foundation; All Rights Reserved # from __future__ import print_function import os import sys def find_tests(testdir=None, testscripts=[]): '''Find tests''' if not testdir: if __name__ == '__main__': fn = sys.argv[0] else: print("TODO: find_tests() when imported") sys.exit(1) testdir = os.path.dirname(fn) if len(testscripts) > 1: names = testscripts[1:] else: names = os.listdir(testdir) tests = [] for name in names: if name[:5] == "test_" and name[-3:] == ".py": tests.append(name[:-3]) tests.sort() return tests def runtest(test): '''Run test''' pkg = __import__("tests.unit." + test, globals(), locals(), []) unit_pkg = getattr(pkg, "unit") mod = getattr(unit_pkg, test) print(test) mod.test_main() if __name__ == '__main__': # Create the unittest symlink so imports work if not os.path.islink("./ufw"): os.symlink("./src", "./ufw") # Replace runner.py's directory from the search path, and add our own # so we can properly namespace our modules d = os.path.abspath(os.path.normpath(os.path.dirname(sys.argv[0]))) testdir = os.path.dirname(d) testdir = os.path.dirname(os.path.dirname(d)) i = len(sys.path) while i >= 0: i -= 1 if os.path.abspath(os.path.normpath(sys.path[i])) == d: sys.path[i] = testdir print("DEBUG: sys.path=%s" % sys.path) tests = find_tests(testscripts=sys.argv) print("DEBUG: test=%s" % str(tests)) # Import this here, so we are guaranteed to get ours from topdir from tests.unit.support import TestFailed passed = [] failed = [] skipped = [] for test in tests: try: runtest(test) passed.append(test) except KeyboardInterrupt: # kill this test, but still do others print("") break except TestFailed as e: failed.append(test) except Exception: raise # cleanup for m in list(sys.modules.keys()): if m.startswith("tests.unit.") and m != "tests.unit.support": try: del sys.modules[m] except KeyError: pass # Cleanup our symlink if os.path.islink("./ufw"): os.unlink("./ufw") print("") print("------------------") print("Unit tests summary") print("------------------") print("Total=%d (Passed=%d, Failed=%d)" % (len(passed) + len(failed), len(passed), len(failed))) if len(failed) > 0: sys.exit(1) ufw-0.36/tests/unit/test_parser.py0000644000175000017500000011027113404772663016243 0ustar jamiejamie# # Copyright 2013-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import re import sys import unittest import tests.unit.support import ufw.parser class ParserTestCase(unittest.TestCase): def setUp(self): self.parser = ufw.parser.UFWParser() # Basic commands for i in ['enable', 'disable', 'help', '--help', 'version', \ '--version', 'reload', 'reset' ]: self.parser.register_command(ufw.parser.UFWCommandBasic(i)) # Application commands for i in ['list', 'info', 'default', 'update']: self.parser.register_command(ufw.parser.UFWCommandApp(i)) # Logging commands for i in ['on', 'off', 'low', 'medium', 'high', 'full']: self.parser.register_command(ufw.parser.UFWCommandLogging(i)) # Default commands for i in ['allow', 'deny', 'reject']: self.parser.register_command(ufw.parser.UFWCommandDefault(i)) # Status commands ('status', 'status verbose', 'status numbered') for i in [None, 'verbose', 'numbered']: self.parser.register_command(ufw.parser.UFWCommandStatus(i)) # Show commands for i in ['raw', 'before-rules', 'user-rules', 'after-rules', \ 'logging-rules', 'builtins', 'listening', 'added']: self.parser.register_command(ufw.parser.UFWCommandShow(i)) # Rule commands rule_commands = ['allow', 'limit', 'deny', 'reject', 'insert', \ 'delete', 'prepend'] for i in rule_commands: self.parser.register_command(ufw.parser.UFWCommandRule(i)) self.parser.register_command(ufw.parser.UFWCommandRouteRule(i)) def tearDown(self): pass def test_ufwcommand_parse_empty(self): '''Test UFWCommand.parse([])''' c = ufw.parser.UFWCommand('basic', 'status') tests.unit.support.check_for_exception(self, ValueError, \ c.parse, []) def test_ufwcommand_help(self): '''Test UFWCommand.help()''' c = ufw.parser.UFWCommand('basic', 'status') tests.unit.support.check_for_exception(self, ufw.common.UFWError, \ c.help, []) def test_ufwcommand_parse_basic_help(self): '''Test parser.parse_command() - help''' pr = self.parser.parse_command(['help']) search = repr("action='help'\n") self.assertTrue(str(pr) == search, "'%s' != '%s'" % (str(pr), search)) def test_ufwcommand_parse(self): '''Test UFWCommand.parse()''' c = ufw.parser.UFWCommand('basic', 'status') pr = c.parse(['status']) self.assertEquals('status', pr.action, "%s != 'status'" % (pr.action)) def test_ufwcommandbasic_parse_with_arg(self): '''Test UFWCommand.parse() - basic with arg''' parser = ufw.parser.UFWParser() c = ufw.parser.UFWCommandBasic('enable') tests.unit.support.check_for_exception(self, ValueError, \ c.parse, ['enable', 'OpenSSH']) def test_ufwparser_response(self): '''Test UFWParserResponse.str()''' cmd = 'rule allow 22' pr = self.parser.parse_command(cmd.split()) s = str(pr) search = repr("action='allow',iptype='both'," + \ "rule='-p all --dport 22 -j ACCEPT',type='rule'\n") self.assertTrue(s == search, "'%s' != '%s'" % (s, search)) self.assertFalse(pr.dryrun) self.assertFalse(pr.force) cmd = '--dry-run rule allow 22' pr = self.parser.parse_command(cmd.split()) s = str(pr) search = repr("action='allow',iptype='both'," + \ "rule='-p all --dport 22 -j ACCEPT',type='rule'\n") self.assertTrue(s == search, "'%s' != '%s'" % (s, search)) self.assertTrue(pr.dryrun) self.assertFalse(pr.force) cmd = '--force rule allow 22' pr = self.parser.parse_command(cmd.split()) s = str(pr) search = repr("action='allow',iptype='both'," + \ "rule='-p all --dport 22 -j ACCEPT',type='rule'\n") self.assertTrue(s == search, "'%s' != '%s'" % (s, search)) self.assertTrue(pr.force) def test_ufwparser_register_command(self): '''Test UFWParser.register_command()''' parser = ufw.parser.UFWParser() c = ufw.parser.UFWCommandBasic('enable') parser.register_command(c) self.assertTrue('basic' in parser.commands) self.assertTrue('enable' in parser.commands['basic']) # Register an already existing command tests.unit.support.check_for_exception(self, ufw.common.UFWError, \ parser.register_command, c) def test_ufwparser_register_command_none(self): '''Test UFWParser.register_command()''' parser = ufw.parser.UFWParser() c = ufw.parser.UFWCommandBasic('enable') c.command = None parser.register_command(c) self.assertTrue('basic' in parser.commands) self.assertTrue('basic' in parser.commands['basic']) def test_ufwparser_allowed_command(self): '''Test UFWParser.allowed_command()''' # Valid commands cmd = 'enable' res = self.parser.allowed_command('basic', cmd) search = cmd.lower() self.assertTrue(res == search, "'%s' != '%s'" % (res, search)) cmd = 'enable' res = self.parser.allowed_command('basic', cmd.upper()) search = cmd.lower() self.assertTrue(res == search, "'%s' != '%s'" % (res, search)) # Invalid commands tests.unit.support.check_for_exception(self, ValueError, \ self.parser.allowed_command, 'basic', 'nonexistent') tests.unit.support.check_for_exception(self, ValueError, \ self.parser.allowed_command, 'nonexistent', 'allow') def test_ufwcommand_rule_get_command(self): '''Test UFWCommand(Route)Rule.get_command()''' count = 0 cmds = tests.unit.support.get_sample_rule_commands_simple() cmds += tests.unit.support.get_sample_rule_commands_extended() cmds += tests.unit.support.get_sample_rule_commands_extended(v6=True) cmds += [ ['rule', 'reject', 'from', 'any', 'app', 'Apache'], ['rule', 'reject', 'from', 'any', 'port', 'smtp'], ['route', 'reject', 'from', 'any', 'app', 'Apache'], ['route', 'reject', 'from', 'any', 'port', 'smtp'], ['route', 'allow', 'out', 'on', 'eth1', 'in', 'on', 'eth0'], ] errors = [] for cmd in cmds: count += 1 #print(" ".join(cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the cmd, not a reference pr = self.parser.parse_command(cmd + []) if cmd[0] == 'rule': res = ufw.parser.UFWCommandRule.get_command(pr.data['rule']) else: res = ufw.parser.UFWCommandRouteRule.get_command( pr.data['rule']) # First, feed the res rule into parse() (we need to split the # string but preserve quoted substrings if sys.version_info[0] < 3: test_cmd = [cmd[0]] + \ [p.strip("'").encode('utf-8') for p in re.split("( |'.*?')", res) if p.strip()] else: test_cmd = [cmd[0]] + \ [p.strip("'") for p in re.split("( |'.*?')", res) if p.strip()] try: self.parser.parse_command(test_cmd + []) except ufw.common.UFWError: self.assertTrue(False, "get_command() returned invalid rule:\n" + \ " orig=%s\n pr.data['rule']=%s\n result=%s" % \ (cmd, pr.data['rule'], test_cmd)) # Next, verify the output is what we expect. We need to massage the # cmd_compare output a bit first since many rules can be expressed # using the same syntax. Eg, these are all the same rule and # get_command() typically outputs the simplest form: # ufw allow 22 # ufw allow in 22 # ufw allow to any port 22 # ufw allow from any to any port 22 # ufw rule allow 22 # ufw rule allow in 22 # ufw rule allow to any port 22 # ufw rule allow from any to any port 22 # Note, cmd_compare contains the rules we get from # tests.unit.support.get_sample_rule_commands* cmd_compare = [] # store off command so we can add it at the end after the massaging comment = "" if 'comment' in cmd: comment_idx = cmd.index('comment') comment = cmd[comment_idx + 1] del cmd[comment_idx + 1] del cmd[comment_idx] for i in cmd: if ' ' in i: # quote anything with a space for comparisons cmd_compare.append("'%s'" % i) else: cmd_compare.append(i) # remove 'in' on rules without an interface if 'in' in cmd_compare and 'on' not in cmd_compare: cmd_compare.remove('in') # use '1/tcp' instead of 'tcpmux' for simple rules and # 'port 1 proto tcp' for extended if 'tcpmux' in cmd_compare: if 'to' in cmd_compare or 'from' in cmd_compare: # extended cmd_compare[cmd_compare.index('tcpmux')] = '1' if 'proto' not in cmd_compare: cmd_compare.append('proto') cmd_compare.append('tcp') if 'tcpmux' in cmd_compare: # can have 2 in extended rules cmd_compare[cmd_compare.index('tcpmux')] = '1' else: # simple cmd_compare[cmd_compare.index('tcpmux')] = '1/tcp' # use '21/udp' instead of 'fsp' for simple rules and # 'port 21 proto udp' for extended if 'fsp' in cmd_compare: if 'to' in cmd_compare or 'from' in cmd_compare: # extended cmd_compare[cmd_compare.index('fsp')] = '21' if 'proto' not in cmd_compare: cmd_compare.append('proto') cmd_compare.append('udp') if 'fsp' in cmd_compare: # can have 2 in extended rules cmd_compare[cmd_compare.index('fsp')] = '21' else: # simple rule cmd_compare[cmd_compare.index('fsp')] = '21/udp' # use 'port 25 proto tcp' in extended rules if 'smtp' in cmd_compare and 'proto' not in cmd_compare: cmd_compare[cmd_compare.index('smtp')] = '25' cmd_compare.append('proto') cmd_compare.append('tcp') # remove 'from any' clause when used without port or app if 'from' in cmd_compare and \ cmd_compare[cmd_compare.index('from') + 1] == 'any' and \ (len(cmd_compare) - 2 == cmd_compare.index('from') or \ (cmd_compare.index('from') + 2 < len(cmd_compare) and \ cmd_compare[cmd_compare.index('from') + 2] != 'port' and \ cmd_compare[cmd_compare.index('from') + 2] != 'app')): del cmd_compare[cmd_compare.index('from') + 1] cmd_compare.remove('from') # remove 'to any' clause when used without port or app when 'from' # 'proto' or 'on' is present ('from' will not be 'any' because of # above) if ('from' in cmd_compare or 'proto' in cmd_compare or \ 'on' in cmd_compare) and 'to' in cmd_compare and \ cmd_compare[cmd_compare.index('to') + 1] == 'any' and \ (len(cmd_compare) - 2 == cmd_compare.index('to') or \ (cmd_compare.index('to') + 2 < len(cmd_compare) and \ cmd_compare[cmd_compare.index('to') + 2] != 'port' and \ cmd_compare[cmd_compare.index('to') + 2] != 'app')): del cmd_compare[cmd_compare.index('to') + 1] cmd_compare.remove('to') # remove 'to any' if no 'from' clause (ie, convert extended to # simple) if 'to' in cmd_compare and 'from' not in cmd_compare and \ cmd_compare[cmd_compare.index('to') + 1] == 'any' and \ cmd_compare.index('to') + 2 < len(cmd_compare) and \ 'on' not in cmd_compare: if 'port' in cmd_compare: port = "%s" % cmd_compare[cmd_compare.index('port') + 1] if 'proto' in cmd_compare: port += "/%s" % \ cmd_compare[cmd_compare.index('proto') + 1] del cmd_compare[cmd_compare.index('proto') + 1] cmd_compare.remove('proto') del cmd_compare[cmd_compare.index('port') + 1] cmd_compare.remove('port') del cmd_compare[cmd_compare.index('to') + 1] cmd_compare.remove('to') cmd_compare.append(port) elif 'app' in cmd_compare: del cmd_compare[cmd_compare.index('to') + 2] del cmd_compare[cmd_compare.index('to') + 1] cmd_compare.remove('to') # add back 'to any' if have no 'to', 'from' or 'on' and have either # proto or the last entry in cmd_compare indicates generic extended # rule generics = ['in', 'out', 'allow', 'deny', 'reject', 'limit'] if 'to' not in cmd_compare and 'from' not in cmd_compare and \ 'on' not in cmd_compare and ('proto' in cmd_compare or \ cmd_compare[-1].startswith('log') or \ cmd_compare[-1] in generics): if 'proto' in cmd_compare: cmd_compare.insert(cmd_compare.index('proto'), "to") cmd_compare.insert(cmd_compare.index('proto'), "any") else: cmd_compare.append("to") cmd_compare.append("any") # flip 'in on' and 'out on' for route rules ('in on' is always # listed first if cmd_compare[0] == 'route' and \ 'out' in cmd_compare and 'in' in cmd_compare and \ cmd_compare.index('out') < cmd_compare.index('in'): tmp_out_idx = cmd_compare.index('out') tmp_outif = cmd_compare[tmp_out_idx + 2] tmp_in_idx = cmd_compare.index('in') tmp_inif = cmd_compare[tmp_in_idx + 2] cmd_compare[tmp_out_idx] = 'in' cmd_compare[tmp_out_idx + 2] = tmp_inif cmd_compare[tmp_in_idx] = 'out' cmd_compare[tmp_in_idx + 2] = tmp_outif # add comment back if comment != "": cmd_compare.append('comment') compare_str = " ".join(cmd_compare) if sys.version_info[0] < 3: compare_str += " '%s'" % comment.decode('utf-8') else: compare_str += " '%s'" % comment cmd_compare.append(comment) else: compare_str = " ".join(cmd_compare) if "%s %s" % (cmd[0], res) != compare_str: errors.append(" \"%s %s\" != \"%s\" (orig=%s)" % (cmd[0], res, compare_str, cmd)) #print("Result: rule %s" % res) self.assertEquals(len(errors), 0, "Rules did not match:\n%s\n(%d of %d)" % \ ("\n".join(errors), len(errors), count)) print("%d rules checked" % count) def test_simple_parse(self): '''Test simple rule syntax''' count = 0 cmds = tests.unit.support.get_sample_rule_commands_simple() for cmd in cmds: count += 1 #print(" ".join(cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a helper action = cmd[1] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) del_cmd = cmd + [] del_cmd.insert(1, 'delete') #print(" ".join(del_cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the del_cmd, not a reference pr = self.parser.parse_command(del_cmd + []) # TODO: more tests here by sending the cmd and the pr to a helper action = del_cmd[2] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) ins_cmd = cmd + [] ins_cmd.insert(1, 'insert') ins_cmd.insert(2, '1') #print(" ".join(ins_cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the del_cmd, not a reference pr = self.parser.parse_command(ins_cmd + []) # TODO: more tests here by sending the cmd and the pr to a helper action = ins_cmd[3] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) print("%d rules checked" % count) def test_misc_rules_parse(self): '''Test rule syntax - miscellaneous''' cmds = [ ['delete', 'allow', '22'], ['deny', 'from', 'any', 'port', 'domain', 'to', 'any', \ 'port', 'tftp'], ['allow', 'to', 'any', 'proto', 'gre'], ['deny', 'to', 'any', 'proto', 'ipv6'], ['allow', 'to', 'any', 'proto', 'igmp'], ['reject', 'to', 'any', 'proto', 'esp'], ['deny', 'to', '224.0.0.1', 'proto', 'igmp'], ['deny', 'in', 'on', 'eth0', 'to', '224.0.0.1', 'proto', \ 'igmp'], ['allow', 'in', 'on', 'eth0', 'to', '192.168.0.1', 'proto', \ 'gre'], ['deny', 'to', 'any', 'proto', 'ah'], ['allow', 'out', 'on', 'br_lan'], ] count = 0 for rtype in ['route', 'rule']: if rtype == 'rule': cmds.append(['delete', '1']) for cmd in cmds: #print(" ".join(cmd)) count += 1 # Note, parser.parse_command() modifies its arg, so pass a copy of # the cmd, not a reference self.parser.parse_command([rtype] + cmd) def test_rule_bad_syntax(self): '''Test rule syntax - bad''' cmds = [ (['rule', 'insert', '1', 'allow'], ValueError), (['rule', 'insert', 'a', 'allow', '22'], ufw.common.UFWError), (['rule', 'insert', '0', 'allow', '22'], ufw.common.UFWError), (['rule', 'prepend', 'allow'], ValueError), (['rule', 'allow'], ValueError), (['rule'], ValueError), (['rule', 'allow', '22', 'in', 'on', 'eth0'], ufw.common.UFWError), (['rule', 'allow', 'in', 'in', 'eth0', '22'], ufw.common.UFWError), (['rule', 'allow', 'in', 'on', 'eth0', '22', 'log'], ufw.common.UFWError), (['rule', 'allow', 'in', 'on', 'eth0', '22', 'log-all'], ufw.common.UFWError), (['rule', 'allow', 'in', 'on', 'eth0', 'log', 'to', 'any', \ 'port', '22', 'from', 'any', 'port', '123', 'proto', 'udp', \ 'extra'], ValueError), (['rule', 'allow', '22/udp/p'], ufw.common.UFWError), (['rule', 'allow', '22:2e'], ufw.common.UFWError), (['rule', 'allow', '22/ipv6'], ufw.common.UFWError), (['rule', 'reject', 'in', 'on', 'eth0', 'port', '22'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', '22'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'to', '22'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'proto', 'nope'], ufw.common.UFWError), (['rule', 'allow', 'in', 'on', '!eth0', 'to', 'any'], ufw.common.UFWError), (['rule', 'allow', 'out', 'on', 'eth0:0', 'to', 'any'], ufw.common.UFWError), (['rule', 'allow', 'in', 'on', '$eth', 'to', 'any'], ufw.common.UFWError), (['rule', 'allow', 'in', 'eth0', 'to', 'any'], ufw.common.UFWError), (['rule', 'allow', 'from', 'bad_address'], ufw.common.UFWError), (['rule', 'allow', 'to', 'bad_address'], ufw.common.UFWError), (['rule', 'badcmd', 'to', 'any'], ValueError), (['rule', 'allow', 'port', '22'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'port', '22_23'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'port', '22:_23'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'port', '65536'], ufw.common.UFWError), (['rule', 'allow', 'to', '::1', 'from', '127.0.0.1'], ufw.common.UFWError), (['rule', 'allow', 'to', 'any', 'port', 'nonexistent'], ufw.common.UFWError), (['rule', 'allow', 'from', 'any', 'port', 'nonexistent', 'proto', 'any'], ufw.common.UFWError), (['rule', 'allow', 'from', 'any', 'port', 'tftp', 'to', 'any', 'port', 'smtp'], ufw.common.UFWError), (['rule', 'deny', 'from', 'any', 'port', 'smtp', 'to', 'any', 'port', 'tftp', 'proto', 'any'], ufw.common.UFWError), (['rule', 'allow', 'nope', 'any', 'to', 'any'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', 'tftp', 'proto', 'tcp'], ufw.common.UFWError), (['rule', 'deny', 'to', '::1', 'proto', 'ipv6'], ufw.common.UFWError), (['rule', 'deny', 'to', '::1', 'proto', 'igmp'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'ipv6'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'igmp'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'esp'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'ah'], ufw.common.UFWError), (['rule', 'deny', 'to', 'any', 'port', '22', 'proto', 'gre'], ufw.common.UFWError), (['rule', 'allow', 'to', '192.168.0.0/16', 'app', 'Samba', 'from', '192.168.0.0/16', 'port', 'tcpmux'], ufw.common.UFWError), (['route', 'badcmd', 'to', 'any'], ValueError), (['route', 'allow', 'in', '22'], ufw.common.UFWError), (['route', 'deny', 'out', '22'], ufw.common.UFWError), (['route', 'allow', 'to', '192.168.0.0/16', 'app', 'Samba', 'from', '192.168.0.0/16', 'port', 'tcpmux'], ufw.common.UFWError), (['rule', 'allow', '22', 'comment', "foo'bar"], ValueError), (['rule', 'allow', '22', 'comment'], ufw.common.UFWError), (['route', 'delete', '1'], ufw.common.UFWError), ] for cmd, exception in cmds: #print(" ".join(cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the cmd, not a reference tests.unit.support.check_for_exception(self, exception, self.parser.parse_command, cmd + []) def test_extended_parse(self): '''Test extended rule syntax''' count = 0 cmds = tests.unit.support.get_sample_rule_commands_extended() cmds6 = tests.unit.support.get_sample_rule_commands_extended(v6=True) for cmd in cmds + cmds6: count += 1 #print(" ".join(cmd)) # Note, parser.parse_command() modifies its arg, so pass a copy of # the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a helper action = cmd[1] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) print("%d rules checked" % count) def test_simple_bad_numeric_port(self): '''Test simple bad numeric port''' for port in ['-1', '1000000']: c = ['rule', 'allow', port] tests.unit.support.check_for_exception(self, ufw.common.UFWError, \ self.parser.parse_command, c) def test_bad_simple_action(self): '''Test bad simple action''' for action in ['allw', 'eny', 'nonexistent']: c = ['rule', action, '22'] tests.unit.support.check_for_exception(self, ValueError, \ self.parser.parse_command, c) def test_delete_bad_simple_action(self): '''Test delete bad simple action''' for action in ['allw', 'eny', 'nonexistent']: c = ['rule', 'delete', action, '22'] tests.unit.support.check_for_exception(self, ValueError, \ self.parser.parse_command, c) def test_bad_simple_action_with_direction(self): '''Test bad simple action with direction''' for dir in ['ina', 'ou']: c = ['rule', 'allow', dir, '22'] #self.parser.parse_command(c) tests.unit.support.check_for_exception(self, ufw.common.UFWError, \ self.parser.parse_command, c) c = ['rule', 'allow', 5, '22'] tests.unit.support.check_for_exception(self, AttributeError, \ self.parser.parse_command, c) def test_route_delete_num(self): '''Test route delete NUM''' c = ['route', 'delete', '1'] tests.unit.support.check_for_exception(self, ufw.common.UFWError, \ self.parser.parse_command, c) def test_app_parse(self): '''Test UFWCommandApp.parse()''' cmds = [ (['app', 'list'], None), (['app', 'info', 'WWW'], None), (['app', 'info', 'WWW Full'], None), (['app', 'info', 'Samba'], None), (['app', 'info', 'DNS'], None), (['app', 'update', 'WWW'], None), (['app', 'update', '--add-new', 'WWW'], None), (['app', 'default', 'allow'], None), (['app', 'default', 'deny'], None), (['app', 'default', 'reject'], None), (['app', 'default', 'skip'], None), (['notapp'], ValueError), (['app', 'default'], ValueError), (['app', 'list', 'extra args'], ValueError), (['app', 'info'], ValueError), (['app', 'default'], ValueError), (['app', 'default', 'nonexistent'], ValueError), ] for cmd, exception in cmds: #print(" ".join(cmd)) if exception is not None: c = ufw.parser.UFWCommandApp(" ".join(cmd)) tests.unit.support.check_for_exception(self, exception, c.parse, cmd + []) else: # Note, parser.parse_command() modifies its arg, so pass a copy # of the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a # helper action = cmd[1] if action == 'update' and cmd[2] == '--add-new': action = 'update-with-new' elif action == 'default': action = "default-%s" % cmd[2] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) def test_default_parse(self): '''Test UFWCommandDefault.parse()''' cmds = [ (['default', 'reject'], None), (['default', 'deny', 'incoming'], None), (['default', 'allow', 'outgoing'], None), (['default', 'deny', 'routed'], None), (['default'], ValueError), (['default', 'nonexistent'], ValueError), (['default', 'nonexistent', 'allow'], ValueError), (['default', 'incoming', 'allow'], ValueError), (['default', 'routed', 'deny'], ValueError), ] for cmd, exception in cmds: #print(" ".join(cmd)) if exception is not None: c = ufw.parser.UFWCommandDefault(" ".join(cmd)) tests.unit.support.check_for_exception(self, exception, c.parse, cmd + []) else: # Note, parser.parse_command() modifies its arg, so pass a copy # of the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a # helper action = cmd[1] pol = "incoming" if len(cmd) >= 3: pol = cmd[2] action = "default-%s-%s" % (cmd[1], pol) self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) def test_logging_parse(self): '''Test UFWCommandLogging.parse()''' cmds = [ (['logging', 'on'], None), (['logging', 'off'], None), (['logging', 'low'], None), (['logging', 'medium'], None), (['logging', 'high'], None), (['logging', 'full'], None), (['logging'], ValueError), (['logging', 'nonexistent'], ValueError), ] for cmd, exception in cmds: #print(" ".join(cmd)) if exception is not None: c = ufw.parser.UFWCommandLogging(" ".join(cmd)) tests.unit.support.check_for_exception(self, exception, c.parse, cmd + []) else: # Note, parser.parse_command() modifies its arg, so pass a copy # of the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a # helper action = "logging-%s" % (cmd[1]) if cmd[1] != "on" and cmd[1] != "off": action = "logging-on_%s" % (cmd[1]) self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) def test_status_parse(self): '''Test UFWCommandStatus.parse()''' cmds = [ (['status'], None), (['status', 'verbose'], None), (['status', 'numbered'], None), (['status', 'bad'], ValueError), ] for cmd, exception in cmds: #print(" ".join(cmd)) if exception is not None: c = ufw.parser.UFWCommandStatus(" ".join(cmd)) tests.unit.support.check_for_exception(self, exception, c.parse, cmd + []) else: # Note, parser.parse_command() modifies its arg, so pass a copy # of the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a # helper action = cmd[0] if len(cmd) > 1: action = "%s-%s" % (cmd[0], cmd[1]) self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) def test_show_parse(self): '''Test UFWCommandShow.parse()''' cmds = [ (['show', 'raw'], None, "show-raw"), (['show', 'before-rules'], None, "show-before"), (['show', 'after-rules'], None, "show-after"), (['show', 'user-rules'], None, "show-user"), (['show', 'logging-rules'], None, "show-logging"), (['show', 'builtins'], None, "show-builtins"), (['show', 'listening'], None, "show-listening"), (['show', 'added'], None, "show-added"), (['show'], ValueError, None), (['show', 'bad'], ValueError, None), ] for cmd, exception, action in cmds: #print(" ".join(cmd)) if exception is not None: c = ufw.parser.UFWCommandShow(" ".join(cmd)) tests.unit.support.check_for_exception(self, exception, c.parse, cmd + []) else: # Note, parser.parse_command() modifies its arg, so pass a copy # of the cmd, not a reference pr = self.parser.parse_command(cmd + []) # TODO: more tests here by sending the cmd and the pr to a # helper self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) def test_main(): # used by runner.py tests.unit.support.run_unittest( ParserTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/test_util.py0000644000175000017500000012504113404772663015725 0ustar jamiejamie# -*- coding: utf-8 -*- # # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import unittest import tests.unit.support import ufw.util import os import re import socket try: # python 2 from StringIO import StringIO except ImportError: from io import StringIO import sys import tempfile class UtilTestCase(unittest.TestCase): def setUp(self): self.tmpdir = None def tearDown(self): if self.tmpdir and os.path.isdir(self.tmpdir): tests.unit.support.recursive_rm(self.tmpdir) def test_get_services_proto(self): '''Test get_services_proto()''' # 'any' # socket.getservbyname("echo") succeeds # socket.getservbyname("echo", "tcp") succeeds # socket.getservbyname("echo", "udp") succeeds res = ufw.util.get_services_proto("echo") self.assertTrue(res == "any", res) # 'tcp' # socket.getservbyname("tcpmux") succeeds # socket.getservbyname("tcpmux", "tcp") succeeds # socket.getservbyname("tcpmux", "udp") fails res = ufw.util.get_services_proto("tcpmux") self.assertTrue(res == "tcp", res) # 'udp' # socket.getservbyname("fsp") succeeds # socket.getservbyname("fsp", "tcp") fails # socket.getservbyname("fsp", "udp") succeeds res = ufw.util.get_services_proto("fsp") self.assertTrue(res == "udp", res) # not found # socket.getservbyname("ufw-nonexistent") fails # socket.getservbyname("ufw-nonexistent", "tcp") fails # socket.getservbyname("ufw-nonexistent", "udp") fails tests.unit.support.check_for_exception(self, socket.error, \ ufw.util.get_services_proto, \ "ufw-nonexistent") def test_parse_port_proto(self): '''Test parse_port_proto()''' (s, p) = ufw.util.parse_port_proto("7") self.assertTrue(s == "7", s) self.assertTrue(p == "any", p) (s, p) = ufw.util.parse_port_proto("7/tcp") self.assertTrue(s == "7", s) self.assertTrue(p == "tcp", p) (s, p) = ufw.util.parse_port_proto("7/udp") self.assertTrue(s == "7", s) self.assertTrue(p == "udp", p) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.parse_port_proto, '7/tcp/udp') def test_valid_address6(self): '''Test valid_address6()''' prev = socket.has_ipv6 socket.has_ipv6 = False self.assertFalse(ufw.util.valid_address6('::1')) print("(IPv6 support warning is intentional)") socket.has_ipv6 = prev if not socket.has_ipv6: return tests.unit.support.skipped(self, "ipv6 not enabled") bad = [ ':::1', 'fe80::-1', '000000000000000000000000000000000000000000000000001', '2001:db8:::/32', '2001:db8::/129', '2001:gb8::/32', '2001:db8:3:4:5:6:7:8:9', 'foo', 'xxx:xxx:xxx:xx:xxx:xxx:xxx:xxx', 'g001:db8:3:4:5:6:7:8', '2001:gb8:3:4:5:6:7:8', '2001:db8:g:4:5:6:7:8', '2001:db8:3:g:5:6:7:8', '2001:db8:3:4:g:6:7:8', '2001:db8:3:4:5:g:7:8', '2001:db8:3:4:5:6:g:8', '2001:db8:3:4:5:6:7:g', '2001:0db8:0000:0000:0000:0000:0000:0000/129', '2001:0db8:0000:0000:0000:0000:0000:00000/128', '2001:0db8:0000:0000:0000:0000:0000:00000/12a', '::1/128/128', ] for b in bad: self.assertFalse(ufw.util.valid_address6(b), b) good = [ '2001:db8::/32', '2001:db8:3:4:5:6:7:8', '2001:db8:85a3:8d3:1319:8a2e:370:734', '::1', '::1/0', '::1/32', '::1/128', ] for g in good: self.assertTrue(ufw.util.valid_address6(g), g) def test_valid_address4(self): '''Test valid_address4()''' bad = [ '192.168.0.-1', '192.168.0.1/32/32', '192.168.256.1', '192.s55.0.1', '.168.0.1', '2001:db8::/32', '2001:db8:3:4:5:6:7:8', '2001:db8:85a3:8d3:1319:8a2e:370:734', ] for b in bad: self.assertFalse(ufw.util.valid_address4(b), b) good = [ '192.168.0.0', '192.168.0.1', '192.168.0.254', '192.168.0.255', '192.168.0.128', '192.168.1.128', '192.168.254.128', '192.168.255.128', '192.0.128.128', '192.1.128.128', '192.254.128.128', '192.255.128.128', '0.128.128.128', '1.128.128.128', '254.128.128.128', '255.128.128.128', ] for g in good: self.assertTrue(ufw.util.valid_address4(g), g) def test_valid_netmask(self): '''Test valid_netmask()''' # v4 bad = [ 'a', '-1', '33', '255.255.255.255.0', '255.255.255.256', ] for b in bad: self.assertFalse(ufw.util.valid_netmask(b, v6=False), b) good = [ '0', '1', '16', '31', '32', '255.255.255.0', '255.255.128.0', '255.64.255.0', '32.255.255.0', ] for g in good: self.assertTrue(ufw.util.valid_netmask(g, v6=False), g) # v6 bad = [ '129', '12a', 'a', '-1', ] for b in bad: self.assertFalse(ufw.util.valid_netmask(b, v6=True), b) good = [ '0', '1', '31', '32', '33', '127', '128', ] for g in good: self.assertTrue(ufw.util.valid_netmask(g, v6=True), g) def test_valid_address(self): '''Test valid_address()''' # BAD ADDRESSES for v in ['4', 'any']: for b in ['16a', '33', '-1']: self.assertFalse(ufw.util.valid_address( "192.168.0.1/%s" % b, v)) for b in ['256', 's55', '-1']: self.assertFalse(ufw.util.valid_address( "192.168.0.%s" % b, v)) self.assertFalse(ufw.util.valid_address( "192.168.%s.1" % b, v)) self.assertFalse(ufw.util.valid_address( "192.%s.0.1" % b, v)) self.assertFalse(ufw.util.valid_address( "%s.168.0.1" % b, v)) self.assertFalse(ufw.util.valid_address( "%s.%s.%s.%s" % (b, b, b, b), v)) self.assertFalse(ufw.util.valid_address( "192.168.0.1/255.255.255.%s" % b, v)) self.assertFalse(ufw.util.valid_address( "192.168.0.1/255.255.%s.255" % b, v)) self.assertFalse(ufw.util.valid_address( "192.168.0.1/255.%s.255.255" % b, v)) self.assertFalse(ufw.util.valid_address( "192.168.0.1/%s.255.255.255" % b, v)) self.assertFalse(ufw.util.valid_address( "192.168.0.1/%s.%s.%s.%s" % (b, b, b, b), v)) self.assertFalse(ufw.util.valid_address( "%s.168.0.1/255.255.255.%s" % (b, b), v)) self.assertFalse(ufw.util.valid_address( "192.%s.0.1/255.255.%s.255" % (b, b), v)) self.assertFalse(ufw.util.valid_address( "192.168.%s.1/255.%s.255.255" % (b, b), v)) self.assertFalse(ufw.util.valid_address( "192.168.0.%s/%s.255.255.255" % (b, b), v)) self.assertFalse(ufw.util.valid_address( "%s.%s.%s.%s/%s.%s.%s.%s" % (b, b, b, b, b, b, b, b), v)) for b in ['129', 's55', '-1']: self.assertFalse(ufw.util.valid_address("::1/%s" % b, "6")) for b in [':::1', 'fe80::-1', '.168.0.1']: self.assertFalse(ufw.util.valid_address(b, "any"), b) self.assertFalse(ufw.util.valid_address(b, "4"), b) self.assertFalse(ufw.util.valid_address(b, "6"), b) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.valid_address, '::1', "7") # VALID ADDRESSES for v in ['4', 'any']: self.assertTrue(ufw.util.valid_address("0.0.0.0", v)) self.assertTrue(ufw.util.valid_address("0.0.0.0/0", v)) self.assertTrue(ufw.util.valid_address("0.0.0.0/0.0.0.0", v)) self.assertTrue(ufw.util.valid_address("10.0.0.1", v)) self.assertTrue(ufw.util.valid_address("10.0.0.1/32", v)) self.assertTrue(ufw.util.valid_address("10.0.0.1/255.255.255.255", v)) for i in range(0, 33): self.assertTrue(ufw.util.valid_address( "192.168.0.1/%s" % i, v)) for i in range(0, 256): self.assertTrue(ufw.util.valid_address( "192.168.0.1/255.255.255.%s" % i, v)) self.assertTrue(ufw.util.valid_address( "192.168.0.1/255.255.%s.255" % i, v)) self.assertTrue(ufw.util.valid_address( "192.168.0.1/255.%s.255.255" % i, v)) self.assertTrue(ufw.util.valid_address( "192.168.0.1/%s.255.255.255" % i, v)) self.assertTrue(ufw.util.valid_address( "192.168.0.1/%s.%s.%s.%s" % (i, i, i, i), v)) for i in range(0, 129): self.assertTrue(ufw.util.valid_address("::1/%s" % i, "6")) good = [ '192.168.128.128/255.255.255.129', '192.168.0.1', '192.168.0.254', '192.168.0.255', '2001:db8::/32', '2001:db8:3:4:5:6:7:8', '2001:db8:85a3:8d3:1319:8a2e:370:734', '::1', ] for g in good: self.assertTrue(ufw.util.valid_address(g, "any"), g) if ':' in g: self.assertTrue(ufw.util.valid_address(g, "6"), g) else: self.assertTrue(ufw.util.valid_address(g, "4"), g) def _run_normalize_address(self, data): '''Run ufw.util.normalize_address() on data. Data should be in form of: data = [(v6, ip, expected_ip), (v6, ip2, expected_ip2)] ''' error_str = "" for (v6, ip, expected) in data: res = ufw.util.normalize_address(ip, v6)[0] if expected != res: error_str += "'%s' != '%s' (v6=%s)\n" % (res, expected, v6) return error_str def test_normalize_address_host_netmask(self): '''Test normalize_address() with host_netmask''' data = [ (False, '192.168.0.1', '192.168.0.1'), (False, '192.168.0.1/32', '192.168.0.1'), (False, '192.168.0.1/255.255.255.255', '192.168.0.1'), (True, '::1', '::1'), (True, '::1/128', '::1'), ] error_str = self._run_normalize_address(data) self.assertEquals(error_str, "", error_str) def test_normalize_address_netmask_to_cidr(self): '''Test normalize_address() with netmask_to_cidr''' data = [ (False, '192.168.0.1/255.255.255.255', '192.168.0.1'), (False, '192.168.0.0/255.255.255.254', '192.168.0.0/31'), (False, '192.168.0.0/255.255.255.252', '192.168.0.0/30'), (False, '192.168.0.0/255.255.255.248', '192.168.0.0/29'), (False, '192.168.0.0/255.255.255.240', '192.168.0.0/28'), (False, '192.168.0.0/255.255.255.224', '192.168.0.0/27'), (False, '192.168.0.0/255.255.255.192', '192.168.0.0/26'), (False, '192.168.0.0/255.255.255.128', '192.168.0.0/25'), (False, '192.168.0.0/255.255.255.0', '192.168.0.0/24'), (False, '192.168.0.0/255.255.254.0', '192.168.0.0/23'), (False, '192.168.0.0/255.255.252.0', '192.168.0.0/22'), (False, '192.168.0.0/255.255.248.0', '192.168.0.0/21'), (False, '192.168.0.0/255.255.240.0', '192.168.0.0/20'), (False, '192.168.0.0/255.255.224.0', '192.168.0.0/19'), (False, '192.168.0.0/255.255.192.0', '192.168.0.0/18'), (False, '192.168.0.0/255.255.128.0', '192.168.0.0/17'), (False, '192.168.0.0/255.255.0.0', '192.168.0.0/16'), (False, '192.168.0.0/255.254.0.0', '192.168.0.0/15'), (False, '192.168.0.0/255.252.0.0', '192.168.0.0/14'), (False, '192.168.0.0/255.248.0.0', '192.168.0.0/13'), (False, '192.168.0.0/255.240.0.0', '192.160.0.0/12'), (False, '192.168.0.0/255.224.0.0', '192.160.0.0/11'), (False, '192.168.0.0/255.192.0.0', '192.128.0.0/10'), (False, '192.168.0.0/255.128.0.0', '192.128.0.0/9'), (False, '192.168.0.0/255.0.0.0', '192.0.0.0/8'), (False, '192.168.0.0/254.0.0.0', '192.0.0.0/7'), (False, '192.168.0.0/252.0.0.0', '192.0.0.0/6'), (False, '192.168.0.0/248.0.0.0', '192.0.0.0/5'), (False, '192.168.0.0/240.0.0.0', '192.0.0.0/4'), (False, '192.168.0.0/224.0.0.0', '192.0.0.0/3'), (False, '192.168.0.0/192.0.0.0', '192.0.0.0/2'), (False, '192.168.0.0/128.0.0.0', '128.0.0.0/1'), ] error_str = self._run_normalize_address(data) self.assertEquals(error_str, "", error_str) def test_normalize_address_ipv6_cidr(self): '''Test normalize_address() with ipv6_cidr''' data = [] for cidr in range(0, 128): data.append((True, '::1/%d' % cidr, '::1/%d' % cidr)) error_str = self._run_normalize_address(data) self.assertEquals(error_str, "", error_str) def test_normalize_address_valid_netmask_to_non_cidr(self): '''Test normalize_address() with valid_netmask_to_non_cidr''' data = [] cidrs = [252, 248, 240, 224, 192, 128] for i in range(1, 254): if i in cidrs: continue data.append((False, '192.168.0.0/255.255.255.%d' % i, '192.168.0.0/255.255.255.%d' % i)) if i < 8: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.0.0.0/255.%d.0.0' % i)) elif i < 16: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.8.0.0/255.%d.0.0' % i)) elif i < 24: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.0.0.0/255.%d.0.0' % i)) elif i < 32: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.8.0.0/255.%d.0.0' % i)) elif i < 40: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.32.0.0/255.%d.0.0' % i)) elif i < 48: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.40.0.0/255.%d.0.0' % i)) elif i < 56: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.32.0.0/255.%d.0.0' % i)) elif i < 64: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.40.0.0/255.%d.0.0' % i)) elif i < 72: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.0.0.0/255.%d.0.0' % i)) elif i < 80: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.8.0.0/255.%d.0.0' % i)) elif i < 88: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.0.0.0/255.%d.0.0' % i)) elif i < 96: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.8.0.0/255.%d.0.0' % i)) elif i < 104: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.32.0.0/255.%d.0.0' % i)) elif i < 112: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.40.0.0/255.%d.0.0' % i)) elif i < 120: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.32.0.0/255.%d.0.0' % i)) elif i < 128: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.40.0.0/255.%d.0.0' % i)) elif i < 136: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.128.0.0/255.%d.0.0' % i)) elif i < 144: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.136.0.0/255.%d.0.0' % i)) elif i < 152: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.128.0.0/255.%d.0.0' % i)) elif i < 160: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.136.0.0/255.%d.0.0' % i)) elif i < 168: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.160.0.0/255.%d.0.0' % i)) elif i < 176: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.168.0.0/255.%d.0.0' % i)) elif i < 184: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.160.0.0/255.%d.0.0' % i)) elif i < 192: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.168.0.0/255.%d.0.0' % i)) elif i < 200: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.128.0.0/255.%d.0.0' % i)) elif i < 208: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.136.0.0/255.%d.0.0' % i)) elif i < 216: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.128.0.0/255.%d.0.0' % i)) elif i < 224: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.136.0.0/255.%d.0.0' % i)) elif i < 232: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.160.0.0/255.%d.0.0' % i)) elif i < 240: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.168.0.0/255.%d.0.0' % i)) elif i < 248: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.160.0.0/255.%d.0.0' % i)) elif i < 256: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.168.0.0/255.%d.0.0' % i)) else: data.append((False, '192.168.0.0/255.%d.0.0' % i, '192.168.0.0/255.%d.0.0' % i)) if i < 64: data.append((False, '192.168.0.0/%d.0.0.0' % i, '0.0.0.0/%d.0.0.0' % i)) elif i < 128: data.append((False, '192.168.0.0/%d.0.0.0' % i, '64.0.0.0/%d.0.0.0' % i)) elif i < 192: data.append((False, '192.168.0.0/%d.0.0.0' % i, '128.0.0.0/%d.0.0.0' % i)) else: data.append((False, '192.168.0.0/%d.0.0.0' % i, '192.0.0.0/%d.0.0.0' % i)) error_str = self._run_normalize_address(data) self.assertEquals(error_str, "", error_str) def test_normalize_address_ipv6_short_notation(self): '''Test normalize_address() with ipv6_short_notation''' data = [ (True, 'fe80:0000:0000:0000:0211:aaaa:bbbb:d54c', 'fe80::211:aaaa:bbbb:d54c'), (True, '2001:0db8:85a3:08d3:1319:8a2e:0370:734', '2001:db8:85a3:8d3:1319:8a2e:370:734'), ] error_str = self._run_normalize_address(data) self.assertEquals(error_str, "", error_str) def test_normalize_address_invalid_netmask(self): '''Test normalize_address() with invalid_netmask''' data = [ (True, '::1/-1', ValueError), (True, '::1/129', ValueError), (True, '::1/3e', ValueError), (False, '192.168.0.1/-1', socket.error), (False, '192.168.0.1/33', ValueError), (False, '192.168.0.1/e1', socket.error), ] for (v6, ip, expected) in data: tests.unit.support.check_for_exception(self, expected, \ ufw.util.normalize_address, ip, v6) def test_open_file_read(self): '''Test open_file_read()''' self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() tests.unit.support.check_for_exception(self, IOError, \ ufw.util.open_file_read, tmp + 'nonexistent') f = ufw.util.open_file_read(tmp) f.close() def test_open_files(self): '''Test open_files()''' self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() tests.unit.support.check_for_exception(self, IOError, \ ufw.util.open_files, tmp + 'nonexistent') fns = ufw.util.open_files(tmp) fns['orig'].close() os.close(fns['tmp']) os.unlink(fns['tmpname']) def test_write_to_file(self): '''Test write_to_file()''' tests.unit.support.check_for_exception(self, OSError, \ ufw.util.write_to_file, None, 'foo') self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() fns = ufw.util.open_files(tmp) ufw.util.write_to_file(fns['tmp'], "") ufw.util.write_to_file(fns['tmp'], "test") fns['orig'].close() os.close(fns['tmp']) os.unlink(fns['tmpname']) search = "test string" ufw.util.msg_output = StringIO() ufw.util.write_to_file(sys.stdout.fileno(), search) out = ufw.util.msg_output.getvalue() if sys.version_info[0] >= 3: search = bytes(search, 'ascii') out = bytes(out, 'ascii') self.assertEquals(out, search) ufw.util.msg_output.close() ufw.util.msg_output = None def test_close_files(self): '''Test close_files()''' self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() fns = ufw.util.open_files(tmp) ufw.util.close_files(fns) self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() fns = ufw.util.open_files(tmp) ufw.util.close_files(fns, update=False) self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() fns = ufw.util.open_files(tmp) os.unlink(fns['origname']) tests.unit.support.check_for_exception(self, OSError, ufw.util.close_files, fns, True) self.tmpdir = tempfile.mkdtemp() tmp = os.path.join(self.tmpdir, "foo") f = open(tmp, 'w') f.close() fns = ufw.util.open_files(tmp) os.unlink(fns['tmpname']) tests.unit.support.check_for_exception(self, OSError, ufw.util.close_files, fns, False) def test_cmd(self): '''Test cmd()''' (rc, report) = ufw.util.cmd(['ls', '/']) self.assertEquals(rc, 0, "Unexpected return code: %d" % rc) self.assertTrue('etc' in report, "Could not find 'etc'in:\n%s" % \ report) (rc, report) = ufw.util.cmd(['./nonexistent-command']) self.assertEquals(rc, 127, "Unexpected return code: %d" % rc) def test_cmd_pipe(self): '''Test cmd_pipe()''' (rc, report) = ufw.util.cmd_pipe(['ls', '/'], ['grep', '-q', 'etc']) self.assertEquals(rc, 0, "Unexpected return code: %d" % rc) (rc, report) = ufw.util.cmd_pipe(['./nonexistent-command'], ['grep', '-q', 'etc']) self.assertEquals(rc, 127, "Unexpected return code: %d" % rc) def test_error(self): '''Test error()''' ufw.util.error("test error()", do_exit=False) print("('ERROR: test error()' output is intentional)") def test_warn(self): '''Test warn()''' ufw.util.warn("test warn()") print("('WARN: test warn()' output is intentional)") def test_msg(self): '''Test msg()''' ufw.util.msg("test msg()") print("('test msg()' output is intentional)") ufw.util.msg("test msg()", newline=False) print("\n('test msg()' output is intentional)") search = "test string" ufw.util.msg_output = StringIO() ufw.util.msg(search, newline=False) out = ufw.util.msg_output.getvalue() if sys.version_info[0] >= 3: search = bytes(search, 'ascii') out = bytes(out, 'ascii') self.assertEquals(out, search) ufw.util.msg_output.close() ufw.util.msg_output = None def test_debug(self): '''Test debug()''' prev = ufw.util.DEBUGGING ufw.util.DEBUGGING = True ufw.util.debug("test debug()") print("('DEBUG: test debug()' output is intentional)") ufw.util.DEBUGGING = prev def test_word_wrap(self): '''Test word_wrap()''' s = ufw.util.word_wrap("foo\nbar baz", 3) expected = "foo\nbar\nbaz" self.assertEquals(s, expected, "'%s' != '%s'" % (s, expected)) def test_wrap_text(self): '''Test wrap_text()''' t = ''' AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA ''' expected = ''' AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAA ''' s = ufw.util.wrap_text(t) self.assertEquals(s, expected, "'%s' != '%s'" % (s, expected)) def test_human_sort(self): '''Test human_sort()''' s = '80,a222,a32,a2,b1,443,telnet,3,ZZZ,http' expected = '3,80,443,a2,a32,a222,b1,http,telnet,ZZZ' tmp = s.split(',') ufw.util.human_sort(tmp) res = ",".join(tmp) self.assertEquals(str(res), expected) def test_get_ppid(self): '''Test get_ppid()''' ufw.util.get_ppid() ppid = ufw.util.get_ppid(1) self.assertEquals(ppid, 0, "%d' != '0'" % ppid) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.get_ppid, 'a') tests.unit.support.check_for_exception(self, IOError, \ ufw.util.get_ppid, 0) def test_under_ssh(self): '''Test under_ssh()''' # this test could be running under ssh, so can't do anything more ufw.util.under_ssh() self.assertFalse(ufw.util.under_ssh(1)) self.assertFalse(ufw.util.under_ssh(0)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.under_ssh, 'a') def test__valid_cidr_netmask(self): '''Test _valid_cidr_netmask()''' self.assertFalse(ufw.util._valid_cidr_netmask('a', False)) self.assertFalse(ufw.util._valid_cidr_netmask('a', True)) self.assertFalse(ufw.util._valid_cidr_netmask('-1', False)) self.assertFalse(ufw.util._valid_cidr_netmask('-1', True)) self.assertFalse(ufw.util._valid_cidr_netmask('33', False)) self.assertFalse(ufw.util._valid_cidr_netmask('129', True)) self.assertTrue(ufw.util._valid_cidr_netmask('0', False)) self.assertTrue(ufw.util._valid_cidr_netmask('15', False)) self.assertTrue(ufw.util._valid_cidr_netmask('16', False)) self.assertTrue(ufw.util._valid_cidr_netmask('17', False)) self.assertTrue(ufw.util._valid_cidr_netmask('32', False)) self.assertTrue(ufw.util._valid_cidr_netmask('0', True)) self.assertTrue(ufw.util._valid_cidr_netmask('31', True)) self.assertTrue(ufw.util._valid_cidr_netmask('32', True)) self.assertTrue(ufw.util._valid_cidr_netmask('33', True)) self.assertTrue(ufw.util._valid_cidr_netmask('63', True)) self.assertTrue(ufw.util._valid_cidr_netmask('64', True)) self.assertTrue(ufw.util._valid_cidr_netmask('65', True)) self.assertTrue(ufw.util._valid_cidr_netmask('128', True)) def test__valid_dotted_quads(self): '''Test _valid_dotted_quads()''' # Fill in gaps that can't be tested via other tests self.assertFalse(ufw.util._valid_dotted_quads('255.255.255.255', True)) self.assertFalse(ufw.util._valid_dotted_quads('a.255.255.255', False)) self.assertFalse(ufw.util._valid_dotted_quads('255.255.255', False)) self.assertFalse(ufw.util._valid_dotted_quads('255.255.255', False)) self.assertFalse(ufw.util._valid_dotted_quads('255.255.255.256', False)) self.assertTrue(ufw.util._valid_dotted_quads('255.255.255.255', False)) def test__dotted_netmask_to_cidr(self): '''Test _dotted_netmask_to_cidr()''' # Fill in gaps that can't be tested via other tests tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._dotted_netmask_to_cidr, '255.255.255.255', True) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._dotted_netmask_to_cidr, '255.255.255.256', False) def test__cidr_to_dotted_netmask(self): '''Test _cidr_to_dotted_netmask()''' tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._cidr_to_dotted_netmask, '32', True) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._cidr_to_dotted_netmask, '33', False) def test_cidr_to_dotted_to_cidr(self): '''Test _cidr_to_dotted_netmask() and _dotted_netmask_to_cidr()''' for m in range(0, 33): cidr = str(m) dotted = ufw.util._cidr_to_dotted_netmask(cidr, False) reverse = ufw.util._dotted_netmask_to_cidr(dotted, False) self.assertEquals(cidr, reverse, "cidr=%s, dotted=%s, reverse=%s" % (cidr, dotted, reverse)) def test__address4_to_network(self): '''Test _address4_to_network()''' n = ufw.util._address4_to_network("192.168.1.1/16") self.assertEquals(n, "192.168.0.0/16") n = "192.168.1.1" self.assertEquals(n, ufw.util._address4_to_network(n)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._address4_to_network, '192.168.1.1/16/16') def test__address6_to_network(self): '''Test _address6_to_network()''' n = ufw.util._address6_to_network("ff81::1/15") self.assertEquals(n, "ff80::/15") n = "ff80::1" self.assertEquals(n, ufw.util._address6_to_network(n)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util._address6_to_network, 'ff80::1/16/16') def test_in_network(self): '''Test in_network()''' for i in range(0, 33): self.assertTrue(ufw.util.in_network("10.2.0.1", "10.2.0.1/%d" % i, False)) self.assertFalse(ufw.util.in_network("10.2.0.1", "10.2.0.0/32", False)) self.assertTrue(ufw.util.in_network("11.0.0.1", "10.2.0.1/7", False)) self.assertFalse(ufw.util.in_network("11.0.0.1", "10.2.0.1/8", False)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.in_network, "10.2.0.1", "10.2.0.1/33", False) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.in_network, "10.2.0.1234", "10.2.0.1/24", False) self.assertTrue(ufw.util.in_network("10.2.0.1", "0.0.0.0/0", False)) self.assertTrue(ufw.util.in_network("10.2.0.1/26", "10.2.0.1/24", False)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.in_network, "10.2.0.1/16/16", "10.2.0.1/24", False) self.assertTrue(ufw.util.in_network("0.0.0.0", "10.2.0.1/24", False)) for i in range(0, 129): self.assertTrue(ufw.util.in_network("ff80::1", "ff80::1/%d" % i, True)) self.assertFalse(ufw.util.in_network("ff80::1", "ff80::0/128", True)) self.assertTrue(ufw.util.in_network("ff81::1", "ff80::1/15", True)) self.assertFalse(ufw.util.in_network("ff81::1", "ff80::1/16", True)) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.in_network, "ff80::1", "ff80::1/129", True) tests.unit.support.check_for_exception(self, ValueError, \ ufw.util.in_network, "gf80::1", "ff80::1/64", True) self.assertTrue(ufw.util.in_network("ff80::1", "::/0", True)) self.assertTrue(ufw.util.in_network("::/0", "ff80::1/64", True)) def test_get_iptables_version(self): '''Test get_iptables_version()''' tests.unit.support.check_for_exception(self, OSError, \ ufw.util.get_iptables_version, \ 'iptables-nonexistent') v = ufw.util.get_iptables_version() self.assertTrue(re.match(r'^[0-9]', v)) def test_get_netfilter_capabilities(self): '''Test get_netfilter_capabilities()''' # Verify we are root check tests.unit.support.check_for_exception(self, OSError, \ ufw.util.get_netfilter_capabilities) # use fake iptables to verify other bits of the code exe = os.path.join(ufw.common.iptables_dir, "iptables") ufw.util.get_netfilter_capabilities(exe=exe, do_checks=False) exe = os.path.join(ufw.common.iptables_dir, "ip6tables") ufw.util.get_netfilter_capabilities(exe=exe, do_checks=False) def test_parse_netstat_output(self): '''Test parse_netstat_output()''' min_out = 1 if not tests.unit.support.has_proc_net_output(): min_out = 0 s = ufw.util.parse_netstat_output(False) self.assertTrue(len(s) >= min_out) s = ufw.util.parse_netstat_output(True) self.assertTrue(len(s) >= min_out) def test_get_ip_from_if(self): '''Test get_ip_from_if()''' if sys.version_info[0] >= 3: return tests.unit.support.skipped(self, "TODO: python3") ip = ufw.util.get_ip_from_if("lo", False) self.assertTrue(ip.startswith("127")) tests.unit.support.check_for_exception(self, IOError, \ ufw.util.get_ip_from_if, "nonexistent", False) # just run through the code, we may not have an IPv6 address try: ufw.util.get_ip_from_if("lo", True) except IOError: pass def test_get_if_from_ip(self): '''Test get_if_from_ip()''' if sys.version_info[0] >= 3: return tests.unit.support.skipped(self, "TODO: python3") iface = ufw.util.get_if_from_ip("127.0.0.1") self.assertTrue(iface.startswith("lo")) self.assertFalse(ufw.util.get_if_from_ip("127.255.255.255")) tests.unit.support.check_for_exception(self, IOError, \ ufw.util.get_if_from_ip, "nonexistent") # just run through the code, we may not have an IPv6 address try: ufw.util.get_if_from_ip("::1") except IOError: pass def test__get_proc_inodes(self): '''Test _get_proc_inodes()''' inodes = ufw.util._get_proc_inodes() self.assertTrue(len(inodes) > 0) def test__read_proc_net_protocol(self): '''Test _read_proc_net_protocol()''' res = ufw.util._read_proc_net_protocol("tcp") # self.assertTrue(len(res) > 0) if len(res) <= 0: print("(TODO: fake-netstat) could not find tcp entries") res = ufw.util._read_proc_net_protocol("udp") # self.assertTrue(len(res) > 0) if len(res) <= 0: print("(TODO: fake-netstat) could not find udp entries") # covered by other tests #def test_convert_proc_address(self): # '''Test convert_proc_address()''' def test_get_netstat_output(self): '''Test get_netstat_output()''' s = ufw.util.get_netstat_output(True) # self.assertTrue("tcp" in s) # self.assertTrue("udp" in s) if "tcp" not in s: print("(TODO: fake-netstat) could not find tcp in:\n%s" % s) if "udp" not in s: print("(TODO: fake-netstat) could not find udp in:\n%s" % s) s = ufw.util.get_netstat_output(False) # self.assertTrue("tcp" in s) # self.assertTrue("udp" in s) if "tcp" not in s: print("(TODO: fake-netstat) could not find tcp in:\n%s" % s) if "udp" not in s: print("(TODO: fake-netstat) could not find udp in:\n%s" % s) def test_hex_encode(self): '''Test hex_encode() output''' s = 'foo👍bar字baz' expected = '666f6ff09f918d626172e5ad9762617a' result = ufw.util.hex_encode(s) self.assertEquals(expected, result) def test_hex_decode(self): '''Test hex_decode() output''' s = '666f6ff09f918d626172e5ad9762617a' expected = 'foo👍bar字baz' if sys.version_info[0] < 3: expected = u'foo👍bar字baz' result = ufw.util.hex_decode(s) self.assertEquals(expected, result) def test_create_lock(self): '''Test create_lock()''' lock = ufw.util.create_lock(dryrun=True) self.assertTrue(lock is None) ufw.util.release_lock(lock) self.tmpdir = tempfile.mkdtemp() fn = os.path.join(self.tmpdir, "lock") lock = ufw.util.create_lock(lockfile=fn, dryrun=False) self.assertTrue(lock is not None) ufw.util.release_lock(lock) def test_main(): # used by runner.py tests.unit.support.run_unittest( UtilTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/support.py0000644000175000017500000003623013404772663015426 0ustar jamiejamie# -*- coding: utf-8 -*- # # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # run_unittest() inspired by Lib/test/support.py from Python 3.1 # Copyright (c) 2001-2010 Python Software Foundation; All Rights Reserved import unittest import os import subprocess import sys _ = None topdir = "./tests/unit/tmp" class Error(Exception): '''Error''' class TestFailed(Error): '''Test failed''' def skipped(cls, s): '''Test skipped''' # TODO: fix newline # TODO: somehow flag and count this as skipped print("skipped: %s" % s) return False def recursive_rm(dirPath, contents_only=False): '''recursively remove directory''' names = os.listdir(dirPath) for name in names: path = os.path.join(dirPath, name) if os.path.islink(path) or not os.path.isdir(path): os.unlink(path) else: recursive_rm(path) if contents_only is False: os.rmdir(dirPath) def initvars(install_dir): import ufw.common global _ _ = init_gettext() global topdir d = os.path.join(os.path.dirname(os.path.realpath(topdir)), "fake-binaries") ufw.common.iptables_dir = d ufw.common.config_dir = os.path.join( os.path.realpath(topdir), "ufw/etc") ufw.common.state_dir = os.path.join( os.path.realpath(topdir), "ufw/lib/ufw") ufw.common.share_dir = os.path.join( os.path.realpath(topdir), "ufw/usr/share/ufw") ufw.common.trans_dir = ufw.common.share_dir ufw.common.prefix_dir = os.path.join(os.path.realpath(topdir), "ufw/usr") def run_setup(): global topdir install_dir = os.path.join(topdir, "ufw") if os.path.exists(topdir): recursive_rm(topdir) os.mkdir(topdir) sp = subprocess.Popen(['python', './setup.py', 'install', '--home=%s' % install_dir], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True) out, err = sp.communicate() if sp.returncode != 0: print("setup.py failed: %s" % err) sys.exit(1) return install_dir def run_unittest(*classes): '''Run tests from classes''' install_dir = run_setup() initvars(install_dir) # initialize ufw for testing suite = unittest.TestSuite() for cls in classes: suite.addTest(unittest.makeSuite(cls)) runner = unittest.TextTestRunner(sys.stdout, verbosity=2) result = runner.run(suite) if not result.wasSuccessful(): if len(result.errors) == 1 and not result.failures: err = result.errors[0][1] elif len(result.failures) == 1 and not result.errors: err = result.failures[0][1] else: err = "multiple errors occurred" raise TestFailed(err) if os.path.exists(topdir): recursive_rm(topdir) def init_gettext(): '''Convenience function to setup _''' # This is all stolen from src/ufw import gettext kwargs = {} if sys.version_info[0] < 3: # In Python 2, ensure that the _() that gets installed into built-ins # always returns unicodes. This matches the default behavior under # Python 3, although that keyword argument is not present in the Python # 3 API. kwargs['unicode'] = True gettext.install("ufw", **kwargs) # Internationalization gettext.bindtextdomain("ufw", \ os.path.join('./locales/mo')) gettext.textdomain("ufw") try: # BAW: I'm not sure why both this and the .install() above is here, but # let's roll with it for now. This is the Python 2 version, which # ensures we get unicodes. _ = gettext.ugettext except AttributeError: # Python 3 always returns unicodes. _ = gettext.gettext return _ def check_for_exception(t, expectedException, func, *args): try: func(*args) except expectedException: pass except Exception: t.fail("Unexpected exception thrown for '%s%s:\n%s" % (str(func), str(args), sys.exc_info()[0])) else: t.fail('%s not thrown' % str(expectedException)) def get_sample_rule_commands_simple(): '''Return a list of sample rule commands for simple rules. Format: [ [ 'rule', , args... ], [ 'rule', , args... ], ] ''' cmds = [] for action in ['allow', 'deny', 'reject', 'limit']: for dir in ['', 'in', 'out']: for log in ['', 'log', 'log-all']: for port in ['', '22', 'tcpmux', 'fsp', 'WWW', 'CIFS', \ 'WWW Full', 'DNS']: for proto in ['', 'tcp', 'udp']: for comment in ['', 'thumbs 👍']: c = [] if dir: c.append(dir) if not port: c.append('on') c.append('eth0') if log: c.append(log) if not port and 'on' in c: # eg, rule allow in on eth0 cmds.append(['rule', action] + c) continue try: int(port) if proto: # eg, rule action dir log 22/tcp c.append('%s/%s' % (port, proto)) else: # eg, rule action dir log 22 c.append(port) except ValueError: if proto or not port: continue else: # eg, rule action dir log DNS # eg, rule action dir log tcpmux c.append(port) if comment: c += ['comment', comment] cmds.append(['rule', action] + c) return cmds def get_sample_rule_commands_extended(v6=False): '''Return a list of sample rule commands for extended rules. Format: [ [ 'rule', , args... ], [ 'rule', , args... ], ] ''' dsts = ['', '1.2.3.4', '10.0.0.0/8', 'any', '1.2.3.4!22', \ '10.0.0.0/8!tcpmux', 'any!fsp', '1.2.3.4!WWW Full', \ '10.0.0.0/8!CIFS', 'any!DNS'] srcs = ['', '5.6.7.8', '172.16.0.0/12', 'any', '5.6.7.8!22', \ '172.16.0.0/12!tcpmux', 'any!fsp', '5.6.7.8!WWW Full', \ '172.16.0.0/12!CIFS', 'any!DNS'] if v6: dsts = ['', '2001:db8:85a3:8d3:1319:8a2e:370:7341', \ '1234:db8::/32', 'any', \ '2001:db8:85a3:8d3:1319:8a2e:370:7341!22', \ '1234:db8::/32!tcpmux', 'any!fsp', \ '2001:db8:85a3:8d3:1319:8a2e:370:7341!WWW Full', \ '1234:db8::/32!CIFS', 'any!DNS'] srcs = ['', '2001:db8:85a3:8d3:1319:8a2e:370:7342', \ '5678:fff::/64', 'any', \ '2001:db8:85a3:8d3:1319:8a2e:370:7342!22', \ '5678:fff::/64!tcpmux', 'any!fsp', \ '2001:db8:85a3:8d3:1319:8a2e:370:7342!WWW Full', \ '5678:fff::/64!CIFS', 'any!DNS'] cmds = [] for rule_type in ['rule', 'route']: for action in ['allow', 'deny', 'reject', 'limit']: for dir in ['', 'in', 'out', 'in on eth0', 'out on eth1', 'in on eth0 out on eth1']: for log in ['', 'log', 'log-all']: for to in dsts: for frm in srcs: for proto in ['', 'tcp', 'udp']: for comment in ['', 'thumbs 👍']: dst = '' dport = '' if to: if '!' in to: (dst, dport) = to.split('!') else: dst = to src = '' sport = '' if frm: if '!' in frm: (src, sport) = frm.split('!') else: src = frm # We should only output valid rules, so # short-circuit some invalid ones # Don't allow mixing services and # application rules srvs = ['tcpmux', 'fsp'] apps = ['WWW Full', 'DNS', 'CIFS'] if (dport in srvs and sport in apps) or \ (sport in srvs and dport in apps): continue # Don't allow mixing tcp and udp services if dport != sport and \ dport in srvs and \ sport in srvs: continue # Don't allow mixing apps since they all # have different protocols if dport != sport and \ dport in apps and \ sport in apps: continue # don't mix services and protocols if ((dport == 'fsp' or sport == 'fsp') \ and proto == 'tcp') or \ ((dport == 'tcpmux' or sport == 'tcpmux') \ and proto == 'udp'): continue # Now start building up the command c = [] if dir: if rule_type == 'rule' and \ 'in on' in dir and 'out on' in dir: # non-route rules don't support # specifying two interfaces continue elif rule_type == 'route': # route rules don't support bare # 'in' and 'out' continue elif 'on' in dir: c += dir.split() else: c.append(dir) if log: c.append(log) if not to and not frm: # nothing to do (use simple syntax) continue if src: c.append('from') c.append(src) if sport: if sport in apps: c.append('app') else: c.append('port') c.append(sport) if dst: c.append('to') c.append(dst) if dport: if dport in apps: c.append('app') else: c.append('port') c.append(dport) # add 'proto' when it makes sense if proto: try: if dport: int(dport) if sport: int(sport) c.append('proto') c.append(proto) except ValueError: if dport not in apps and \ sport not in apps and \ ((dport == 'fsp' and \ proto == 'udp') or \ (sport == 'fsp' and \ proto == 'udp') or \ (dport == 'tcpmux' and \ proto == 'tcp') or \ (sport == 'tcpmux' and \ proto == 'tcp')): c.append('proto') c.append(proto) if comment: c += ['comment', comment] cmds.append([rule_type, action] + c) return cmds def has_proc_net_output(): '''Determine if /proc/net/tcp|udp[6] have useful information''' found = False for p in ['tcp', 'udp', 'tcp', 'tcp6']: path = os.path.join("/proc/net", p) if not os.path.exists(p): continue with open(p) as f: if len(f.readlines()) > 1: # account for header found = True break return found ufw-0.36/tests/unit/test_backend.py0000644000175000017500000000441013404772663016333 0ustar jamiejamie# # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # NOTE: most of this is tested via test_backend_iptables.py since we have to # have a backend defined to test backend.py import unittest import tests.unit.support import ufw.backend import ufw.backend_iptables import ufw.common class BackendTestCase(unittest.TestCase): def setUp(self): ufw.common.do_checks = False # ufw.backend is an interface, so to test it we need to instantiate # an object that implements this interface self.backend = ufw.backend_iptables.UFWBackendIptables(dryrun=True) def tearDown(self): pass def test_installation_defaults(self): '''Test installation defaults''' self.assertEquals(self.backend.defaults['default_input_policy'], "drop") self.assertEquals(self.backend.defaults['default_forward_policy'], "drop") self.assertEquals(self.backend.defaults['default_output_policy'], "accept") self.assertEquals(self.backend.defaults['ipt_modules'], 'nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns') self.assertEquals(self.backend.defaults['loglevel'], 'low') self.assertEquals(self.backend.defaults['manage_builtins'], 'no') self.assertEquals(self.backend.defaults['enabled'], 'no') self.assertEquals(self.backend.defaults['ipv6'], 'yes') self.assertEquals(self.backend.defaults['default_application_policy'], 'skip') def test_main(): # used by runner.py tests.unit.support.run_unittest( BackendTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/__init__.py0000644000175000017500000000000013257507473015434 0ustar jamiejamieufw-0.36/tests/unit/fake-binaries/0000755000175000017500000000000013404547262016027 5ustar jamiejamieufw-0.36/tests/unit/fake-binaries/ip6tables-restore0000755000175000017500000000002213257507473021327 0ustar jamiejamie#!/bin/sh exit 0 ufw-0.36/tests/unit/fake-binaries/ip6tables0000755000175000017500000000010013257507473017643 0ustar jamiejamie#!/bin/sh if [ "$1" = "-V" ]; then ip6tables -V fi exit 0 ufw-0.36/tests/unit/fake-binaries/iptables-restore0000755000175000017500000000002213257507473021241 0ustar jamiejamie#!/bin/sh exit 0 ufw-0.36/tests/unit/fake-binaries/sysctl-forward-yes0000755000175000017500000000052613257507473021547 0ustar jamiejamie#!/bin/sh if [ "$1" = "net.ipv4.ip_forward" ]; then echo "net.ipv4.ip_forward = 1" exit 0 elif [ "$1" = "net.ipv6.conf.default.forwarding" ]; then echo "net.ipv6.conf.default.forwarding = 1" exit 0 elif [ "$1" = "net.ipv6.conf.all.forwarding" ]; then echo "net.ipv6.conf.all.forwarding = 1" exit 0 fi exec sysctl $@ ufw-0.36/tests/unit/fake-binaries/iptables0000755000175000017500000000007713257507473017572 0ustar jamiejamie#!/bin/sh if [ "$1" = "-V" ]; then iptables -V fi exit 0 ufw-0.36/tests/unit/fake-binaries/sysctl-forward-no0000755000175000017500000000052613257507473021363 0ustar jamiejamie#!/bin/sh if [ "$1" = "net.ipv4.ip_forward" ]; then echo "net.ipv4.ip_forward = 0" exit 0 elif [ "$1" = "net.ipv6.conf.default.forwarding" ]; then echo "net.ipv6.conf.default.forwarding = 0" exit 0 elif [ "$1" = "net.ipv6.conf.all.forwarding" ]; then echo "net.ipv6.conf.all.forwarding = 0" exit 0 fi exec sysctl $@ ufw-0.36/tests/unit/test_backend_iptables.py0000644000175000017500000006661613404772663020236 0ustar jamiejamie# # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import unittest import tests.unit.support import ufw.backend_iptables import ufw.common import ufw.frontend import os import re import shutil import time try: # python 2 from StringIO import StringIO except ImportError: from io import StringIO class BackendIptablesTestCase(unittest.TestCase): def setUp(self): ufw.common.do_checks = False for d in [ufw.common.state_dir, ufw.common.config_dir]: if not os.path.isdir(d + ".bak"): shutil.copytree(d, d + ".bak") # don't duplicate all the code for set_rule() from frontend.py so # the frontend's set_rule() to exercise our set_rule() self.ui = ufw.frontend.UFWFrontend(dryrun=True) # for convenience self.backend = self.ui.backend self.saved_msg_output = ufw.util.msg_output self.msg_output = None self.prevpath = os.environ['PATH'] os.environ['PATH'] = "%s:%s" % (ufw.common.iptables_dir, os.environ['PATH']) # update ufw-init-functions to use our fake iptables* commands f = os.path.join(ufw.common.state_dir, "ufw-init-functions") contents = "" for line in open(f).readlines(): if re.search("^PATH=", line): line = "#" + line line += 'PATH="%s:%s"\n' % (ufw.common.iptables_dir, line.split('"')[1]) contents += line open(f + '.new', 'w').write(contents) os.rename(f + '.new', f) def tearDown(self): self.ui = None self.backend = None os.environ['PATH'] = self.prevpath for d in [ufw.common.state_dir, ufw.common.config_dir]: if os.path.isdir(d): tests.unit.support.recursive_rm(d) shutil.copytree(d + ".bak", d) if self.msg_output: ufw.util.msg_output = self.saved_msg_output self.msg_output.close() self.msg_output = None sysctl = os.path.join(ufw.common.iptables_dir, "sysctl") if os.path.exists(sysctl): os.unlink(sysctl) def _update_sysctl(self, forward=False): sysctl = os.path.join(ufw.common.iptables_dir, "sysctl") if forward: shutil.copy(os.path.join(ufw.common.iptables_dir, "sysctl-forward-yes"), sysctl) else: shutil.copy(os.path.join(ufw.common.iptables_dir, "sysctl-forward-no"), sysctl) def _test__do_checks(self): '''Test _do_checks()''' print(" setting self.backend.do_checks to 'True'") self.backend.do_checks = True tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend._do_checks) print(" setting self.backend.do_checks to 'False'") self.backend.do_checks = False self.backend._do_checks() def test_get_default_application_policy(self): '''Test get_default_application_policy()''' s = self.backend.get_default_application_policy() self.assertTrue(s.endswith("skip")) def test_set_default_application_policy(self): '''Test set_default_application_policy()''' self.backend.dryrun = False for policy in ['allow', 'deny', 'reject', 'skip']: s = self.backend.set_default_application_policy(policy) self.assertTrue(policy in s, "Could not find '%s' in:\n%s" % \ (policy, s)) def test_get_app_rules_from_template(self): '''Test get_app_rules_from_template()''' pr = ufw.frontend.parse_command(['rule', 'allow', 'CIFS']) rules = self.backend.get_app_rules_from_template(pr.data['rule']) self.assertEquals(len(rules), 2) for r in rules: self.assertEquals(r.dapp, 'CIFS') pr = ufw.frontend.parse_command(['rule', 'deny', 'from', 'any', 'app', 'CIFS']) rules = self.backend.get_app_rules_from_template(pr.data['rule']) self.assertEquals(len(rules), 2) for r in rules: self.assertEquals(r.sapp, 'CIFS') pr = ufw.frontend.parse_command(['rule', 'reject', 'to', 'any', 'app', 'CIFS', 'from', 'any', 'app', 'CIFS']) rules = self.backend.get_app_rules_from_template(pr.data['rule']) self.assertEquals(len(rules), 2) for r in rules: self.assertEquals(r.dapp, 'CIFS') self.assertEquals(r.sapp, 'CIFS') pr = ufw.frontend.parse_command(['rule', 'reject', 'to', 'any', 'app', 'WWW', 'from', 'any', 'app', 'WWW Secure']) rules = self.backend.get_app_rules_from_template(pr.data['rule']) self.assertEquals(len(rules), 1) for r in rules: self.assertEquals(r.dapp, 'WWW') self.assertEquals(r.sapp, 'WWW Secure') pr = ufw.frontend.parse_command(['rule', 'allow', 'from', 'any', 'app', 'IPP', 'to', 'any', 'app', 'WWW']) rules = self.backend.get_app_rules_from_template(pr.data['rule']) self.assertEquals(len(rules), 1) for r in rules: self.assertEquals(r.sapp, 'IPP') pr = ufw.frontend.parse_command(['rule', 'allow', '12345']) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.get_app_rules_from_template, pr.data['rule']) def test_update_app_rule(self): '''Test upate_app_rule()''' self.saved_msg_output = ufw.util.msg_output self.msg_output = StringIO() ufw.util.msg_output = self.msg_output (s, res) = self.backend.update_app_rule('WWW') self.assertFalse(res) self.assertEquals(s, "") pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'CIFS']) self.backend.rules.append(pr.data['rule']) (s, res) = self.backend.update_app_rule('WWW') self.assertFalse(res) self.assertEquals(s, "") (s, res) = self.backend.update_app_rule('CIFS') self.assertTrue(res) self.assertTrue('CIFS' in s) pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'to', '5678:fff::/64', 'app', 'WWW Secure']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) (s, res) = self.backend.update_app_rule('WWW') self.assertFalse(res) self.assertEquals(s, "") (s, res) = self.backend.update_app_rule('WWW Secure') self.assertTrue(res) self.assertTrue('WWW Secure' in s) pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'from', '1234:fff::/64', 'app', 'WWW Secure', 'to', '2345:fff::/64', 'app', 'WWW Full']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) (s, res) = self.backend.update_app_rule('WWW') self.assertFalse(res) self.assertEquals(s, "") (s, res) = self.backend.update_app_rule('WWW Full') self.assertTrue(res) self.assertTrue('WWW Full' in s) pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'NFS']) self.backend.rules.append(pr.data['rule']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) (s, res) = self.backend.update_app_rule('WWW') self.assertFalse(res) self.assertEquals(s, "") (s, res) = self.backend.update_app_rule('NFS') self.assertTrue(res) self.assertTrue('NFS' in s) def test_find_application_name(self): '''Test find_application_name()''' res = self.backend.find_application_name('WWW') self.assertEquals(res, 'WWW') res = self.backend.find_application_name('WwW') self.assertEquals(res, 'WWW') f = os.path.join(self.backend.files['apps'], "testapp") contents = ''' [WWw] title=Duplicate Web Server description=Duplicate Web server ports=80/tcp ''' fd = open(f, 'w') fd.write(contents) fd.close() self.backend.profiles = ufw.applications.get_profiles( self.backend.files['apps']) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.find_application_name, 'wWw') tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.find_application_name, 'nonexistent') def test_find_other_position(self): '''Test find_other_position()''' pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'from', '1234:fff::/64', 'app', 'WWW Secure', 'to', '2345:fff::/64', 'app', 'WWW Full']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) pr = ufw.frontend.parse_command(['rule', 'allow', 'WWW']) self.backend.rules.append(pr.data['rule']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) res = self.backend.find_other_position(2, v6=True) self.assertEquals(res, 0) res = self.backend.find_other_position(1, v6=False) self.assertEquals(res, 2) tests.unit.support.check_for_exception(self, ValueError, self.backend.find_other_position, 3, True) tests.unit.support.check_for_exception(self, ValueError, self.backend.find_other_position, 3, False) tests.unit.support.check_for_exception(self, ValueError, self.backend.find_other_position, 0, False) pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'to', '2345:fff::/64', 'app', 'CIFS']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) pr = ufw.frontend.parse_command(['rule', 'allow', 'CIFS']) self.backend.rules.append(pr.data['rule']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) res = self.backend.find_other_position(3, v6=True) self.assertEquals(res, 0) def test_get_loglevel(self): '''Test get_loglevel()''' for l in ['off', 'low', 'medium', 'high']: self.backend.set_loglevel(l) (level, s) = self.backend.get_loglevel() self.assertTrue(l in s, "Could not find '%s' in:\n%s" % (l, s)) self.backend.defaults['loglevel'] = 'nonexistent' (level, s) = self.backend.get_loglevel() self.assertTrue('unknown' in s, "Could not find 'unknown' in:\n%s" % s) def test_set_loglevel(self): '''Test set_loglevel()''' for ll in ['off', 'on', 'low', 'medium', 'high']: self.backend.set_loglevel(ll) (level, s) = self.backend.get_loglevel() if ll == 'on': ll = 'low' self.assertTrue(ll in s, "Could not find '%s' in:\n%s" % (ll, s)) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.set_loglevel, 'nonexistent') def test_get_rules_count(self): '''Test get_rules_count()''' res = self.backend.get_rules_count(v6=False) self.assertEquals(res, 0) pr = ufw.frontend.parse_command([] + ['rule', 'allow', 'from', '1234:fff::/64', 'app', 'WWW Secure', 'to', '2345:fff::/64', 'app', 'WWW Full']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) pr = ufw.frontend.parse_command(['rule', 'allow', 'WWW']) self.backend.rules.append(pr.data['rule']) pr.data['rule'].set_v6(True) self.backend.rules6.append(pr.data['rule']) res = self.backend.get_rules_count(v6=False) self.assertEquals(res, 1) res = self.backend.get_rules_count(v6=True) self.assertEquals(res, 2) def test_get_rule_by_number(self): '''Test get_rule_by_number()''' pr1 = ufw.frontend.parse_command(['rule', 'allow', 'WWW']) self.backend.rules.append(pr1.data['rule']) pr2 = ufw.frontend.parse_command(['rule', 'allow', 'WWW']) pr2.data['rule'].set_v6(True) self.backend.rules6.append(pr2.data['rule']) pr3 = ufw.frontend.parse_command([] + ['rule', 'allow', 'from', '1234:fff::/64', 'app', 'WWW Secure', 'to', '2345:fff::/64', 'app', 'WWW Full']) pr3.data['rule'].set_v6(True) self.backend.rules6.append(pr3.data['rule']) res = self.backend.get_rule_by_number(1) self.assertEquals(ufw.common.UFWRule.match(res, pr1.data['rule']), 0) self.assertEquals(ufw.common.UFWRule.match(res, pr2.data['rule']), 1) self.assertEquals(ufw.common.UFWRule.match(res, pr3.data['rule']), 1) res = self.backend.get_rule_by_number(2) self.assertEquals(ufw.common.UFWRule.match(res, pr2.data['rule']), 0) self.assertEquals(ufw.common.UFWRule.match(res, pr1.data['rule']), 1) self.assertEquals(ufw.common.UFWRule.match(res, pr3.data['rule']), 1) res = self.backend.get_rule_by_number(3) self.assertEquals(ufw.common.UFWRule.match(res, pr3.data['rule']), 0) self.assertEquals(ufw.common.UFWRule.match(res, pr1.data['rule']), 1) self.assertEquals(ufw.common.UFWRule.match(res, pr2.data['rule']), 1) res = self.backend.get_rule_by_number(4) self.assertEquals(res, None) pr4 = ufw.frontend.parse_command([] + ['rule', 'allow', 'CIFS']) self.backend.rules.append(pr4.data['rule']) pr4.data['rule'].set_v6(True) self.backend.rules6.append(pr4.data['rule']) res = self.backend.get_rule_by_number(6) self.assertEquals(res, None) res = self.backend.get_rule_by_number(4) self.assertEquals(ufw.common.UFWRule.match(res, pr4.data['rule']), 1) def test_get_matching(self): '''Test get_matching()''' pr1 = ufw.frontend.parse_command(['rule', 'allow', 'WWW']) self.backend.rules.append(pr1.data['rule']) pr2 = ufw.frontend.parse_command(['rule', 'deny', 'WWW']) self.backend.rules.append(pr2.data['rule']) test_rule = pr1.data['rule'].dup_rule() res = self.backend.get_matching(test_rule) self.assertEquals(len(res), 2) def test_set_bad_default_application_policy(self): '''Test bad set_default_application_policy()''' self.backend.dryrun = False for policy in ['alow', 'deny 78&']: tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.set_default_application_policy, policy) def test_set_default_policy(self): '''Test set_default_policy()''' # dryrun for direction in ['incoming', 'outgoing', 'routed']: for policy in ['allow', 'deny', 'reject']: res = self.backend.set_default_policy(policy, direction) self.assertTrue(policy in res, "Could not find '%s' in:\n%s" % (policy, res)) self.assertTrue(direction in res, "Could not find '%s' in:\n%s" % (direction, res)) # no dryrun self.backend.dryrun = False for direction in ['incoming', 'outgoing']: for policy in ['allow', 'deny', 'reject']: res = self.backend.set_default_policy(policy, direction) self.assertTrue(policy in res, "Could not find '%s' in:\n%s" % (policy, res)) self.assertTrue(direction in res, "Could not find '%s' in:\n%s" % (direction, res)) if direction == 'incoming': res = self.backend._get_default_policy("input") else: res = self.backend._get_default_policy("output") self.assertEquals(res, policy) # no dryrun for routed self.backend.dryrun = False for forward_enabled in [ False, True ]: self._update_sysctl(forward_enabled) direction = "routed" for policy in ['allow', 'deny', 'reject']: res = self.backend.set_default_policy(policy, direction) self.assertTrue(policy in res, "Could not find '%s' in:\n%s" % (policy, res)) self.assertTrue(direction in res, "Could not find '%s' in:\n%s" % (direction, res)) res = self.backend._get_default_policy("forward", check_forward=True) if not forward_enabled: policy = "disabled" self.assertEquals(res, policy) def test_set_default(self): '''Test set_default()''' self.backend.set_default(self.backend.files['defaults'], 'NEW_INPUT_POLICY', 'accept') self.assertEquals(self.backend.defaults['new_input_policy'], 'accept') def test_set_bad_default(self): '''Test bad set_default_policy()''' tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.set_default, self.backend.files['defaults'], 'DEFAULT INPUT_POLICY', "accept") tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend.set_default, self.backend.files['defaults'] + \ ".nonexistent", 'DEFAULT_INPUT_POLICY', "accept") def test_get_running_raw(self): '''Test get_running_raw()''' # dryrun for t in ['raw', 'builtins', 'before', 'user', 'after', 'logging']: res = self.backend.get_running_raw(t) for s in ['iptables', 'ip6tables']: self.assertTrue("Checking raw %s" % s in res, "Could not find '%s' in:\n%s" % (s, res)) # no dryrun self.backend.dryrun = False for t in ['raw', 'builtins', 'before', 'user', 'after', 'logging']: res = self.backend.get_running_raw(t) self.assertTrue(t in res, "Could not find '%s' in:\n%s" % \ (t, res)) def test_get_status(self): '''Test get_status()''' # build up some rules cmds_sim = tests.unit.support.get_sample_rule_commands_simple() cmds_ext = tests.unit.support.get_sample_rule_commands_extended() for cmds in [cmds_sim, cmds_ext]: self.backend.rules = [] self.backend.rules6 = [] for cmd in cmds: pr = ufw.frontend.parse_command(cmd + []) action = cmd[1] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) if 'rule' in pr.data: if pr.data['rule'].v6: self.backend.rules6.append(pr.data['rule']) else: self.backend.rules.append(pr.data['rule']) # dryrun self.backend.dryrun = True for v in [False, True]: for c in [False, True]: res = self.backend.get_status(verbose=v, show_count=c) for s in ['iptables', 'ip6tables']: self.assertTrue("Checking %s" % s in res, "Could not find '%s' in:\n%s" % (s, res)) # no dryrun self.backend.dryrun = False for v in [False, True]: for c in [False, True]: res = self.backend.get_status(verbose=v, show_count=c) terms = ['Status: active', 'To'] if v: terms += ['Logging: on', 'Default: deny', 'New profiles: skip'] if c: terms += '[ 1] ' for search in terms: self.assertTrue(search in res, "Could not find '%s' in:\n%s" % (search, res)) def test_stop_firewall(self): '''Test stop_firewall()''' self.backend.stop_firewall() self.backend.dryrun = False self.backend.stop_firewall() # TODO: verify output def test_start_firewall(self): '''Test start_firewall()''' self.backend.start_firewall() self.backend.dryrun = False self.backend.start_firewall() # TODO: verify output def test__need_reload(self): '''Test _need_reload()''' for v6 in [False, True]: res = self.backend._need_reload(v6) self.backend.dryrun = False res = self.backend._need_reload(v6) self.assertFalse(res) # TODO: verify output def test__reload_user_rules(self): '''Test _reload_user_rules()''' self.backend.defaults['enabled'] = "no" self.backend._reload_user_rules() self.backend.dryrun = False self.backend.defaults['enabled'] = "yes" self.backend._reload_user_rules() # TODO: verify output def test_use_ipv6(self): '''Test use_ipv6()''' self.backend.defaults['ipv6'] = "yes" self.assertTrue(self.backend.use_ipv6()) self.backend.defaults['ipv6'] = "no" self.assertFalse(self.backend.use_ipv6()) def test__get_defaults(self): '''Test _get_defaults()''' self.backend._get_defaults() for k in ['ipt_modules', 'default_output_policy', 'default_input_policy', 'default_forward_policy', 'loglevel', 'manage_builtins', 'enabled', 'ipv6', 'default_application_policy']: self.assertTrue(k in self.backend.defaults, "Could not find '%s'" \ % k) # Installation defaults are tested elsewhere f = self.backend.files['defaults'] contents = "" for line in open(f).readlines(): if re.search("^DEFAULT_INPUT_POLICY=", line): line = "#" + line contents += line fd = open(f + '.new', 'w') fd.write(contents) fd.close() os.rename(f + '.new', f) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend._get_defaults) f = self.backend.files['defaults'] contents = "" for line in open(f).readlines(): if re.search("^#DEFAULT_INPUT_POLICY=", line): line = "DEFAULT_INPUT_POLICY=bad" + line contents += line fd = open(f + '.new', 'w') fd.write(contents) fd.close() os.rename(f + '.new', f) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.backend._get_defaults) def test_set_rule(self): '''Test set_rule()''' self.ui.backend.dryrun = False # keeps the verbosity down # TODO: optimize this. We don't need to hit the disk for all of these. # maybe set enabled to 'yes' once for each branch self.ui.backend.defaults['enabled'] = "yes" cmds_sim = tests.unit.support.get_sample_rule_commands_simple() for cmd in cmds_sim: pr = ufw.frontend.parse_command(cmd + []) action = cmd[1] self.assertEquals(action, pr.action, "%s != %s" % (action, \ pr.action)) if 'rule' in pr.data: self.ui.do_action(pr.action, pr.data['rule'], \ pr.data['iptype'], True) # TODO: verify output def test_update_logging(self): '''Test update_logging()''' self.backend.defaults['enabled'] = "no" self.backend.dryrun = False for level in ['off', 'low', 'medium', 'high', 'full']: self.backend.defaults['enabled'] = "no" self.backend.update_logging(level) self.backend.defaults['enabled'] = "yes" self.backend.update_logging(level) # TODO: verify output def test_reset(self): '''Test reset()''' res = self.backend.reset() print(res) # we only have 1 second resolution on the backup, so sleep is needed time.sleep(1) self.backend.dryrun = False res = self.backend.reset() print(res) # TODO: verify output def test_main(): # used by runner.py tests.unit.support.run_unittest( BackendIptablesTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/test_applications.py0000644000175000017500000001353013404772663017435 0ustar jamiejamie# # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os import unittest import tests.unit.support import ufw.applications class ApplicationsTestCase(unittest.TestCase): def setUp(self): apps = os.path.join(ufw.common.config_dir, "ufw/applications.d") self.profiles = ufw.applications.get_profiles(apps) def tearDown(self): pass def test_get_profiles(self): '''Test get_profiles()''' try: ufw.applications.get_profiles("foo") self.assertFalse(True) except ufw.common.UFWError: pass self.assertTrue('WWW' in self.profiles.keys(), "Could not find 'WWW'") self.assertEquals(self.profiles['WWW']['ports'], "80/tcp") self.assertEquals(self.profiles['WWW']['title'], "Web Server") self.assertEquals(self.profiles['WWW']['description'], "Web server") def test_valid_profile_name(self): '''Test valid_profile_name()''' self.assertTrue(ufw.applications.valid_profile_name('ABC')) self.assertFalse(ufw.applications.valid_profile_name('#ABC')) self.assertFalse(ufw.applications.valid_profile_name('all')) self.assertFalse(ufw.applications.valid_profile_name('123')) self.assertFalse(ufw.applications.valid_profile_name('AB*C')) def test_verify_profile(self): '''Test verify_profile()''' profiles = [{'title': 'test both', 'description': 'dns', 'ports': '53'}, {'title': 'test tcp', 'description': 'desc', 'ports': '22/tcp'}, {'title': 'test udp', 'description': 'desc', 'ports': '123/udp'}, {'title': 'test multi comma', 'description': 'desc', 'ports': '80,443/tcp'}, {'title': 'test multi range', 'description': 'desc', 'ports': '60000:65000/udp'}, {'title': 'test different', 'description': 'desc', 'ports': '123/udp|80/tcp'}, {'title': 'test man page', 'description': 'desc', 'ports': '12/udp|34|56,78:90/tcp'}, ] for p in profiles: self.assertTrue(ufw.applications.verify_profile('TESTPROFILE', p)) def test_verify_profile_bad(self): '''Test verify_profile() - bad''' profiles = [{'description': 'missing title', 'ports': '53'}, {'title': 'missing description', 'ports': '22/tcp'}, {'title': 'missing ports', 'description': 'desc'}, {'title': '', 'description': 'empty title', 'ports': '80'}, {'title': 'empty description', 'description': '', 'ports': '80'}, {'title': 'empty ports', 'description': 'desc', 'ports': ''}, {'title': 'bad missing proto - list', 'description': 'desc', 'ports': '80,443'}, {'title': 'bad missing proto - range', 'description': 'desc', 'ports': '80:443'}, {'title': 'bad range too big', 'description': 'desc', 'ports': '80:70000/tcp'}, {'title': 'bad protocol - ah', 'description': 'desc', 'ports': '80/ah'}, {'title': 'bad protocol - esp', 'description': 'desc', 'ports': '80/esp'}, {'title': 'bad protocol - gre', 'description': 'desc', 'ports': '80/gre'}, {'title': 'bad protocol - igmp', 'description': 'desc', 'ports': '80/igmp'}, {'title': 'bad protocol - ipv6', 'description': 'desc', 'ports': '80/ipv6'}, ] for p in profiles: print(" %s" % p) tests.unit.support.check_for_exception(self, ufw.common.UFWError, ufw.applications.verify_profile, 'TESTPROFILE', p) def test_get_title(self): '''Test get_title()''' self.assertEquals(ufw.applications.get_title(self.profiles['WWW']), 'Web Server') def test_get_description(self): '''Test get_description()''' self.assertEquals(ufw.applications.get_description(self.profiles['WWW']), 'Web server') def test_get_ports(self): '''Test get_ports()''' expected_ports = ['80/tcp'] self.assertEquals(ufw.applications.get_ports(self.profiles['WWW']), expected_ports) def test_main(): # used by runner.py tests.unit.support.run_unittest( ApplicationsTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/unit/test_common.py0000644000175000017500000007242613404772663016250 0ustar jamiejamie# # Copyright 2012-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import unittest import tests.unit.support import ufw.common class CommonTestCase(unittest.TestCase): def setUp(self): self.rules = { "any": ufw.common.UFWRule("allow", "any"), "ipv6": ufw.common.UFWRule("deny", "ipv6"), "tcp": ufw.common.UFWRule("limit", "tcp"), "udp": ufw.common.UFWRule("allow", "udp"), "reject-tcp": ufw.common.UFWRule("reject", "tcp"), "reject-udp": ufw.common.UFWRule("reject", "udp"), "full-any": ufw.common.UFWRule("allow", "any", dport="123", dst="10.0.0.1", sport="124", src="10.0.0.2", direction="in"), "full-ipv6": ufw.common.UFWRule("deny", "ipv6", dport="123", dst="10.0.0.1", sport="124", src="10.0.0.2", direction="in"), "full-tcp": ufw.common.UFWRule("limit", "tcp", dport="123", dst="10.0.0.1", sport="124", src="10.0.0.2", direction="out"), "full-udp": ufw.common.UFWRule("reject", "udp", dport="123", dst="10.0.0.1", sport="124", src="10.0.0.2", direction="out"), "dapp": ufw.common.UFWRule("allow", "any"), "sapp": ufw.common.UFWRule("deny", "any"), "app-both": ufw.common.UFWRule("deny", "any"), "multi-dport": ufw.common.UFWRule("allow", "tcp", dport="80,443,8080:8090"), "multi-sport": ufw.common.UFWRule("allow", "tcp", sport="80,443,8080:8090"), "multi-both": ufw.common.UFWRule("allow", "tcp", dport="80,443,8080:8090", sport="23"), "log": ufw.common.UFWRule("allow", "tcp", dport="22"), "log-all": ufw.common.UFWRule("allow", "tcp", dport="22"), } self.rules['dapp'].dapp = "Apache" self.rules['dapp'].dport = "80" self.rules['dapp'].proto = "tcp" self.rules['sapp'].sapp = "Apache" self.rules['sapp'].sport = "80" self.rules['sapp'].proto = "tcp" self.rules['app-both'].dapp = "Apache" self.rules['app-both'].dport = "80" self.rules['app-both'].proto = "tcp" self.rules['app-both'].sapp = "Apache" self.rules['app-both'].sport = "80" self.rules['app-both'].proto = "tcp" self.rules['log'].set_logtype("log") self.rules['log-all'].set_logtype("log-all") def tearDown(self): self.rules = None def test_ufwerror(self): '''Test UFWError''' try: raise ufw.common.UFWError("test") except ufw.common.UFWError as e: self.assertEquals(e.value, "test", "'%s' != 'test'" % e.value) return self.assertTrue(False, "Did not raise an error") def test_ufwerror_str(self): '''Test UFWError.str()''' e = ufw.common.UFWError("test") search = repr("test") self.assertEquals(str(e), search, "'%s' != 'test'" % search) def test__init_(self): '''Test UFWRule.__init__()''' r = ufw.common.UFWRule("allow", "tcp", "22") self.assertEquals(r.action, "allow") self.assertEquals(r.protocol, "tcp") self.assertEquals(r.dport, "22") tests.unit.support.check_for_exception(self, ufw.common.UFWError, ufw.common.UFWRule, "allow", "nonexistent", "22") def test__get_attrib(self): '''Test _get_attrib()''' res = self.rules["any"]._get_attrib() search = "'-p all -j ACCEPT', action=allow, comment=, dapp=, " + \ "direction=in, dport=any, dst=0.0.0.0/0, forward=False, " + \ "interface_in=, interface_out=, logtype=, multi=False, " + \ "position=0, protocol=any, remove=False, sapp=, " + \ "sport=any, src=0.0.0.0/0, updated=False, v6=False" self.assertEquals(res, search, "'%s' != '%s'" % (res, search)) def test_dup_rule(self): '''Test dup_rule()''' r = self.rules["any"].dup_rule() self.assertEquals(ufw.common.UFWRule.match(r, self.rules["any"]), 0) def test_format_rule(self): '''Test format_rule()''' s = str(self.rules["any"]) self.assertEquals(s, "-p all -j ACCEPT") s = str(self.rules["app-both"]) self.assertEquals(s, "-p all --dport 80 --sport 80 -j DROP " + \ "-m comment --comment 'dapp_Apache,sapp_Apache'") s = str(self.rules["dapp"]) self.assertEquals(s, "-p all --dport 80 -j ACCEPT " + \ "-m comment --comment 'dapp_Apache'") s = str(self.rules["full-any"]) self.assertEquals(s, "-p all -d 10.0.0.1 --dport 123 " + \ "-s 10.0.0.2 --sport 124 -j ACCEPT") s = str(self.rules["full-ipv6"]) self.assertEquals(s, "-p ipv6 -d 10.0.0.1 --dport 123 " + \ "-s 10.0.0.2 --sport 124 -j DROP") s = str(self.rules["full-tcp"]) self.assertEquals(s, "-p tcp -d 10.0.0.1 --dport 123 " + \ "-s 10.0.0.2 --sport 124 -j LIMIT") s = str(self.rules["full-udp"]) self.assertEquals(s, "-p udp -d 10.0.0.1 --dport 123 " + \ "-s 10.0.0.2 --sport 124 -j REJECT") s = str(self.rules["ipv6"]) self.assertEquals(s, "-p ipv6 -j DROP") s = str(self.rules["log"]) self.assertEquals(s, "-p tcp --dport 22 -j ACCEPT_log") s = str(self.rules["log-all"]) self.assertEquals(s, "-p tcp --dport 22 -j ACCEPT_log-all") r = self.rules["log-all"].dup_rule() r.set_action("deny_log-all") s = str(r) self.assertEquals(s, "-p tcp --dport 22 -j DROP_log-all") s = str(self.rules["multi-both"]) self.assertEquals(s, "-p tcp -m multiport " + \ "--dports 80,443,8080:8090 " + \ "-m multiport --sports 23 -j ACCEPT") s = str(self.rules["multi-dport"]) self.assertEquals(s, "-p tcp -m multiport " + \ "--dports 80,443,8080:8090 -j ACCEPT") s = str(self.rules["multi-sport"]) self.assertEquals(s, "-p tcp -m multiport " + \ "--sports 80,443,8080:8090 -j ACCEPT") s = str(self.rules["reject-tcp"]) self.assertEquals(s, "-p tcp -j REJECT --reject-with tcp-reset") s = str(self.rules["reject-udp"]) self.assertEquals(s, "-p udp -j REJECT") s = str(self.rules["sapp"]) self.assertEquals(s, "-p all --sport 80 -j DROP " + \ "-m comment --comment 'sapp_Apache'") s = str(self.rules["tcp"]) self.assertEquals(s, "-p tcp -j LIMIT") s = str(self.rules["udp"]) self.assertEquals(s, "-p udp -j ACCEPT") def test_set_action(self): '''Test set_action()''' r = self.rules["any"] for action in ['allow', 'deny', 'reject', 'limit']: r.set_action(action) self.assertEquals(action, r.action, "%s != %s" % (action, r.action)) def test_set_port(self): '''Test set_port()''' rule = self.rules["any"] for loc in ['dst', 'src']: for port in ['any', '1', '22', '1023', '1024', '1025', '65535', '1,2,3,4,5,6,7,8,9,10,11,12,13,14,15', '80,443,8080:8090', '22:25']: r = rule.dup_rule() r.set_port(port, loc) if loc == 'dst': self.assertEquals(port, r.dport, "%s != %s" % (port, r.dport)) else: self.assertEquals(port, r.sport, "%s != %s" % (port, r.sport)) r = self.rules["dapp"].dup_rule() r.dapp = "Apache" r.set_port("Apache", "dst") self.assertEquals(r.dapp, r.dport, "%s != %s" % (r.dapp, r.dport)) r = self.rules["sapp"].dup_rule() r.sapp = "Apache" r.set_port("Apache", "src") self.assertEquals(r.sapp, r.sport, "%s != %s" % (r.sapp, r.sport)) def test_set_port_bad(self): '''Test set_port() - bad''' rule = self.rules["any"] for loc in ['dst', 'src']: for port in ['an', '0', ',', '', ' ', 22, '65536', ',443,8080:8090', '443:8080:8090', '0:65536', '2:1', '80,', '80,443,8080:', ':8090', '1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16', ]: r = rule.dup_rule() e = ufw.common.UFWError if port == 22: e = TypeError tests.unit.support.check_for_exception(self, e, r.set_port, port, loc) def test_set_protocol(self): '''Test set_protocol()''' r = self.rules["any"] for proto in ['any', 'tcp', 'udp', 'ipv6', 'esp', 'ah']: r.set_protocol(proto) self.assertEquals(proto, r.protocol, "%s != %s" % (proto, r.protocol)) def test_set_protocol_bad(self): '''Test set_protocol() - bad''' r = self.rules["any"] for proto in ['an', 'cp', 'up', 'nonexistent']: tests.unit.support.check_for_exception(self, ufw.common.UFWError, r.set_protocol, proto) def test__fix_anywhere(self): '''Test _fix_anywhere()''' x = self.rules["any"].dup_rule() x.set_v6(False) x._fix_anywhere() search = "0.0.0.0/0" self.assertEquals(x.dst, search, "'%s' != '%s'" % (x.dst, search)) y = x.dup_rule() y.set_v6(True) y._fix_anywhere() search = "::/0" self.assertEquals(y.dst, search, "'%s' != '%s'" % (y.dst, search)) def test_set_v6(self): '''Test set_v6()''' r = self.rules["any"] for ipv6 in [True, False]: r.set_v6(ipv6) self.assertEquals(ipv6, r.v6, "%s != %s" % (ipv6, r.v6)) def test_set_src(self): '''Test set_src()''' r = self.rules["any"] for src in ["10.0.0.3"]: r.set_src(src) self.assertEquals(src, r.src, "%s != %s" % (src, r.src)) def test_set_src_bad(self): '''Test set_src() - bad''' r = self.rules["any"] for src in ["10.0.0.", "10..0.0.3"]: tests.unit.support.check_for_exception(self, ufw.common.UFWError, r.set_src, src) def test_set_dst(self): '''Test set_dst()''' r = self.rules["any"] for dst in ["10.0.0.3"]: r.set_dst(dst) self.assertEquals(dst, r.dst, "%s != %s" % (dst, r.dst)) def test_set_dst_bad(self): '''Test set_dst() - bad''' r = self.rules["any"] for dst in ["10.0.0.", "10..0.0.3"]: tests.unit.support.check_for_exception(self, ufw.common.UFWError, r.set_dst, dst) def test_set_interface(self): '''Test set_interface()''' r = self.rules["any"] for if_type in ["in", "out"]: for interface in ["eth0", "wlan1", "br_lan", "virbr0-nic", "0eth", "eth0_1", "eth0.1", "foo%bar", "foo@Bar", "=foo", "vethQNIAKF@if18", "lo"]: r.set_interface(if_type, interface) if if_type == "in": self.assertEquals(interface, r.interface_in, "%s != %s" % (interface, r.interface_in)) else: self.assertEquals(interface, r.interface_out, "%s != %s" % (interface, r.interface_out)) def test_set_interface_bad(self): '''Test set_interface() - bad''' r = self.rules["any"] interface = "eth0" for if_type in ["ina", "ot"]: tests.unit.support.check_for_exception(self, ufw.common.UFWError, r.set_interface, if_type, interface) for if_type in ["in", "out"]: for interface in ["\tfoo", ". # import unittest import os try: # python 2 from StringIO import StringIO except ImportError: from io import StringIO import tests.unit.support import ufw.common import ufw.frontend import ufw.util class FrontendTestCase(unittest.TestCase): def setUp(self): ufw.common.do_checks = False iptables_dir = "" for d in ["/sbin", "/bin", "/usr/sbin", "/usr/bin", "/usr/local/sbin", "/usr/local/bin"]: if os.path.exists(os.path.join(d, "iptables")): iptables_dir = d break self.assertTrue(iptables_dir != "") ufw.common.iptables_dir = iptables_dir # This needs to be before we set ufw.util.msg_output since # ufw.util.warn() is called in backend.py:init() self.ui = ufw.frontend.UFWFrontend(dryrun=True) # Capture stdout from msg() and write_to_file() so we can examine it self.saved_msg_output = ufw.util.msg_output self.msg_output = StringIO() ufw.util.msg_output = self.msg_output def tearDown(self): # Restore stdout if self.msg_output: ufw.util.msg_output = self.saved_msg_output self.msg_output.close() self.msg_output = None self.ui = None def test_parse_command(self): '''Test parse_command()''' # test_parser.py will handle command combinations exhaustively, let's # just use a representative set here cmds = [ 'enable', 'disable', 'reload', 'default allow', 'default deny', 'default reject', 'default allow incoming', 'default deny outgoing', 'logging on', 'logging off', 'logging medium', 'reset', 'status', 'status numbered', 'status verbose', 'show raw', 'show builtins', 'show before-rules', 'show user-rules', 'show after-rules', 'show logging-rules', 'show listening', 'show added', 'delete 1', 'delete reject 22', 'insert 1 limit 22/tcp', 'allow 53/udp', 'deny http', 'allow to any port 23 proto tcp', 'deny from 192.168.0.1 to 192.168.0.2', 'reject in on eth0', 'allow to fe80::/16', 'deny from any port 53 proto udp', 'limit in on eth0 to 192.168.0.1 port 22 from 10.0.0.0/24 port 1024:65535 proto tcp', 'reject telnet comment unsafe', '--version', '--dry-run allow 22/tcp', '--dry-run app list', 'app list', 'app info Apache', 'app default skip', 'app update Apache', ] for c in cmds: #print(c) ufw.frontend.parse_command(['ufw'] + c.split()) def test_parse_command_bad(self): '''Test parse_command_bad''' data = [ ('llow 12345', ValueError), ('allo 12345', ValueError), ('allow', ValueError), ] # for ufw.util.error() on python3 ufw.util.msg_output = self.saved_msg_output for (c, expected) in data: tests.unit.support.check_for_exception(self, expected, ufw.frontend.parse_command, ['ufw'] + c.split()) def test___init__(self): '''Test __init__()''' tests.unit.support.check_for_exception(self, ufw.common.UFWError, ufw.frontend.UFWFrontend, True, 'nonexistent') def test_get_command_help(self): '''Test get_command_help()''' s = ufw.frontend.get_command_help() terms = ['enable', 'disable', 'default ARG', 'logging LEVEL', 'allow ARGS', 'deny ARGS', 'reject ARGS', 'limit ARGS', 'delete RULE|NUM', 'insert NUM RULE', 'reload', 'reset', 'status', 'status numbered', 'status verbose', 'show ARG', 'version', 'app list', 'app info PROFILE', 'app update PROFILE', 'app default ARG' ] for search in terms: self.assertTrue(search in s, "Could not find '%s' in:\n%s" % \ (search, s)) def test_continue_under_ssh(self): '''Test continue_under_ssh()''' self.ui.continue_under_ssh() def test_do_action(self): '''Test do_action()''' cmds = [ 'enable', 'disable', 'enable', 'reload', 'default allow', 'default deny', 'default reject', 'default allow incoming', 'default deny outgoing', 'logging on', 'logging off', 'logging medium', 'reset', 'status', 'status numbered', 'status verbose', 'allow 43', 'reject 22', 'delete 1', 'delete reject 22', 'insert 1 limit 22/tcp', 'allow 53/udp', 'deny http', 'allow to any port 23 proto tcp', 'deny from 192.168.0.1 to 192.168.0.2', 'reject in on eth0', 'allow to fe80::/16', 'deny from any port 53 proto udp', 'limit in on eth0 to 192.168.0.1 port 22 from 10.0.0.0/24 port 1024:65535 proto tcp', 'allow CIFS', 'delete allow CIFS', 'allow CIFS', 'delete allow CifS', 'allow to 192.168.0.1 app WWW', 'delete allow to 192.168.0.1 app WWW', 'allow to fe80::/16 app WWW', 'delete allow to fe80::/16 app WWW', 'allow from fe80::/16 app WWW', 'delete allow from fe80::/16 app WWW', 'allow from fe80::/16 app CIFS', 'delete allow from fe80::/16 app CifS', 'show listening', 'show added', 'show raw', ] for dryrun in [True, False]: ufw.util.msg_output = self.saved_msg_output ui = ufw.frontend.UFWFrontend(dryrun=dryrun) ufw.util.msg_output = self.msg_output for c in cmds: if not dryrun and c not in ['allow', 'deny', 'limit', 'reject', 'delete', 'insert']: continue try: pr = ufw.frontend.parse_command(['ufw'] + c.split()) if 'rule' in pr.data: res = ui.do_action(pr.action, pr.data['rule'], pr.data['iptype'], force=True) else: res = ui.do_action(pr.action, "", "", force=True) except Exception: print("%s failed:" % c) raise if c == 'show listening': if res == "" and tests.unit.support.has_proc_net_output(): print("Output is empty for '%s'" % c) raise continue # nothing more to test with 'show listening' self.assertTrue(res != "", "Output is empty for '%s'" % c) cmd = c.split()[0] out = self.msg_output.getvalue() if cmd in ['allow', 'deny', 'limit', 'reject', 'delete', 'insert']: for search in ['*filter', 'COMMIT']: self.assertTrue(search in out, \ "Could not find '%s' in:\n%s" % \ (search, out)) else: search = "running ufw-init" self.assertTrue(search in out, \ "Could not find '%s' in:\n%s" % \ (search, out)) print("TODO: verify output of rules in do_action()") def test_do_action_remove_bad_appname(self): '''Test do_action() remove bad appname''' c = 'delete allow to any app &^%$' pr = ufw.frontend.parse_command(['ufw'] + c.split()) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.ui.do_action, pr.action, pr.data['rule'], pr.data['iptype'], True) def test_do_application_action(self): '''Test do_application_action()''' cmds = [ 'app list', 'app info WWW', 'app default skip', 'app default deny', 'app update WWW', 'app update all', 'app update --add-new CIFS', ] for c in cmds: try: pr = ufw.frontend.parse_command(['ufw'] + c.split()) if 'type' in pr.data and pr.data['type'] == 'app': res = self.ui.do_application_action(pr.action, pr.data['name']) else: res = self.ui.do_action(pr.action, "", "", force=True) except Exception: print("%s failed:" % c) raise # print(res) if c.startswith("app update"): self.assertTrue(res == "", "Output is not empty for '%s'" % c) elif c.startswith('app list'): for search in ['Available applications', 'AIM', 'WWW']: self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % \ (search, res)) elif c.startswith('app info'): for search in ['Title: Web Server', '80/tcp']: self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % \ (search, res)) elif c.startswith('app default'): p = c.split()[-1] search = "Default application policy changed to '%s'" % p self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % (search, res)) else: self.assertTrue(res != "", "Output is empty for '%s'" % c) pr = ufw.frontend.parse_command(['ufw', 'app', 'update', '--add-new', 'all']) tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.ui.do_application_action, pr.action, pr.data['name']) def test_get_show_raw(self): '''Test get_show_raw()''' res = self.ui.get_show_raw() search = "> Checking" self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % (search, res)) def test_get_show_listening(self): '''Test get_show_listening()''' res = self.ui.get_show_listening() for search in ['tcp', 'udp']: # self.assertTrue(search in res, \ # "Could not find '%s' in:\n%s" % (search, res)) if search not in res: print("(TODO: fake-netstat) Could not find '%s' in:\n%s" % (search, res)) def test_get_show_added(self): '''Test get_show_added()''' res = self.ui.get_show_added() search = "(None)" self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % (search, res)) c = 'allow 12345' pr = ufw.frontend.parse_command(['ufw'] + c.split()) self.ui.do_action(pr.action, pr.data['rule'], pr.data['iptype'], force=True) res = self.ui.get_show_added() search = c self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % (search, res)) def test_application_add(self): '''Test application_add()''' for i in ['accept', 'drop', 'reject']: self.ui.backend.defaults['default_application_policy'] = i res = self.ui.application_add('WWW') for search in ['Rules updated', 'Rules updated (v6)']: self.assertTrue(search in res, \ "Could not find '%s' in:\n%s" % (search, res)) self.ui.backend.defaults['default_application_policy'] = 'bad' tests.unit.support.check_for_exception(self, ufw.common.UFWError, self.ui.application_add, 'WWW') self.ui.backend.defaults['default_application_policy'] = 'skip' def test_main(): # used by runner.py tests.unit.support.run_unittest( FrontendTestCase ) if __name__ == "__main__": # used when standalone unittest.main() ufw-0.36/tests/debug/0000755000175000017500000000000013226727543013442 5ustar jamiejamieufw-0.36/tests/debug/test_boot.sh0000755000175000017500000000216713226727543016011 0ustar jamiejamie#!/bin/sh -e # Copyright 2010 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # WARNING: this script is not for production use. It's intended use is # for debugging. user_and_host="$1" count=0 while /bin/true ; do sleep 10 out=`ssh -t $user_and_host 'sudo ufw status && sudo reboot' 2>&1` || { echo "Ssh command exited non-zero, trying again" continue } if echo "$out" | grep -q 'inactive'; then echo "FAILED after $count attempts: $out" exit 1 fi echo "Success: $count: $out" count=$((count+1)) done ufw-0.36/tests/debug/wrap_command.sh0000755000175000017500000000257413226727543016460 0ustar jamiejamie#!/bin/sh # Copyright 2010 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # WARNING: this script is not for production use. It's intended use is # for debugging. set -e read_stdin="" if [ -n "$1" ] && [ "$1" = "--read-stdin" ]; then read_stdin="yes" shift fi if [ -z "$1" ]; then echo "Usage: $0 " >&2 exit 1 fi echo "Wrapped command: $*" >&2 echo "" >&2 if [ "$read_stdin" = "yes" ]; then input=`cat` echo "Command input:" >&2 echo "$input" >&2 echo "" >&2 fi ret="0" out="" echo "Command output:" >&2 if [ "$read_stdin" = "yes" ]; then out=`echo "$input" | $* 2>&1` || ret="$?" else out=`$* 2>&1` || ret="$?" fi echo "$out" echo "" >&2 if [ "$ret" != "0" ]; then echo "Exited non-zero: $ret" >&2 else echo "Exited with zero (success)" >&2 fi exit $ret ufw-0.36/tests/installation/0000755000175000017500000000000013226727543015055 5ustar jamiejamieufw-0.36/tests/installation/check_root/0000755000175000017500000000000013226727543017175 5ustar jamiejamieufw-0.36/tests/installation/check_root/orig0000777000175000017500000000000013226727543022235 2../../defaultsustar jamiejamieufw-0.36/tests/installation/check_root/runtest.sh0000755000175000017500000000131613226727543021241 0ustar jamiejamie#!/bin/bash # Copyright 2008 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" do_cmd "0" --dry-run status exit 0 ufw-0.36/tests/installation/check_root/result0000644000175000017500000000010113226727543020426 0ustar jamiejamie0: --dry-run status WARN: Checks disabled > Checking iptables ufw-0.36/tests/installation/check_help/0000755000175000017500000000000013257507473017144 5ustar jamiejamieufw-0.36/tests/installation/check_help/orig0000777000175000017500000000000013226727543022202 2../../defaultsustar jamiejamieufw-0.36/tests/installation/check_help/runtest.sh0000755000175000017500000000131013226727543021200 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" do_cmd "0" help exit 0 ufw-0.36/tests/installation/check_help/result0000644000175000017500000000253613257507473020413 0ustar jamiejamie0: help Usage: ufw COMMAND Commands: enable enables the firewall disable disables the firewall default ARG set default policy logging LEVEL set logging to LEVEL allow ARGS add allow rule deny ARGS add deny rule reject ARGS add reject rule limit ARGS add limit rule delete RULE|NUM delete RULE insert NUM RULE insert RULE at NUM route RULE add route RULE route delete RULE|NUM delete route RULE route insert NUM RULE insert route RULE at NUM reload reload firewall reset reset firewall status show firewall status status numbered show firewall status as numbered list of RULES status verbose show verbose firewall status show ARG show firewall report version display version information Application profile commands: app list list application profiles app info PROFILE show information on PROFILE app update PROFILE update PROFILE app default ARG set default application policy ufw-0.36/tests/destructive/0000755000175000017500000000000013226727543014715 5ustar jamiejamieufw-0.36/tests/destructive/bugs/0000755000175000017500000000000013257500736015652 5ustar jamiejamieufw-0.36/tests/destructive/bugs/orig0000777000175000017500000000000013226727543020715 2../../defaultsustar jamiejamieufw-0.36/tests/destructive/bugs/runtest.sh0000755000175000017500000000355513257500736017725 0ustar jamiejamie#!/bin/bash # Copyright 2008-2012 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" # Don't display tracebacks sed -i 's/problem running ufw-init\\n%s" % out)/problem running ufw-init")/' $TESTPATH/lib/python/ufw/backend_iptables.py echo "These tests are destructive and should only be run in a virtual machine" echo -n "Continue (y|N)? " read ans if [ "$ans" = "y" ] || [ "$ans" = "Y" ]; then echo "Continuing with destructive tests..." else echo "Skipping destructive tests" exit 0 fi trap "mv -f /sbin/iptables.bak /sbin/iptables" EXIT HUP INT QUIT TERM echo "Bug #262451 (part 2)" >> $TESTTMP/result do_cmd "0" disable do_cmd "0" status mv /sbin/iptables /sbin/iptables.bak || true do_cmd "1" enable do_cmd "1" status mv /sbin/iptables.bak /sbin/iptables trap - EXIT HUP INT QUIT TERM trap "mount -t proc /proc /proc" EXIT HUP INT QUIT TERM echo "Bug #268084" >> $TESTTMP/result do_cmd "0" disable umount /proc mount | egrep -q '^(|/)proc ' if [ "$?" == "0" ]; then echo " Skipping (/proc still mounted)" >> $TESTTMP/result else do_cmd "0" enable do_cmd "0" status do_cmd "0" app update all mount -t proc /proc /proc do_cmd "0" disable do_cmd "0" enable do_cmd "0" status fi trap - EXIT HUP INT QUIT TERM # teardown cleanup exit 0 ufw-0.36/tests/destructive/bugs/result0000644000175000017500000000145013257500736017113 0ustar jamiejamieBug #262451 (part 2) 0: disable WARN: Checks disabled Firewall stopped and disabled on system startup 1: status WARN: Checks disabled Status: inactive 2: enable WARN: Checks disabled ERROR: Couldn't determine iptables version 3: status WARN: Checks disabled ERROR: Couldn't determine iptables version Bug #268084 4: disable WARN: Checks disabled Firewall stopped and disabled on system startup 5: enable WARN: Checks disabled Firewall is active and enabled on system startup 6: status WARN: Checks disabled Status: active 7: app update all WARN: Checks disabled 8: disable WARN: Checks disabled Firewall stopped and disabled on system startup 9: enable WARN: Checks disabled Firewall is active and enabled on system startup 10: status WARN: Checks disabled Status: active 11: disable ufw-0.36/tests/good/0000755000175000017500000000000013257507473013306 5ustar jamiejamieufw-0.36/tests/good/logging/0000755000175000017500000000000013404772663014733 5ustar jamiejamieufw-0.36/tests/good/logging/orig0000777000175000017500000000000013226727543017772 2../../defaultsustar jamiejamieufw-0.36/tests/good/logging/runtest.sh0000755000175000017500000001061613404772663017002 0ustar jamiejamie#!/bin/bash # Copyright 2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #set -x source "$TESTPATH/../testlib.sh" echo "TESTING LOGLEVELS" >> $TESTTMP/result for i in off low medium high full OFF LOW MEDIUM HIGH FULL; do do_cmd "0" null --dry-run logging $i egrep "^LOGLEVEL=" $TESTPATH/etc/ufw/ufw.conf >> $TESTTMP/result done echo "TESTING LOGLEVELS ('on')" >> $TESTTMP/result for i in off on medium on; do do_cmd "0" null --dry-run logging $i egrep "^LOGLEVEL=" $TESTPATH/etc/ufw/ufw.conf >> $TESTTMP/result done echo "TESTING LOG RULES" >> $TESTTMP/result for i in allow deny limit reject ; do for j in log log-all ; do do_cmd "0" null $i $j 23 do_cmd "0" null $i $j smtp do_cmd "0" null $i $j tftp do_cmd "0" null $i $j daytime do_cmd "0" null $i $j Samba do_cmd "0" null $i $j Apache do_cmd "0" null $i $j from 192.168.0.1 port smtp to 10.0.0.1 port smtp do_cmd "0" null $i $j from 192.168.0.1 app Samba to 10.0.0.1 app Samba echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result # now delete the rules do_cmd "0" null delete $i $j 23 do_cmd "0" null delete $i $j smtp do_cmd "0" null delete $i $j tftp do_cmd "0" null delete $i $j daytime do_cmd "0" null delete $i $j Samba do_cmd "0" null delete $i $j Apache do_cmd "0" null delete $i $j from 192.168.0.1 port smtp to 10.0.0.1 port smtp do_cmd "0" null delete $i $j from 192.168.0.1 app Samba to 10.0.0.1 app Samba echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result done done echo "TESTING LOG RULES (updating)" >> $TESTTMP/result do_cmd "0" null allow log Samba do_cmd "0" null deny log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null limit log Samba do_cmd "0" null reject log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete limit log Samba do_cmd "0" null delete reject log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING LOG RULES (interfaces)" >> $TESTTMP/result do_cmd "0" null allow in on eth0 log do_cmd "0" null allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" null deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" null allow out on eth0 log do_cmd "0" null allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" null deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow in on eth0 log do_cmd "0" null delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" null delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp do_cmd "0" null delete allow out on eth0 log do_cmd "0" null delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp do_cmd "0" null delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp echo "TESTING WRITING LOGLEVELS" >> $TESTTMP/result for i in off low medium high full on; do do_cmd "0" null logging $i do_cmd "0" --dry-run allow 13 done exit 0 ufw-0.36/tests/good/logging/result0000644000175000017500000033035713404772663016207 0ustar jamiejamieTESTING LOGLEVELS 0: --dry-run logging off LOGLEVEL=off 1: --dry-run logging low LOGLEVEL=low 2: --dry-run logging medium LOGLEVEL=medium 3: --dry-run logging high LOGLEVEL=high 4: --dry-run logging full LOGLEVEL=full 5: --dry-run logging OFF LOGLEVEL=off 6: --dry-run logging LOW LOGLEVEL=low 7: --dry-run logging MEDIUM LOGLEVEL=medium 8: --dry-run logging HIGH LOGLEVEL=high 9: --dry-run logging FULL LOGLEVEL=full TESTING LOGLEVELS ('on') 10: --dry-run logging off LOGLEVEL=off 11: --dry-run logging on LOGLEVEL=low 12: --dry-run logging medium LOGLEVEL=medium 13: --dry-run logging on LOGLEVEL=medium TESTING LOG RULES 14: allow log 23 15: allow log smtp 16: allow log tftp 17: allow log daytime 18: allow log Samba 19: allow log Apache 20: allow log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 21: allow log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j ACCEPT ### tuple ### allow_log any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j ACCEPT ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow_log tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### allow_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### allow_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 22: delete allow log 23 23: delete allow log smtp 24: delete allow log tftp 25: delete allow log daytime 26: delete allow log Samba 27: delete allow log Apache 28: delete allow log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 29: delete allow log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 30: allow log-all 23 31: allow log-all smtp 32: allow log-all tftp 33: allow log-all daytime 34: allow log-all Samba 35: allow log-all Apache 36: allow log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 37: allow log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### tuple ### allow_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j ACCEPT ### tuple ### allow_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j ACCEPT ### tuple ### allow_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow_log-all tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT ### tuple ### allow_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### allow_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 38: delete allow log-all 23 39: delete allow log-all smtp 40: delete allow log-all tftp 41: delete allow log-all daytime 42: delete allow log-all Samba 43: delete allow log-all Apache 44: delete allow log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 45: delete allow log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 46: deny log 23 47: deny log smtp 48: deny log tftp 49: deny log daytime 50: deny log Samba 51: deny log Apache 52: deny log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 53: deny log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j DROP ### tuple ### deny_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j DROP ### tuple ### deny_log any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j DROP -A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j DROP ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache' ### tuple ### deny_log tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP ### tuple ### deny_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### deny_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 54: delete deny log 23 55: delete deny log smtp 56: delete deny log tftp 57: delete deny log daytime 58: delete deny log Samba 59: delete deny log Apache 60: delete deny log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 61: delete deny log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 62: deny log-all 23 63: deny log-all smtp 64: deny log-all tftp 65: deny log-all daytime 66: deny log-all Samba 67: deny log-all Apache 68: deny log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 69: deny log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j DROP ### tuple ### deny_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j DROP ### tuple ### deny_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j DROP -A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j DROP ### tuple ### deny_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache' ### tuple ### deny_log-all tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP ### tuple ### deny_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### deny_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 70: delete deny log-all 23 71: delete deny log-all smtp 72: delete deny log-all tftp 73: delete deny log-all daytime 74: delete deny log-all Samba 75: delete deny log-all Apache 76: delete deny log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 77: delete deny log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 78: limit log 23 79: limit log smtp 80: limit log tftp 81: limit log daytime 82: limit log Samba 83: limit log Apache 84: limit log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 85: limit log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept ### tuple ### limit_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept ### tuple ### limit_log any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 13 -j ufw-user-limit-accept ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### tuple ### limit_log tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept ### tuple ### limit_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### limit_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 86: delete limit log 23 87: delete limit log smtp 88: delete limit log tftp 89: delete limit log daytime 90: delete limit log Samba 91: delete limit log Apache 92: delete limit log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 93: delete limit log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 94: limit log-all 23 95: limit log-all smtp 96: limit log-all tftp 97: limit log-all daytime 98: limit log-all Samba 99: limit log-all Apache 100: limit log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 101: limit log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept ### tuple ### limit_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 13 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### tuple ### limit_log-all tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### limit_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 102: delete limit log-all 23 103: delete limit log-all smtp 104: delete limit log-all tftp 105: delete limit log-all daytime 106: delete limit log-all Samba 107: delete limit log-all Apache 108: delete limit log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 109: delete limit log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 110: reject log 23 111: reject log smtp 112: reject log tftp 113: reject log daytime 114: reject log Samba 115: reject log Apache 116: reject log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 117: reject log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset ### tuple ### reject_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j REJECT ### tuple ### reject_log any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j REJECT ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache' ### tuple ### reject_log tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset ### tuple ### reject_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### reject_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 118: delete reject log 23 119: delete reject log smtp 120: delete reject log tftp 121: delete reject log daytime 122: delete reject log Samba 123: delete reject log Apache 124: delete reject log from 192.168.0.1 port smtp to 10.0.0.1 port smtp 125: delete reject log from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 126: reject log-all 23 127: reject log-all smtp 128: reject log-all tftp 129: reject log-all daytime 130: reject log-all Samba 131: reject log-all Apache 132: reject log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 133: reject log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 25 -j RETURN -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset ### tuple ### reject_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 69 -j RETURN -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 69 -j REJECT ### tuple ### reject_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 13 -j RETURN -A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 13 -j RETURN -A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 13 -j REJECT ### tuple ### reject_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 80 -j RETURN -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache' ### tuple ### reject_log-all tcp 25 10.0.0.1 25 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset ### tuple ### reject_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### reject_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 134: delete reject log-all 23 135: delete reject log-all smtp 136: delete reject log-all tftp 137: delete reject log-all daytime 138: delete reject log-all Samba 139: delete reject log-all Apache 140: delete reject log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp 141: delete reject log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT TESTING LOG RULES (updating) 142: allow log Samba 143: deny log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 23 10.0.0.1 any 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 144: limit log Samba 145: reject log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 23 10.0.0.1 any 192.168.0.1 in -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j RETURN -A ufw-user-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -p tcp -d 10.0.0.1 --dport 23 -s 192.168.0.1 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 146: delete limit log Samba 147: delete reject log-all from 192.168.0.1 to 10.0.0.1 port 23 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT TESTING LOG RULES (interfaces) 148: allow in on eth0 log 149: allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp 150: deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp 151: allow out on eth0 log 152: allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp 153: deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -j RETURN -A ufw-user-input -i eth0 -j ufw-user-logging-input -A ufw-user-input -i eth0 -j ACCEPT ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0 -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-logging-input -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -j RETURN -A ufw-user-output -o eth0 -j ufw-user-logging-output -A ufw-user-output -o eth0 -j ACCEPT ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-output -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0 -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j RETURN -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-logging-output -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT 154: delete allow in on eth0 log 155: delete allow in on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp 156: delete deny in on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp 157: delete allow out on eth0 log 158: delete allow out on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp 159: delete deny out on eth0 log-all from 192.168.0.1 to 10.0.0.1 port 25 proto tcp TESTING WRITING LOGLEVELS 160: logging off 161: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -I ufw-user-logging-input -j RETURN -I ufw-user-logging-output -j RETURN -I ufw-user-logging-forward -j RETURN ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 162: logging low 163: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 164: logging medium 165: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 166: logging high 167: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m limit --limit 3/min --limit-burst 10 -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 168: logging full 169: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 170: logging on 171: --dry-run allow 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated ufw-0.36/tests/good/rules/0000755000175000017500000000000013404772663014437 5ustar jamiejamieufw-0.36/tests/good/rules/orig0000777000175000017500000000000013226727543017476 2../../defaultsustar jamiejamieufw-0.36/tests/good/rules/runtest.sh0000755000175000017500000003614613404772663016514 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "Man page" >> $TESTTMP/result do_cmd "0" --dry-run allow 53 do_cmd "0" --dry-run allow 25/tcp do_cmd "0" --dry-run allow smtp do_cmd "0" --dry-run deny proto tcp to any port 80 do_cmd "0" --dry-run deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" --dry-run deny 80/tcp do_cmd "0" --dry-run delete deny 80/tcp do_cmd "0" --dry-run limit daytime/tcp do_cmd "0" --dry-run deny 53 do_cmd "0" --dry-run allow 80/tcp do_cmd "0" --dry-run allow from 10.0.0.0/8 do_cmd "0" --dry-run allow from 172.16.0.0/12 do_cmd "0" --dry-run allow from 192.168.0.0/16 do_cmd "0" --dry-run deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" --dry-run allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 echo "SIMPLE" >> $TESTTMP/result do_cmd "0" --dry-run allow 1 do_cmd "0" --dry-run allow 9/udp do_cmd "0" --dry-run allow 25 do_cmd "0" --dry-run allow 25/tcp do_cmd "0" --dry-run allow 25/udp do_cmd "0" --dry-run delete allow 25 do_cmd "0" --dry-run delete allow 25/tcp do_cmd "0" --dry-run delete allow 25/udp do_cmd "0" --dry-run allow smtp do_cmd "0" --dry-run delete allow smtp do_cmd "0" --dry-run allow smtp/tcp do_cmd "0" --dry-run delete allow smtp/tcp do_cmd "0" --dry-run allow tftp do_cmd "0" --dry-run delete allow tftp do_cmd "0" --dry-run allow tftp/udp do_cmd "0" --dry-run delete allow tftp/udp do_cmd "0" --dry-run allow daytime do_cmd "0" --dry-run delete allow daytime do_cmd "0" --dry-run allow daytime/tcp do_cmd "0" --dry-run delete allow daytime/tcp do_cmd "0" --dry-run allow daytime/udp do_cmd "0" --dry-run delete allow daytime/udp echo "TO/FROM" >> $TESTTMP/result from="192.168.0.1" to="10.0.0.1" for x in allow deny limit do do_cmd "0" --dry-run $x from $from do_cmd "0" --dry-run delete $x from $from do_cmd "0" --dry-run $x to $to do_cmd "0" --dry-run delete $x to $to do_cmd "0" --dry-run $x to $to from $from do_cmd "0" --dry-run delete $x to $to from $from do_cmd "0" --dry-run $x from $from port 80 do_cmd "0" --dry-run delete $x from $from port 80 do_cmd "0" --dry-run $x to $to port 25 do_cmd "0" --dry-run delete $x to $to port 25 do_cmd "0" --dry-run $x to $to from $from port 80 do_cmd "0" --dry-run delete $x to $to from $from port 80 do_cmd "0" --dry-run $x to $to port 25 from $from do_cmd "0" --dry-run delete $x to $to port 25 from $from do_cmd "0" --dry-run $x to $to port 25 from $from port 80 do_cmd "0" --dry-run delete $x to $to port 25 from $from port 80 for y in udp tcp do do_cmd "0" --dry-run $x from $from port 80 proto $y do_cmd "0" --dry-run delete $x from $from port 80 proto $y do_cmd "0" --dry-run $x to $to port 25 proto $y do_cmd "0" --dry-run delete $x to $to port 25 proto $y do_cmd "0" --dry-run $x to $to from $from port 80 proto $y do_cmd "0" --dry-run delete $x to $to from $from port 80 proto $y do_cmd "0" --dry-run $x to $to port 25 proto $y from $from do_cmd "0" --dry-run delete $x to $to port 25 proto $y from $from do_cmd "0" --dry-run $x to $to port 25 proto $y from $from port 80 do_cmd "0" --dry-run delete $x to $to port 25 proto $y from $from port 80 done done echo "Services" >> $TESTTMP/result do_cmd "0" --dry-run allow to any port smtp from any port smtp do_cmd "0" --dry-run delete allow to any port smtp from any port smtp do_cmd "0" --dry-run allow to any port smtp from any port daytime do_cmd "0" --dry-run delete allow to any port smtp from any port daytime do_cmd "0" --dry-run allow to any port daytime from any port smtp do_cmd "0" --dry-run delete allow to any port daytime from any port smtp do_cmd "0" --dry-run allow to any port smtp from any port 23 do_cmd "0" --dry-run delete allow to any port smtp from any port 23 do_cmd "0" --dry-run allow to any port 23 from any port smtp do_cmd "0" --dry-run delete allow to any port 23 from any port smtp do_cmd "0" --dry-run allow to any port tftp from any port tftp do_cmd "0" --dry-run delete allow to any port tftp from any port tftp do_cmd "0" --dry-run allow to any port tftp from any port daytime do_cmd "0" --dry-run delete allow to any port tftp from any port daytime do_cmd "0" --dry-run allow to any port daytime from any port tftp do_cmd "0" --dry-run delete allow to any port daytime from any port tftp do_cmd "0" --dry-run allow to any port tftp from any port 23 do_cmd "0" --dry-run delete allow to any port tftp from any port 23 do_cmd "0" --dry-run allow to any port 23 from any port tftp do_cmd "0" --dry-run delete allow to any port 23 from any port tftp do_cmd "0" --dry-run allow to any port daytime from any port 23 do_cmd "0" --dry-run delete allow to any port daytime from any port 23 do_cmd "0" --dry-run allow to any port 23 from any port daytime do_cmd "0" --dry-run delete allow to any port 23 from any port daytime do_cmd "0" --dry-run allow to any port daytime from any port domain do_cmd "0" --dry-run delete allow to any port daytime from any port domain do_cmd "0" --dry-run allow to any port smtp from any port smtp proto tcp do_cmd "0" --dry-run delete allow to any port smtp from any port smtp proto tcp do_cmd "0" --dry-run allow to any port smtp from any port daytime proto tcp do_cmd "0" --dry-run delete allow to any port smtp from any port daytime proto tcp do_cmd "0" --dry-run allow to any port daytime from any port smtp proto tcp do_cmd "0" --dry-run delete allow to any port daytime from any port smtp proto tcp do_cmd "0" --dry-run allow to any port smtp from any port 23 proto tcp do_cmd "0" --dry-run delete allow to any port smtp from any port 23 proto tcp do_cmd "0" --dry-run allow to any port 23 from any port smtp proto tcp do_cmd "0" --dry-run delete allow to any port 23 from any port smtp proto tcp do_cmd "0" --dry-run allow to any port tftp from any port tftp proto udp do_cmd "0" --dry-run delete allow to any port tftp from any port tftp proto udp do_cmd "0" --dry-run allow to any port tftp from any port daytime proto udp do_cmd "0" --dry-run delete allow to any port tftp from any port daytime proto udp do_cmd "0" --dry-run allow to any port daytime from any port tftp proto udp do_cmd "0" --dry-run delete allow to any port daytime from any port tftp proto udp do_cmd "0" --dry-run allow to any port tftp from any port 23 proto udp do_cmd "0" --dry-run delete allow to any port tftp from any port 23 proto udp do_cmd "0" --dry-run allow to any port 23 from any port tftp proto udp do_cmd "0" --dry-run delete allow to any port 23 from any port tftp proto udp do_cmd "0" --dry-run allow to any port daytime from any port 23 proto tcp do_cmd "0" --dry-run delete allow to any port daytime from any port 23 proto tcp do_cmd "0" --dry-run allow to any port 23 from any port daytime proto tcp do_cmd "0" --dry-run delete allow to any port 23 from any port daytime proto tcp do_cmd "0" --dry-run allow to any port daytime from any port domain proto tcp do_cmd "0" --dry-run delete allow to any port daytime from any port domain proto tcp do_cmd "0" --dry-run allow to any port daytime from any port 23 proto udp do_cmd "0" --dry-run delete allow to any port daytime from any port 23 proto udp do_cmd "0" --dry-run allow to any port 23 from any port daytime proto udp do_cmd "0" --dry-run delete allow to any port 23 from any port daytime proto udp do_cmd "0" --dry-run allow to any port daytime from any port domain proto udp do_cmd "0" --dry-run delete allow to any port daytime from any port domain proto udp echo "Netmasks" >> $TESTTMP/result do_cmd "0" --dry-run allow to 192.168.0.0/0 do_cmd "0" --dry-run allow to 192.168.0.0/16 do_cmd "0" --dry-run allow to 192.168.0.1/32 do_cmd "0" --dry-run allow from 192.168.0.0/0 do_cmd "0" --dry-run allow from 192.168.0.0/16 do_cmd "0" --dry-run allow from 192.168.0.1/32 do_cmd "0" --dry-run allow from 192.168.0.1/32 to 192.168.0.2/32 echo "ISP style" >> $TESTTMP/result do_cmd "0" --dry-run allow from 192.168.0.2/255.255.0.2 echo "Multiports:" >> $TESTTMP/result for i in 192.168.0 any; do for j in from to; do k="to" if [ "$j" = "to" ]; then k="from" fi m="$i.1" n="$i.2" if [ "$i" = "any" ]; then m="$i" n="$i" fi do_cmd "0" --dry-run allow $j $m port 34,35 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 proto tcp do_cmd "0" --dry-run allow $j $m port 221,23,21,15:19,13 proto udp do_cmd "0" --dry-run allow $j $m port 34,35 $k $n port 24 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 $k $n port 24 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 $k $n port 24 proto tcp do_cmd "0" --dry-run allow $j $m port 23,21,15:19,13 $k $n port 24 proto udp do_cmd "0" --dry-run allow $j $m port 34,35 $k $n port 24:26 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 $k $n port 24:26 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 $k $n port 24:26 proto tcp do_cmd "0" --dry-run allow $j $m port 23,21,15:19,13 $k $n port 24:26 proto udp done done # simple syntax for i in allow deny limit; do for j in tcp udp; do do_cmd "0" --dry-run $i 34,35/$j do_cmd "0" --dry-run $i 34,35:39/$j do_cmd "0" --dry-run $i 35:39/$j do_cmd "0" --dry-run $i 23,21,15:19,13/$j do_cmd "0" --dry-run $i 1,9/$j done done echo "Man page (reject)" >> $TESTTMP/result do_cmd "0" --dry-run reject auth echo "Reject" >> $TESTTMP/result from="192.168.0.1" to="10.0.0.1" do_cmd "0" --dry-run reject to any port auth from any port smtp do_cmd "0" --dry-run delete reject to any port auth from any port smtp do_cmd "0" --dry-run reject to $to port domain from $from port auth do_cmd "0" --dry-run delete reject to $to port domain from $from port auth for i in any tcp udp ; do p="/$i" if [ "$i" = "any" ]; then p="" else do_cmd "0" --dry-run reject 23,21,15:19,13$p fi do_cmd "0" --dry-run reject 116$p done echo "Insert" >> $TESTTMP/result do_cmd "0" null allow 13 do_cmd "0" null allow 23 do_cmd "0" null insert 1 allow 9999 do_cmd "0" null insert 1 allow log 9998 do_cmd "0" null insert 2 reject to 192.168.0.1 from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow 13 do_cmd "0" null delete allow 23 do_cmd "0" null delete allow 9999 do_cmd "0" null delete allow log 9998 do_cmd "0" null delete reject to 192.168.0.1 from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "Man page (interface)" >> $TESTTMP/result do_cmd "0" null --dry-run allow in on eth0 to any port 80 proto tcp echo "Interfaces" >> $TESTTMP/result for i in "in" "out" ; do for j in allow deny limit reject ; do do_cmd "0" null $j $i on eth0 do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 do_cmd "0" null $j $i on eth0 from 10.0.0.1 port 80 do_cmd "0" null $j $i on eth0 to 192.168.0.1 from 10.0.0.1 do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" null $j $i on eth0 to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 proto tcp do_cmd "0" null $j $i on eth0 from 10.0.0.1 port 80 proto tcp do_cmd "0" null $j $i on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp do_cmd "0" null $j $i on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp do_cmd "0" null $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete $j $i on eth0 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 do_cmd "0" null delete $j $i on eth0 from 10.0.0.1 port 80 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 from 10.0.0.1 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 from 10.0.0.1 port 80 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 proto tcp do_cmd "0" null delete $j $i on eth0 from 10.0.0.1 port 80 proto tcp do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp cat $TESTCONFIG/user.rules >> $TESTTMP/result done do_cmd "0" null allow $i on eth0 do_cmd "0" null deny $i on eth0 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete deny $i on eth0 cat $TESTCONFIG/user.rules >> $TESTTMP/result done echo "Man page (ipv6)" >> $TESTTMP/result do_cmd "0" --dry-run allow to 10.0.0.1 proto ipv6 do_cmd "0" --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ipv6 echo "Man page (ipsec)" >> $TESTTMP/result do_cmd "0" --dry-run allow to 10.0.0.1 proto esp do_cmd "0" --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto esp do_cmd "0" --dry-run allow to 10.0.0.1 proto ah do_cmd "0" --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ah echo "Interface with '+'" >> $TESTTMP/result do_cmd "0" null --dry-run allow in on eth+ to any port 80 proto tcp echo "Comments" >> $TESTTMP/result || exit 1 do_cmd "0" allow 2222/tcp comment \"SSH\ port\" do_cmd "0" deny out log-all to any port 53 from any proto udp comment \"dns\ port\" # delete exact do_cmd "0" delete deny out log-all to any port 53 from any proto udp comment \"dns\ port\" # delete without comment do_cmd "0" delete allow 2222/tcp cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "Prepend" >> $TESTTMP/result do_cmd "0" null allow 22/tcp do_cmd "0" null allow from 1.2.3.4 do_cmd "0" null prepend deny from 6.7.8.9 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow 22/tcp do_cmd "0" null delete allow from 1.2.3.4 do_cmd "0" null delete deny from 6.7.8.9 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "Prepend (no rules)" >> $TESTTMP/result do_cmd "0" null prepend allow from 1.2.3.4 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow from 1.2.3.4 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "Prepend (multi rules)" >> $TESTTMP/result do_cmd "0" null allow from 1.2.3.4 do_cmd "0" null prepend deny 23 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow from 1.2.3.4 do_cmd "0" null delete deny 23 cat $TESTCONFIG/user.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/good/rules/result0000644000175000017500000202147213404772663015710 0ustar jamiejamieMan page 0: --dry-run allow 53 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 1: --dry-run allow 25/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 2: --dry-run allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 3: --dry-run deny proto tcp to any port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 4: --dry-run deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 5: --dry-run deny 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 6: --dry-run delete deny 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 7: --dry-run limit daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 8: --dry-run deny 53 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 9: --dry-run allow 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 10: --dry-run allow from 10.0.0.0/8 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 11: --dry-run allow from 172.16.0.0/12 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 12: --dry-run allow from 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 13: --dry-run deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 14: --dry-run allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated SIMPLE 15: --dry-run allow 1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 1 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 1 -j ACCEPT -A ufw-user-input -p udp --dport 1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 16: --dry-run allow 9/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 9 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 17: --dry-run allow 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT -A ufw-user-input -p udp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 18: --dry-run allow 25/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 19: --dry-run allow 25/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 20: --dry-run delete allow 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 21: --dry-run delete allow 25/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 22: --dry-run delete allow 25/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 23: --dry-run allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 24: --dry-run delete allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 25: --dry-run allow smtp/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 26: --dry-run delete allow smtp/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 27: --dry-run allow tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 28: --dry-run delete allow tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 29: --dry-run allow tftp/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 30: --dry-run delete allow tftp/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 31: --dry-run allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 32: --dry-run delete allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 33: --dry-run allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 34: --dry-run delete allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 35: --dry-run allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 36: --dry-run delete allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TO/FROM 37: --dry-run allow from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 38: --dry-run delete allow from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 39: --dry-run allow to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 40: --dry-run delete allow to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 41: --dry-run allow to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 42: --dry-run delete allow to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 43: --dry-run allow from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 44: --dry-run delete allow from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 45: --dry-run allow to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 46: --dry-run delete allow to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 47: --dry-run allow to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 48: --dry-run delete allow to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 49: --dry-run allow to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 50: --dry-run delete allow to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 51: --dry-run allow to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 52: --dry-run delete allow to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 53: --dry-run allow from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 54: --dry-run delete allow from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 55: --dry-run allow to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 56: --dry-run delete allow to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 57: --dry-run allow to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 58: --dry-run delete allow to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 59: --dry-run allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 60: --dry-run delete allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 61: --dry-run allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 62: --dry-run delete allow to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 63: --dry-run allow from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 64: --dry-run delete allow from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 65: --dry-run allow to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 66: --dry-run delete allow to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 67: --dry-run allow to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 68: --dry-run delete allow to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 69: --dry-run allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 70: --dry-run delete allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 71: --dry-run allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 72: --dry-run delete allow to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 73: --dry-run deny from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 74: --dry-run delete deny from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 75: --dry-run deny to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 76: --dry-run delete deny to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 77: --dry-run deny to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 78: --dry-run delete deny to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 79: --dry-run deny from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 80: --dry-run delete deny from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 81: --dry-run deny to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 82: --dry-run delete deny to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 83: --dry-run deny to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 84: --dry-run delete deny to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 85: --dry-run deny to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 86: --dry-run delete deny to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 87: --dry-run deny to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 88: --dry-run delete deny to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 89: --dry-run deny from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 90: --dry-run delete deny from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 91: --dry-run deny to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 92: --dry-run delete deny to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 93: --dry-run deny to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 94: --dry-run delete deny to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 95: --dry-run deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 96: --dry-run delete deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 97: --dry-run deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 98: --dry-run delete deny to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 99: --dry-run deny from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 100: --dry-run delete deny from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 101: --dry-run deny to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 102: --dry-run delete deny to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 103: --dry-run deny to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 104: --dry-run delete deny to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 105: --dry-run deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 106: --dry-run delete deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 107: --dry-run deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 108: --dry-run delete deny to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 109: --dry-run limit from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 110: --dry-run delete limit from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 111: --dry-run limit to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 112: --dry-run delete limit to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 113: --dry-run limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 114: --dry-run delete limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 115: --dry-run limit from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 116: --dry-run delete limit from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 117: --dry-run limit to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 118: --dry-run delete limit to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 119: --dry-run limit to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 120: --dry-run delete limit to 10.0.0.1 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 121: --dry-run limit to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 122: --dry-run delete limit to 10.0.0.1 port 25 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 123: --dry-run limit to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 124: --dry-run delete limit to 10.0.0.1 port 25 from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 125: --dry-run limit from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 126: --dry-run delete limit from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 127: --dry-run limit to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 128: --dry-run delete limit to 10.0.0.1 port 25 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 129: --dry-run limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 130: --dry-run delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 131: --dry-run limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 132: --dry-run delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 133: --dry-run limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 134: --dry-run delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 135: --dry-run limit from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 136: --dry-run delete limit from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 137: --dry-run limit to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 138: --dry-run delete limit to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 139: --dry-run limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 140: --dry-run delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 141: --dry-run limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 142: --dry-run delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 143: --dry-run limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 144: --dry-run delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Services 145: --dry-run allow to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 146: --dry-run delete allow to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 147: --dry-run allow to any port smtp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 148: --dry-run delete allow to any port smtp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 149: --dry-run allow to any port daytime from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 150: --dry-run delete allow to any port daytime from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 151: --dry-run allow to any port smtp from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 152: --dry-run delete allow to any port smtp from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 153: --dry-run allow to any port 23 from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 23 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 154: --dry-run delete allow to any port 23 from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 155: --dry-run allow to any port tftp from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 156: --dry-run delete allow to any port tftp from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 157: --dry-run allow to any port tftp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 158: --dry-run delete allow to any port tftp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 159: --dry-run allow to any port daytime from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 160: --dry-run delete allow to any port daytime from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 161: --dry-run allow to any port tftp from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 162: --dry-run delete allow to any port tftp from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 163: --dry-run allow to any port 23 from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 23 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 164: --dry-run delete allow to any port 23 from any port tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 165: --dry-run allow to any port daytime from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT -A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 166: --dry-run delete allow to any port daytime from any port 23 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 167: --dry-run allow to any port 23 from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT -A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 168: --dry-run delete allow to any port 23 from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 169: --dry-run allow to any port daytime from any port domain WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT -A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 170: --dry-run delete allow to any port daytime from any port domain WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 171: --dry-run allow to any port smtp from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 172: --dry-run delete allow to any port smtp from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 173: --dry-run allow to any port smtp from any port daytime proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 174: --dry-run delete allow to any port smtp from any port daytime proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 175: --dry-run allow to any port daytime from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 176: --dry-run delete allow to any port daytime from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 177: --dry-run allow to any port smtp from any port 23 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 178: --dry-run delete allow to any port smtp from any port 23 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 179: --dry-run allow to any port 23 from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 23 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 180: --dry-run delete allow to any port 23 from any port smtp proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 181: --dry-run allow to any port tftp from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 182: --dry-run delete allow to any port tftp from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 183: --dry-run allow to any port tftp from any port daytime proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 184: --dry-run delete allow to any port tftp from any port daytime proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 185: --dry-run allow to any port daytime from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 186: --dry-run delete allow to any port daytime from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 187: --dry-run allow to any port tftp from any port 23 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 188: --dry-run delete allow to any port tftp from any port 23 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 189: --dry-run allow to any port 23 from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 23 0.0.0.0/0 69 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 190: --dry-run delete allow to any port 23 from any port tftp proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 191: --dry-run allow to any port daytime from any port 23 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 192: --dry-run delete allow to any port daytime from any port 23 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 193: --dry-run allow to any port 23 from any port daytime proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 194: --dry-run delete allow to any port 23 from any port daytime proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 195: --dry-run allow to any port daytime from any port domain proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 196: --dry-run delete allow to any port daytime from any port domain proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 197: --dry-run allow to any port daytime from any port 23 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 23 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 198: --dry-run delete allow to any port daytime from any port 23 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 199: --dry-run allow to any port 23 from any port daytime proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 23 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 200: --dry-run delete allow to any port 23 from any port daytime proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 201: --dry-run allow to any port daytime from any port domain proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 202: --dry-run delete allow to any port daytime from any port domain proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Netmasks 203: --dry-run allow to 192.168.0.0/0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT WARN: Rule changed after normalization Rules updated 204: --dry-run allow to 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.0/16 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 205: --dry-run allow to 192.168.0.1/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 206: --dry-run allow from 192.168.0.0/0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT WARN: Rule changed after normalization Rules updated 207: --dry-run allow from 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 208: --dry-run allow from 192.168.0.1/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 209: --dry-run allow from 192.168.0.1/32 to 192.168.0.2/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.2 any 192.168.0.1 in -A ufw-user-input -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated ISP style 210: --dry-run allow from 192.168.0.2/255.255.0.2 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.2/255.255.0.2 in -A ufw-user-input -s 192.168.0.2/255.255.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Multiports: 211: --dry-run allow from 192.168.0.1 port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 34,35 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --sports 34,35 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 212: --dry-run allow from 192.168.0.1 port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 34,35:39 192.168.0.1 in -A ufw-user-input -p udp -m multiport --sports 34,35:39 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 213: --dry-run allow from 192.168.0.1 port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 35:39 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --sports 35:39 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 214: --dry-run allow from 192.168.0.1 port 221,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 13,15:19,21,23,221 192.168.0.1 in -A ufw-user-input -p udp -m multiport --sports 13,15:19,21,23,221 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 215: --dry-run allow from 192.168.0.1 port 34,35 to 192.168.0.2 port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 192.168.0.2 34,35 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 216: --dry-run allow from 192.168.0.1 port 34,35:39 to 192.168.0.2 port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 192.168.0.2 34,35:39 192.168.0.1 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 217: --dry-run allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 192.168.0.2 35:39 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 218: --dry-run allow from 192.168.0.1 port 23,21,15:19,13 to 192.168.0.2 port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 192.168.0.2 13,15:19,21,23 192.168.0.1 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 13,15:19,21,23 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 219: --dry-run allow from 192.168.0.1 port 34,35 to 192.168.0.2 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 192.168.0.2 34,35 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 34,35 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 220: --dry-run allow from 192.168.0.1 port 34,35:39 to 192.168.0.2 port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 192.168.0.2 34,35:39 192.168.0.1 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 34,35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 221: --dry-run allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 192.168.0.2 35:39 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 222: --dry-run allow from 192.168.0.1 port 23,21,15:19,13 to 192.168.0.2 port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 192.168.0.2 13,15:19,21,23 192.168.0.1 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 223: --dry-run allow to 192.168.0.1 port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 224: --dry-run allow to 192.168.0.1 port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 225: --dry-run allow to 192.168.0.1 port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 226: --dry-run allow to 192.168.0.1 port 221,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23,221 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23,221 -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 227: --dry-run allow to 192.168.0.1 port 34,35 from 192.168.0.2 port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 192.168.0.1 24 192.168.0.2 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 228: --dry-run allow to 192.168.0.1 port 34,35:39 from 192.168.0.2 port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 192.168.0.1 24 192.168.0.2 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 229: --dry-run allow to 192.168.0.1 port 35:39 from 192.168.0.2 port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 192.168.0.1 24 192.168.0.2 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 230: --dry-run allow to 192.168.0.1 port 23,21,15:19,13 from 192.168.0.2 port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 192.168.0.1 24 192.168.0.2 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 231: --dry-run allow to 192.168.0.1 port 34,35 from 192.168.0.2 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 192.168.0.1 24:26 192.168.0.2 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 232: --dry-run allow to 192.168.0.1 port 34,35:39 from 192.168.0.2 port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 192.168.0.1 24:26 192.168.0.2 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 233: --dry-run allow to 192.168.0.1 port 35:39 from 192.168.0.2 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 192.168.0.1 24:26 192.168.0.2 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 234: --dry-run allow to 192.168.0.1 port 23,21,15:19,13 from 192.168.0.2 port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 192.168.0.1 24:26 192.168.0.2 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 235: --dry-run allow from any port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 236: --dry-run allow from any port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 237: --dry-run allow from any port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 238: --dry-run allow from any port 221,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 13,15:19,21,23,221 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --sports 13,15:19,21,23,221 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 239: --dry-run allow from any port 34,35 to any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 240: --dry-run allow from any port 34,35:39 to any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 241: --dry-run allow from any port 35:39 to any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 242: --dry-run allow from any port 23,21,15:19,13 to any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 0.0.0.0/0 13,15:19,21,23 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 243: --dry-run allow from any port 34,35 to any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 244: --dry-run allow from any port 34,35:39 to any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 245: --dry-run allow from any port 35:39 to any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 246: --dry-run allow from any port 23,21,15:19,13 to any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 0.0.0.0/0 13,15:19,21,23 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 247: --dry-run allow to any port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 248: --dry-run allow to any port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 249: --dry-run allow to any port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 250: --dry-run allow to any port 221,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23,221 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23,221 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 251: --dry-run allow to any port 34,35 from any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 252: --dry-run allow to any port 34,35:39 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 253: --dry-run allow to any port 35:39 from any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 254: --dry-run allow to any port 23,21,15:19,13 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 255: --dry-run allow to any port 34,35 from any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 256: --dry-run allow to any port 34,35:39 from any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 257: --dry-run allow to any port 35:39 from any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 258: --dry-run allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 259: --dry-run allow 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 260: --dry-run allow 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 261: --dry-run allow 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 262: --dry-run allow 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 263: --dry-run allow 1,9/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 1,9 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 264: --dry-run allow 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 265: --dry-run allow 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 266: --dry-run allow 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 267: --dry-run allow 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 268: --dry-run allow 1,9/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 1,9 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 269: --dry-run deny 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 270: --dry-run deny 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 271: --dry-run deny 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 272: --dry-run deny 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 273: --dry-run deny 1,9/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 1,9 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 274: --dry-run deny 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 275: --dry-run deny 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 276: --dry-run deny 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 277: --dry-run deny 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 278: --dry-run deny 1,9/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 1,9 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 279: --dry-run limit 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 280: --dry-run limit 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 281: --dry-run limit 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 282: --dry-run limit 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 283: --dry-run limit 1,9/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 1,9 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 284: --dry-run limit 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 285: --dry-run limit 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 286: --dry-run limit 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 287: --dry-run limit 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 288: --dry-run limit 1,9/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 1,9 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 1,9 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Man page (reject) 289: --dry-run reject auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Reject 290: --dry-run reject to any port auth from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 113 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 --sport 25 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 291: --dry-run delete reject to any port auth from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 292: --dry-run reject to 10.0.0.1 port domain from 192.168.0.1 port auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 53 10.0.0.1 113 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 53 -s 192.168.0.1 --sport 113 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 293: --dry-run delete reject to 10.0.0.1 port domain from 192.168.0.1 port auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 294: --dry-run reject 116 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject any 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 295: --dry-run reject 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 296: --dry-run reject 116/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 297: --dry-run reject 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 298: --dry-run reject 116/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Insert 299: allow 13 300: allow 23 301: insert 1 allow 9999 302: insert 1 allow log 9998 303: insert 2 reject to 192.168.0.1 from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any 9998 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 9998 -j RETURN -A ufw-user-input -p tcp --dport 9998 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 9998 -j ACCEPT -A ufw-user-logging-input -p udp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 9998 -j RETURN -A ufw-user-input -p udp --dport 9998 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 9998 -j ACCEPT ### tuple ### reject any any 192.168.0.1 any 10.0.0.1 in -A ufw-user-input -d 192.168.0.1 -s 10.0.0.1 -j REJECT ### tuple ### allow any 9999 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 9999 -j ACCEPT -A ufw-user-input -p udp --dport 9999 -j ACCEPT ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### tuple ### allow any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-input -p udp --dport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 304: delete allow 13 305: delete allow 23 306: delete allow 9999 307: delete allow log 9998 308: delete reject to 192.168.0.1 from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Man page (interface) 309: --dry-run allow in on eth0 to any port 80 proto tcp Interfaces 310: allow in on eth0 311: allow in on eth0 to 192.168.0.1 port 13 312: allow in on eth0 from 10.0.0.1 port 80 313: allow in on eth0 to 192.168.0.1 from 10.0.0.1 314: allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 315: allow in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 316: allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 317: allow in on eth0 to 192.168.0.1 port 13 proto tcp 318: allow in on eth0 from 10.0.0.1 port 80 proto tcp 319: allow in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 320: allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 321: allow in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 322: allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j ACCEPT -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT ### tuple ### allow any any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow tcp 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j ACCEPT ### tuple ### allow tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow tcp any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### allow udp 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT ### tuple ### allow udp any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow udp 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 323: delete allow in on eth0 324: delete allow in on eth0 to 192.168.0.1 port 13 325: delete allow in on eth0 from 10.0.0.1 port 80 326: delete allow in on eth0 to 192.168.0.1 from 10.0.0.1 327: delete allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 328: delete allow in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 329: delete allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 330: delete allow in on eth0 to 192.168.0.1 port 13 proto tcp 331: delete allow in on eth0 from 10.0.0.1 port 80 proto tcp 332: delete allow in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 333: delete allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 334: delete allow in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 335: delete allow in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 336: deny in on eth0 337: deny in on eth0 to 192.168.0.1 port 13 338: deny in on eth0 from 10.0.0.1 port 80 339: deny in on eth0 to 192.168.0.1 from 10.0.0.1 340: deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 341: deny in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 342: deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 343: deny in on eth0 to 192.168.0.1 port 13 proto tcp 344: deny in on eth0 from 10.0.0.1 port 80 proto tcp 345: deny in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 346: deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 347: deny in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 348: deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -j DROP ### tuple ### deny any 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j DROP -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -j DROP ### tuple ### deny any any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny any any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j DROP ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP ### tuple ### deny any any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny any 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny tcp 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j DROP ### tuple ### deny tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny tcp any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j DROP ### tuple ### deny udp 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP ### tuple ### deny udp any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny udp 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 349: delete deny in on eth0 350: delete deny in on eth0 to 192.168.0.1 port 13 351: delete deny in on eth0 from 10.0.0.1 port 80 352: delete deny in on eth0 to 192.168.0.1 from 10.0.0.1 353: delete deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 354: delete deny in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 355: delete deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 356: delete deny in on eth0 to 192.168.0.1 port 13 proto tcp 357: delete deny in on eth0 from 10.0.0.1 port 80 proto tcp 358: delete deny in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 359: delete deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 360: delete deny in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 361: delete deny in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 362: limit in on eth0 363: limit in on eth0 to 192.168.0.1 port 13 364: limit in on eth0 from 10.0.0.1 port 80 365: limit in on eth0 to 192.168.0.1 from 10.0.0.1 366: limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 367: limit in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 368: limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 369: limit in on eth0 to 192.168.0.1 port 13 proto tcp 370: limit in on eth0 from 10.0.0.1 port 80 proto tcp 371: limit in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 372: limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 373: limit in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 374: limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit tcp 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit udp 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit udp 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 375: delete limit in on eth0 376: delete limit in on eth0 to 192.168.0.1 port 13 377: delete limit in on eth0 from 10.0.0.1 port 80 378: delete limit in on eth0 to 192.168.0.1 from 10.0.0.1 379: delete limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 380: delete limit in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 381: delete limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 382: delete limit in on eth0 to 192.168.0.1 port 13 proto tcp 383: delete limit in on eth0 from 10.0.0.1 port 80 proto tcp 384: delete limit in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 385: delete limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 386: delete limit in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 387: delete limit in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 388: reject in on eth0 389: reject in on eth0 to 192.168.0.1 port 13 390: reject in on eth0 from 10.0.0.1 port 80 391: reject in on eth0 to 192.168.0.1 from 10.0.0.1 392: reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 393: reject in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 394: reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 395: reject in on eth0 to 192.168.0.1 port 13 proto tcp 396: reject in on eth0 from 10.0.0.1 port 80 proto tcp 397: reject in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 398: reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 399: reject in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 400: reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -j REJECT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -j REJECT ### tuple ### reject any any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject any any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j REJECT ### tuple ### reject any 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject any 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject tcp 13 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset ### tuple ### reject tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset ### tuple ### reject tcp any 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j REJECT --reject-with tcp-reset ### tuple ### reject udp 13 192.168.0.1 any 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT ### tuple ### reject udp any 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject udp 13 192.168.0.1 80 10.0.0.1 in_eth0 -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 401: delete reject in on eth0 402: delete reject in on eth0 to 192.168.0.1 port 13 403: delete reject in on eth0 from 10.0.0.1 port 80 404: delete reject in on eth0 to 192.168.0.1 from 10.0.0.1 405: delete reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 406: delete reject in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 407: delete reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 408: delete reject in on eth0 to 192.168.0.1 port 13 proto tcp 409: delete reject in on eth0 from 10.0.0.1 port 80 proto tcp 410: delete reject in on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 411: delete reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 412: delete reject in on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 413: delete reject in on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 414: allow in on eth0 415: deny in on eth0 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 416: delete deny in on eth0 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 417: allow out on eth0 418: allow out on eth0 to 192.168.0.1 port 13 419: allow out on eth0 from 10.0.0.1 port 80 420: allow out on eth0 to 192.168.0.1 from 10.0.0.1 421: allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 422: allow out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 423: allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 424: allow out on eth0 to 192.168.0.1 port 13 proto tcp 425: allow out on eth0 from 10.0.0.1 port 80 proto tcp 426: allow out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 427: allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 428: allow out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 429: allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j ACCEPT -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT ### tuple ### allow any any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow any 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow tcp 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j ACCEPT ### tuple ### allow tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow tcp any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT ### tuple ### allow udp 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ACCEPT ### tuple ### allow udp any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ACCEPT ### tuple ### allow udp 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 430: delete allow out on eth0 431: delete allow out on eth0 to 192.168.0.1 port 13 432: delete allow out on eth0 from 10.0.0.1 port 80 433: delete allow out on eth0 to 192.168.0.1 from 10.0.0.1 434: delete allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 435: delete allow out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 436: delete allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 437: delete allow out on eth0 to 192.168.0.1 port 13 proto tcp 438: delete allow out on eth0 from 10.0.0.1 port 80 proto tcp 439: delete allow out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 440: delete allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 441: delete allow out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 442: delete allow out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 443: deny out on eth0 444: deny out on eth0 to 192.168.0.1 port 13 445: deny out on eth0 from 10.0.0.1 port 80 446: deny out on eth0 to 192.168.0.1 from 10.0.0.1 447: deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 448: deny out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 449: deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 450: deny out on eth0 to 192.168.0.1 port 13 proto tcp 451: deny out on eth0 from 10.0.0.1 port 80 proto tcp 452: deny out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 453: deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 454: deny out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 455: deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -j DROP ### tuple ### deny any 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j DROP -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -j DROP ### tuple ### deny any any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny any any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j DROP ### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP ### tuple ### deny any any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny any 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny tcp 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j DROP ### tuple ### deny tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny tcp any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j DROP ### tuple ### deny udp 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP ### tuple ### deny udp any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j DROP ### tuple ### deny udp 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 456: delete deny out on eth0 457: delete deny out on eth0 to 192.168.0.1 port 13 458: delete deny out on eth0 from 10.0.0.1 port 80 459: delete deny out on eth0 to 192.168.0.1 from 10.0.0.1 460: delete deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 461: delete deny out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 462: delete deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 463: delete deny out on eth0 to 192.168.0.1 port 13 proto tcp 464: delete deny out on eth0 from 10.0.0.1 port 80 proto tcp 465: delete deny out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 466: delete deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 467: delete deny out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 468: delete deny out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 469: limit out on eth0 470: limit out on eth0 to 192.168.0.1 port 13 471: limit out on eth0 from 10.0.0.1 port 80 472: limit out on eth0 to 192.168.0.1 from 10.0.0.1 473: limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 474: limit out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 475: limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 476: limit out on eth0 to 192.168.0.1 port 13 proto tcp 477: limit out on eth0 from 10.0.0.1 port 80 proto tcp 478: limit out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 479: limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 480: limit out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 481: limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit tcp 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j ufw-user-limit-accept ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit udp 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j ufw-user-limit-accept ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### tuple ### limit udp 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 482: delete limit out on eth0 483: delete limit out on eth0 to 192.168.0.1 port 13 484: delete limit out on eth0 from 10.0.0.1 port 80 485: delete limit out on eth0 to 192.168.0.1 from 10.0.0.1 486: delete limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 487: delete limit out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 488: delete limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 489: delete limit out on eth0 to 192.168.0.1 port 13 proto tcp 490: delete limit out on eth0 from 10.0.0.1 port 80 proto tcp 491: delete limit out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 492: delete limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 493: delete limit out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 494: delete limit out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 495: reject out on eth0 496: reject out on eth0 to 192.168.0.1 port 13 497: reject out on eth0 from 10.0.0.1 port 80 498: reject out on eth0 to 192.168.0.1 from 10.0.0.1 499: reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 500: reject out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 501: reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 502: reject out on eth0 to 192.168.0.1 port 13 proto tcp 503: reject out on eth0 from 10.0.0.1 port 80 proto tcp 504: reject out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 505: reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 506: reject out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 507: reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -j REJECT ### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -j REJECT ### tuple ### reject any any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject any any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j REJECT ### tuple ### reject any 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject any 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject tcp 13 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset ### tuple ### reject tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset ### tuple ### reject tcp any 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j REJECT --reject-with tcp-reset ### tuple ### reject udp 13 192.168.0.1 any 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j REJECT ### tuple ### reject udp any 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT ### tuple ### reject udp 13 192.168.0.1 80 10.0.0.1 out_eth0 -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 508: delete reject out on eth0 509: delete reject out on eth0 to 192.168.0.1 port 13 510: delete reject out on eth0 from 10.0.0.1 port 80 511: delete reject out on eth0 to 192.168.0.1 from 10.0.0.1 512: delete reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 513: delete reject out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 514: delete reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 515: delete reject out on eth0 to 192.168.0.1 port 13 proto tcp 516: delete reject out on eth0 from 10.0.0.1 port 80 proto tcp 517: delete reject out on eth0 to 192.168.0.1 from 10.0.0.1 proto tcp 518: delete reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 proto udp 519: delete reject out on eth0 to 192.168.0.1 from 10.0.0.1 port 80 proto udp 520: delete reject out on eth0 to 192.168.0.1 port 13 from 10.0.0.1 port 80 proto udp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 521: allow out on eth0 522: deny out on eth0 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 523: delete deny out on eth0 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Man page (ipv6) 524: --dry-run allow to 10.0.0.1 proto ipv6 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ipv6 any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p ipv6 -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 525: --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ipv6 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ipv6 any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p ipv6 -d 10.0.0.1 -s 10.4.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Man page (ipsec) 526: --dry-run allow to 10.0.0.1 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow esp any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p esp -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 527: --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow esp any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p esp -d 10.0.0.1 -s 10.4.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 528: --dry-run allow to 10.0.0.1 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ah any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p ah -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 529: --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ah any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p ah -d 10.0.0.1 -s 10.4.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Interface with '+' 530: --dry-run allow in on eth+ to any port 80 proto tcp Comments 531: allow 2222/tcp comment "SSH port" WARN: Checks disabled Rules updated 532: deny out log-all to any port 53 from any proto udp comment "dns port" WARN: Checks disabled Rules updated 533: delete deny out log-all to any port 53 from any proto udp comment "dns port" WARN: Checks disabled Rules updated 534: delete allow 2222/tcp WARN: Checks disabled Rules updated *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Prepend 535: allow 22/tcp 536: allow from 1.2.3.4 537: prepend deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 6.7.8.9 in -A ufw-user-input -s 6.7.8.9 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 538: delete allow 22/tcp 539: delete allow from 1.2.3.4 540: delete deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Prepend (no rules) 541: prepend allow from 1.2.3.4 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 542: delete allow from 1.2.3.4 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Prepend (multi rules) 543: allow from 1.2.3.4 544: prepend deny 23 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 545: delete allow from 1.2.3.4 546: delete deny 23 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT ufw-0.36/tests/good/args/0000755000175000017500000000000013257512304014227 5ustar jamiejamieufw-0.36/tests/good/args/orig0000777000175000017500000000000013226727543017300 2../../defaultsustar jamiejamieufw-0.36/tests/good/args/runtest.sh0000755000175000017500000000643613257512304016303 0ustar jamiejamie#!/bin/bash # Copyright 2008-2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "0" --dry-run logging on do_cmd "0" --dry-run logging off do_cmd "0" --dry-run LOGGING ON do_cmd "0" --dry-run LOGGING OFF echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result || exit 1 do_cmd "0" --dry-run enable do_cmd "0" --dry-run disable do_cmd "0" --dry-run ENABLE do_cmd "0" --dry-run DISABLE echo "TESTING ARGS (status)" >> $TESTTMP/result || exit 1 do_cmd "0" --dry-run status do_cmd "0" --dry-run status verbose do_cmd "0" --dry-run status numbered echo "Testing parser" >> $TESTTMP/result || exit 1 echo "Basic" >> $TESTTMP/result || exit 1 cmds="enable disable help --help version --version reload" for i in $cmds; do do_cmd "0" null --dry-run $i done echo "Application" >> $TESTTMP/result || exit 1 cmds="list info default update" do_cmd "0" null --dry-run app list do_cmd "0" null --dry-run app info Apache do_cmd "0" null --dry-run app update Apache do_cmd "0" null --dry-run app update --add-new Apache do_cmd "0" null --dry-run app default skip echo "Logging" >> $TESTTMP/result || exit 1 cmds="on off low medium high full" for i in $cmds; do do_cmd "0" null --dry-run logging $i done echo "Default" >> $TESTTMP/result || exit 1 cmds="allow deny reject" for i in $cmds; do do_cmd "0" null --dry-run default $i do_cmd "0" null --dry-run default $i incoming do_cmd "0" null --dry-run default $i outgoing do_cmd "0" null --dry-run default $i routed done echo "Status" >> $TESTTMP/result || exit 1 for i in "" verbose numbered; do do_cmd "0" null --dry-run status $i done echo "Show" >> $TESTTMP/result || exit 1 cmds="raw builtins before-rules user-rules after-rules logging-rules" for i in $cmds; do do_cmd "0" null --dry-run show $i done echo "Rules" >> $TESTTMP/result || exit 1 do_cmd "0" null allow 80 do_cmd "0" null --dry-run insert 1 allow 53 do_cmd "0" null delete allow 80 do_cmd "0" null --dry-run allow in 53 do_cmd "0" null --dry-run allow log 53 do_cmd "0" null --dry-run allow in log 53 do_cmd "0" null deny to any port 80 from any proto tcp do_cmd "0" null --dry-run insert 1 deny to any port 53 from any proto udp do_cmd "0" null delete deny to any port 80 from any proto tcp do_cmd "0" null --dry-run deny out to any port 53 from any proto udp do_cmd "0" null --dry-run deny log-all to any port 53 from any proto udp do_cmd "0" null --dry-run deny out log-all to any port 53 from any proto udp echo "TESTING ARGS (--force enable)" >> $TESTTMP/result || exit 1 do_cmd "0" --dry-run --force enable do_cmd "0" --dry-run -f enable do_cmd "0" --dry-run --force ENABLE do_cmd "0" --dry-run -f ENABLE do_cmd "0" null --dry-run disable exit 0 ufw-0.36/tests/good/args/result0000644000175000017500000000636313257512304015500 0ustar jamiejamieTESTING ARGS (logging) 0: --dry-run logging on WARN: Checks disabled Logging enabled 1: --dry-run logging off WARN: Checks disabled Logging disabled 2: --dry-run LOGGING ON WARN: Checks disabled Logging enabled 3: --dry-run LOGGING OFF WARN: Checks disabled Logging disabled TESTING ARGS (enable/disable) 4: --dry-run enable WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 5: --dry-run disable WARN: Checks disabled > running ufw-init Firewall stopped and disabled on system startup 6: --dry-run ENABLE WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 7: --dry-run DISABLE WARN: Checks disabled > running ufw-init Firewall stopped and disabled on system startup TESTING ARGS (status) 8: --dry-run status WARN: Checks disabled > Checking iptables 9: --dry-run status verbose WARN: Checks disabled > Checking iptables 10: --dry-run status numbered WARN: Checks disabled > Checking iptables Testing parser Basic 11: --dry-run enable 12: --dry-run disable 13: --dry-run help 14: --dry-run --help 15: --dry-run version 16: --dry-run --version 17: --dry-run reload Application 18: --dry-run app list 19: --dry-run app info Apache 20: --dry-run app update Apache 21: --dry-run app update --add-new Apache 22: --dry-run app default skip Logging 23: --dry-run logging on 24: --dry-run logging off 25: --dry-run logging low 26: --dry-run logging medium 27: --dry-run logging high 28: --dry-run logging full Default 29: --dry-run default allow 30: --dry-run default allow incoming 31: --dry-run default allow outgoing 32: --dry-run default allow routed 33: --dry-run default deny 34: --dry-run default deny incoming 35: --dry-run default deny outgoing 36: --dry-run default deny routed 37: --dry-run default reject 38: --dry-run default reject incoming 39: --dry-run default reject outgoing 40: --dry-run default reject routed Status 41: --dry-run status 42: --dry-run status verbose 43: --dry-run status numbered Show 44: --dry-run show raw 45: --dry-run show builtins 46: --dry-run show before-rules 47: --dry-run show user-rules 48: --dry-run show after-rules 49: --dry-run show logging-rules Rules 50: allow 80 51: --dry-run insert 1 allow 53 52: delete allow 80 53: --dry-run allow in 53 54: --dry-run allow log 53 55: --dry-run allow in log 53 56: deny to any port 80 from any proto tcp 57: --dry-run insert 1 deny to any port 53 from any proto udp 58: delete deny to any port 80 from any proto tcp 59: --dry-run deny out to any port 53 from any proto udp 60: --dry-run deny log-all to any port 53 from any proto udp 61: --dry-run deny out log-all to any port 53 from any proto udp TESTING ARGS (--force enable) 62: --dry-run --force enable WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 63: --dry-run -f enable WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 64: --dry-run --force ENABLE WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 65: --dry-run -f ENABLE WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 66: --dry-run disable ufw-0.36/tests/good/reports/0000755000175000017500000000000013404772663015003 5ustar jamiejamieufw-0.36/tests/good/reports/orig0000777000175000017500000000000013226727543020042 2../../defaultsustar jamiejamieufw-0.36/tests/good/reports/proc_net_dev0000644000175000017500000000126413226727543017377 0ustar jamiejamieInter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 756 10 0 0 0 0 0 0 756 10 0 0 0 0 0 0 eth0:13707623 24749 0 0 0 0 0 136 2646523 24490 0 0 0 0 0 0 irda0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth1: 507617 2689 1 1 0 0 0 0 4557 26 0 5 0 0 0 0 ufw-0.36/tests/good/reports/netstat.enlp0000644000175000017500000000276213404772663017354 0ustar jamiejamietcp 0.0.0.0:13 LISTEN 0 4301 1029/daytime tcp 127.0.0.1:631 LISTEN 0 5242 1334/cupsd tcp6 :::13 LISTEN 0 4303 1029/daytime tcp6 ::1:631 LISTEN 0 5241 1334/cupsd udp 0.0.0.0:68 NA 0 9482 1925/dhclient3 udp 0.0.0.0:68 NA 0 4938 1149/dhclient3 udp 0.0.0.0:33257 NA 105 4774 1052/avahi-daemon udp 0.0.0.0:5353 NA 105 4773 1052/avahi-daemon udp 10.0.2.101:123 NA 0 9795 2043/ntpd udp 10.0.2.9:123 NA 0 9794 2043/ntpd udp 127.0.0.1:123 NA 0 9793 2043/ntpd udp 0.0.0.0:123 NA 0 9785 2043/ntpd udp6 2001::212:cccc:dddd:e243:123 NA 0 9792 2043/ntpd udp6 2001::211:aaaa:bbbb:d54c:123 NA 0 9791 2043/ntpd udp6 ::1:123 NA 0 9790 2043/ntpd udp6 :::123 NA 0 9786 2043/ntpd ufw-0.36/tests/good/reports/proc_net_if_inet60000644000175000017500000000041613226727543020322 0ustar jamiejamie20010000000000000212ccccdddde243 02 70 00 80 eth1 fe80000000000000505400fffe35925b 03 40 20 80 eth0 20010000000000000211aaaabbbbd54c 03 70 00 80 eth0 fe80000000000000505400fffeb7a4ae 02 40 20 80 eth1 00000000000000000000000000000001 01 80 10 80 lo ufw-0.36/tests/good/reports/runtest.sh0000755000175000017500000003044413404772663017053 0ustar jamiejamie#!/bin/bash # Copyright 2010 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" ipt_version=`iptables -V | awk '{print $2}' | sed 's/^v//'` ipt_major=`echo $ipt_version | cut -d '.' -f 1` ipt_minor=`echo $ipt_version | cut -d '.' -f 2` if [ "$ipt_major" = "1" ] && [ "$ipt_minor" -lt "4" ]; then echo "Skipping: iptables $ipt_version is less than 1.4" exit 0 fi # The show listening test is a regression test that has: # eth0 = 10.0.2.9 2001::0211:aaaa:bbbb:d54c/112 # eth1 = 10.0.2.101 2001::0212:cccc:dddd:e243/112 # # With the following open ports (port 68 is listed twice due to eth0 and eth1): #tcp 0 0 0.0.0.0:13 #tcp 0 0 127.0.0.1:631 #tcp6 0 0 :::13 #tcp6 0 0 ::1:631 #udp 0 0 0.0.0.0:68 #udp 0 0 0.0.0.0:68 #udp 0 0 0.0.0.0:33257 #udp 0 0 0.0.0.0:5353 #udp 0 0 10.0.2.101:123 #udp 0 0 10.0.2.9:123 #udp 0 0 127.0.0.1:123 #udp 0 0 0.0.0.0:123 #udp6 0 0 2001::212:cccc:dddd:e243:123 #udp6 0 0 2001::211:aaaa:bbbb:d54c:123 #udp6 0 0 ::1:123 #udp6 0 0 :::123 # # So this test will modify util.py to: # - look at ./netstat.enlp instead of calling 'netstat -enlp' directly # - to use a fake /proc/net/if_inet6 and /proc/net/dev # - to hard code the addressed for eth0 and eth1 # # The rules that are created should create the following 'status numbered' # output: # To Action From # -- ------ ---- # [ 1] 123 ALLOW IN Anywhere # [ 2] OpenNTPD ALLOW IN Anywhere # [ 3] 123/tcp ALLOW IN Anywhere # [ 4] Anywhere ALLOW IN Anywhere # [ 5] Anywhere/udp ALLOW IN Anywhere/udp # [ 6] Anywhere/tcp ALLOW IN Anywhere/tcp # [ 7] 10.0.2.101 ALLOW IN Anywhere # [ 8] 10.0.2.9 ALLOW IN Anywhere # [ 9] 10.0.0.0/16 ALLOW IN Anywhere # [10] 10.0.2.0/24 ALLOW IN Anywhere # [11] 10.0.3.0/24 ALLOW IN Anywhere # [12] 10.0.2.101 123 ALLOW IN Anywhere # [13] 10.0.0.0/16 123 ALLOW IN Anywhere # [14] 10.0.2.0/24 123 ALLOW IN Anywhere # [15] 10.0.3.0/24 123 ALLOW IN Anywhere # [16] 10.0.2.101 123/udp ALLOW IN Anywhere # [17] 10.0.0.0/16 OpenNTPD ALLOW IN Anywhere # [18] 10.0.2.0/24 123/udp ALLOW IN Anywhere # [19] 10.0.3.0/24 123/udp ALLOW IN Anywhere # [20] 10.0.2.101 123/tcp ALLOW IN Anywhere # [21] 10.0.0.0/16 123/tcp ALLOW IN Anywhere # [22] 10.0.2.0/24 123/tcp ALLOW IN Anywhere # [23] 10.0.3.0/24 123/tcp ALLOW IN Anywhere # [24] 123 ALLOW OUT Anywhere (out) # [25] 123/udp ALLOW OUT Anywhere (out) # [26] 123/tcp ALLOW OUT Anywhere (out) # [27] Anywhere on eth0 ALLOW IN Anywhere # [28] Anywhere/udp on eth0 ALLOW IN Anywhere/udp # [29] Anywhere/tcp on eth0 ALLOW IN Anywhere/tcp # [30] 10.0.2.101 on eth0 ALLOW IN Anywhere # [31] 10.0.2.9 on eth0 ALLOW IN Anywhere # [32] 10.0.0.0/16 on eth0 ALLOW IN Anywhere # [33] 10.0.2.0/24 on eth0 ALLOW IN Anywhere # [34] 10.0.3.0/24 on eth0 ALLOW IN Anywhere # [35] 10.0.2.101 123 on eth0 ALLOW IN Anywhere # [36] 10.0.0.0/16 123 on eth0 ALLOW IN Anywhere # [37] 10.0.2.0/24 123 on eth0 ALLOW IN Anywhere # [38] 10.0.3.0/24 123 on eth0 ALLOW IN Anywhere # [39] 10.0.2.101 123/udp on eth0 ALLOW IN Anywhere # [40] 10.0.0.0/16 OpenNTPD on eth0 ALLOW IN Anywhere # [41] 10.0.2.0/24 123/udp on eth0 ALLOW IN Anywhere # [42] 10.0.3.0/24 123/udp on eth0 ALLOW IN Anywhere # [43] 10.0.2.101 123/tcp on eth0 ALLOW IN Anywhere # [44] 10.0.0.0/16 123/tcp on eth0 ALLOW IN Anywhere # [45] 10.0.2.0/24 123/tcp on eth0 ALLOW IN Anywhere # [46] 10.0.3.0/24 123/tcp on eth0 ALLOW IN Anywhere # [47] 123 ALLOW IN Anywhere (v6) # [48] OpenNTPD (v6) ALLOW IN Anywhere (v6) # [49] 123/tcp ALLOW IN Anywhere (v6) # [50] Anywhere (v6) ALLOW IN Anywhere (v6) # [51] Anywhere/udp (v6) ALLOW IN Anywhere/udp (v6) # [52] Anywhere/tcp (v6) ALLOW IN Anywhere/tcp (v6) # [53] 2001::211:aaaa:bbbb:d54c ALLOW IN Anywhere (v6) # [54] 2001::211:aaaa:bbbb:d54c/112 ALLOW IN Anywhere (v6) # [55] 2001::211:aaaa:bbbb:d54c 123 ALLOW IN Anywhere (v6) # [56] 2001::211:aaaa:bbbb:d54c/112 123 ALLOW IN Anywhere (v6) # [57] 2001::211:aaaa:bbbb:d54c 123/udp ALLOW IN Anywhere (v6) # [58] 2001::211:aaaa:bbbb:d54c/112 123/udp ALLOW IN Anywhere (v6) # [59] 2001::211:aaaa:bbbb:d54c 123/tcp ALLOW IN Anywhere (v6) # [60] 2001::211:aaaa:bbbb:d54c/112 123/tcp ALLOW IN Anywhere (v6) # [61] 123 ALLOW OUT Anywhere (v6) (out) # [62] 123/udp ALLOW OUT Anywhere (v6) (out) # [63] 123/tcp ALLOW OUT Anywhere (v6) (out) # [64] Anywhere (v6) on eth0 ALLOW IN Anywhere (v6) # [65] Anywhere/udp (v6) on eth0 ALLOW IN Anywhere/udp (v6) # [66] Anywhere/tcp (v6) on eth0 ALLOW IN Anywhere/tcp (v6) # [67] 2001::211:aaaa:bbbb:d54c on eth0 ALLOW IN Anywhere (v6) # [68] 2001::211:aaaa:bbbb:d54c/112 on eth0 ALLOW IN Anywhere (v6) # [69] 2001::211:aaaa:bbbb:d54c 123 on eth0 ALLOW IN Anywhere (v6) # [70] 2001::211:aaaa:bbbb:d54c/112 123 on eth0 ALLOW IN Anywhere (v6) # [71] 2001::211:aaaa:bbbb:d54c 123/udp on eth0 ALLOW IN Anywhere (v6) # [72] 2001::211:aaaa:bbbb:d54c/112 123/udp on eth0 ALLOW IN Anywhere (v6) # [73] 2001::211:aaaa:bbbb:d54c 123/tcp on eth0 ALLOW IN Anywhere (v6) # [74] 2001::211:aaaa:bbbb:d54c/112 123/tcp on eth0 ALLOW IN Anywhere (v6) echo "show listening" >> $TESTTMP/result echo "(update util.py to use our cached output)" >> $TESTTMP/result cp -f $TESTPATH/lib/python/ufw/util.py $TESTPATH/lib/python/ufw/util.py.bak sed -i "s#netstat_output = get_netstat_output.*#rc, netstat_output = cmd(['cat', '$TESTPATH/../good/reports/netstat.enlp'])#" $TESTPATH/lib/python/ufw/util.py sed -i "s#proc = '/proc/net/if_inet6'#proc = '$TESTPATH/../good/reports/proc_net_if_inet6'#" $TESTPATH/lib/python/ufw/util.py sed -i "s#proc = '/proc/net/dev'#proc = '$TESTPATH/../good/reports/proc_net_dev'#" $TESTPATH/lib/python/ufw/util.py sed -i "s#\(.*\)\(addr = .* 0x8915,.*\)#\\1if ifname == 'eth0':\n\\1\\1addr = '10.0.2.9'\n\\1elif ifname == 'eth1':\n\\1\\1addr = '10.0.2.101'\n\\1else:\n\\1\\1raise IOError\n\\1return normalize_address(addr, v6)[0]\n\\1\\2#" $TESTPATH/lib/python/ufw/util.py sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw echo "show listening with no rules" >> $TESTTMP/result do_cmd "0" show listening echo "Add rules for test" >> $TESTTMP/result for i in "" "in on eth0" ; do if [ -z "$i" ]; then do_cmd "0" null allow in 123 do_cmd "0" null allow in OpenNTPD do_cmd "0" null allow in 123/tcp else do_cmd "0" null allow out 123 do_cmd "0" null allow out 123/udp do_cmd "0" null allow out 123/tcp fi do_cmd "0" null allow $i to any do_cmd "0" null allow $i to any proto udp do_cmd "0" null allow $i to any proto tcp do_cmd "0" null allow $i to 10.0.2.101 do_cmd "0" null allow $i to 10.0.2.9 do_cmd "0" null allow $i to 10.0.0.0/16 do_cmd "0" null allow $i to 10.0.2.0/24 do_cmd "0" null allow $i to 10.0.3.0/24 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 do_cmd "0" null allow $i to 10.0.2.101 port 123 do_cmd "0" null allow $i to 10.0.0.0/16 port 123 do_cmd "0" null allow $i to 10.0.2.0/24 port 123 do_cmd "0" null allow $i to 10.0.3.0/24 port 123 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 do_cmd "0" null allow $i to 10.0.2.101 port 123 proto udp do_cmd "0" null allow $i to 10.0.0.0/16 app OpenNTPD do_cmd "0" null allow $i to 10.0.2.0/24 port 123 proto udp do_cmd "0" null allow $i to 10.0.3.0/24 port 123 proto udp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto udp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp do_cmd "0" null allow $i to 10.0.2.101 port 123 proto tcp do_cmd "0" null allow $i to 10.0.0.0/16 port 123 proto tcp do_cmd "0" null allow $i to 10.0.2.0/24 port 123 proto tcp do_cmd "0" null allow $i to 10.0.3.0/24 port 123 proto tcp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto tcp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp done echo "show listening with rules" >> $TESTTMP/result do_cmd "0" show listening # Cleanup the above rules for i in "" "in on eth0" ; do if [ -z "$i" ]; then do_cmd "0" null delete allow in 123 do_cmd "0" null delete allow in OpenNTPD do_cmd "0" null delete allow in 123/tcp else do_cmd "0" null delete allow out 123 do_cmd "0" null delete allow out 123/udp do_cmd "0" null delete allow out 123/tcp fi do_cmd "0" null delete allow $i to any do_cmd "0" null delete allow $i to any proto udp do_cmd "0" null delete allow $i to any proto tcp do_cmd "0" null delete allow $i to 10.0.2.101 do_cmd "0" null delete allow $i to 10.0.2.9 do_cmd "0" null delete allow $i to 10.0.0.0/16 do_cmd "0" null delete allow $i to 10.0.2.0/24 do_cmd "0" null delete allow $i to 10.0.3.0/24 do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c/112 do_cmd "0" null delete allow $i to 10.0.2.101 port 123 do_cmd "0" null delete allow $i to 10.0.0.0/16 port 123 do_cmd "0" null delete allow $i to 10.0.2.0/24 port 123 do_cmd "0" null delete allow $i to 10.0.3.0/24 port 123 do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c port 123 do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 do_cmd "0" null delete allow $i to 10.0.2.101 port 123 proto udp do_cmd "0" null delete allow $i to 10.0.0.0/16 app OpenNTPD do_cmd "0" null delete allow $i to 10.0.2.0/24 port 123 proto udp do_cmd "0" null delete allow $i to 10.0.3.0/24 port 123 proto udp do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto udp do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp do_cmd "0" null delete allow $i to 10.0.2.101 port 123 proto tcp do_cmd "0" null delete allow $i to 10.0.0.0/16 port 123 proto tcp do_cmd "0" null delete allow $i to 10.0.2.0/24 port 123 proto tcp do_cmd "0" null delete allow $i to 10.0.3.0/24 port 123 proto tcp do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto tcp do_cmd "0" null delete allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp done echo "show listening (live) with rules" >> $TESTTMP/result cp -f $TESTPATH/lib/python/ufw/util.py.bak $TESTPATH/lib/python/ufw/util.py do_cmd "0" null allow 13/tcp do_cmd "0" null allow 123/udp do_cmd "0" null show listening do_cmd "0" null delete allow 13/tcp do_cmd "0" null delete allow 123/udp echo "show added" >> $TESTTMP/result do_cmd "0" null limit 13/tcp do_cmd "0" null allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp do_cmd "0" null deny Samba do_cmd "0" show added do_cmd "0" null delete limit 13/tcp do_cmd "0" show added do_cmd "0" null delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp do_cmd "0" show added do_cmd "0" null delete deny Samba do_cmd "0" show added exit 0 ufw-0.36/tests/good/reports/result0000644000175000017500000003221113404772663016243 0ustar jamiejamieshow listening (update util.py to use our cached output) show listening with no rules 0: show listening WARN: Checks disabled tcp: 13 * (daytime) tcp6: 13 * (daytime) udp: 123 10.0.2.101 (ntpd) 123 10.0.2.9 (ntpd) 123 * (ntpd) 33257 * (avahi-daemon) 5353 * (avahi-daemon) 68 * (dhclient3) 68 * (dhclient3) udp6: 123 2001::212:cccc:dddd:e243 (ntpd) 123 2001::211:aaaa:bbbb:d54c (ntpd) 123 * (ntpd) Add rules for test 1: allow in 123 2: allow in OpenNTPD 3: allow in 123/tcp 4: allow to any 5: allow to any proto udp 6: allow to any proto tcp 7: allow to 10.0.2.101 8: allow to 10.0.2.9 9: allow to 10.0.0.0/16 10: allow to 10.0.2.0/24 11: allow to 10.0.3.0/24 12: allow to 2001::211:aaaa:bbbb:d54c 13: allow to 2001::211:aaaa:bbbb:d54c/112 14: allow to 10.0.2.101 port 123 15: allow to 10.0.0.0/16 port 123 16: allow to 10.0.2.0/24 port 123 17: allow to 10.0.3.0/24 port 123 18: allow to 2001::211:aaaa:bbbb:d54c port 123 19: allow to 2001::211:aaaa:bbbb:d54c/112 port 123 20: allow to 10.0.2.101 port 123 proto udp 21: allow to 10.0.0.0/16 app OpenNTPD 22: allow to 10.0.2.0/24 port 123 proto udp 23: allow to 10.0.3.0/24 port 123 proto udp 24: allow to 2001::211:aaaa:bbbb:d54c port 123 proto udp 25: allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 26: allow to 10.0.2.101 port 123 proto tcp 27: allow to 10.0.0.0/16 port 123 proto tcp 28: allow to 10.0.2.0/24 port 123 proto tcp 29: allow to 10.0.3.0/24 port 123 proto tcp 30: allow to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 31: allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp 32: allow out 123 33: allow out 123/udp 34: allow out 123/tcp 35: allow in on eth0 to any 36: allow in on eth0 to any proto udp 37: allow in on eth0 to any proto tcp 38: allow in on eth0 to 10.0.2.101 39: allow in on eth0 to 10.0.2.9 40: allow in on eth0 to 10.0.0.0/16 41: allow in on eth0 to 10.0.2.0/24 42: allow in on eth0 to 10.0.3.0/24 43: allow in on eth0 to 2001::211:aaaa:bbbb:d54c 44: allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 45: allow in on eth0 to 10.0.2.101 port 123 46: allow in on eth0 to 10.0.0.0/16 port 123 47: allow in on eth0 to 10.0.2.0/24 port 123 48: allow in on eth0 to 10.0.3.0/24 port 123 49: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 50: allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 51: allow in on eth0 to 10.0.2.101 port 123 proto udp 52: allow in on eth0 to 10.0.0.0/16 app OpenNTPD 53: allow in on eth0 to 10.0.2.0/24 port 123 proto udp 54: allow in on eth0 to 10.0.3.0/24 port 123 proto udp 55: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto udp 56: allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 57: allow in on eth0 to 10.0.2.101 port 123 proto tcp 58: allow in on eth0 to 10.0.0.0/16 port 123 proto tcp 59: allow in on eth0 to 10.0.2.0/24 port 123 proto tcp 60: allow in on eth0 to 10.0.3.0/24 port 123 proto tcp 61: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 62: allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp show listening with rules 63: show listening WARN: Checks disabled tcp: 13 * (daytime) [ 4] allow to any [ 6] allow to any proto tcp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [27] allow in on eth0 [29] allow in on eth0 proto tcp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 tcp6: 13 * (daytime) [50] allow to any [52] allow to any proto tcp [53] allow to 2001::211:aaaa:bbbb:d54c [54] allow to 2001::211:aaaa:bbbb:d54c/112 [64] allow in on eth0 [66] allow in on eth0 proto tcp [68] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 udp: 123 10.0.2.101 (ntpd) [ 1] allow 123 [ 2] allow OpenNTPD [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [12] allow to 10.0.2.101 port 123 [13] allow to 10.0.0.0/16 port 123 [14] allow to 10.0.2.0/24 port 123 [16] allow to 10.0.2.101 port 123 proto udp [17] allow to 10.0.0.0/16 app OpenNTPD [18] allow to 10.0.2.0/24 port 123 proto udp 123 10.0.2.9 (ntpd) [ 1] allow 123 [ 2] allow OpenNTPD [ 4] allow to any [ 5] allow to any proto udp [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [13] allow to 10.0.0.0/16 port 123 [14] allow to 10.0.2.0/24 port 123 [17] allow to 10.0.0.0/16 app OpenNTPD [18] allow to 10.0.2.0/24 port 123 proto udp [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 [36] allow in on eth0 to 10.0.0.0/16 port 123 [37] allow in on eth0 to 10.0.2.0/24 port 123 [40] allow in on eth0 to 10.0.0.0/16 app OpenNTPD [41] allow in on eth0 to 10.0.2.0/24 port 123 proto udp 123 * (ntpd) [ 1] allow 123 [ 2] allow OpenNTPD [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [12] allow to 10.0.2.101 port 123 [13] allow to 10.0.0.0/16 port 123 [14] allow to 10.0.2.0/24 port 123 [15] allow to 10.0.3.0/24 port 123 [16] allow to 10.0.2.101 port 123 proto udp [17] allow to 10.0.0.0/16 app OpenNTPD [18] allow to 10.0.2.0/24 port 123 proto udp [19] allow to 10.0.3.0/24 port 123 proto udp [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 [36] allow in on eth0 to 10.0.0.0/16 port 123 [37] allow in on eth0 to 10.0.2.0/24 port 123 [40] allow in on eth0 to 10.0.0.0/16 app OpenNTPD [41] allow in on eth0 to 10.0.2.0/24 port 123 proto udp 33257 * (avahi-daemon) [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 5353 * (avahi-daemon) [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 68 * (dhclient3) [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 68 * (dhclient3) [ 4] allow to any [ 5] allow to any proto udp [ 7] allow to 10.0.2.101 [ 8] allow to 10.0.2.9 [ 9] allow to 10.0.0.0/16 [10] allow to 10.0.2.0/24 [11] allow to 10.0.3.0/24 [27] allow in on eth0 [28] allow in on eth0 proto udp [31] allow in on eth0 to 10.0.2.9 [32] allow in on eth0 to 10.0.0.0/16 [33] allow in on eth0 to 10.0.2.0/24 udp6: 123 2001::212:cccc:dddd:e243 (ntpd) [47] allow 123 [48] allow OpenNTPD [50] allow to any [51] allow to any proto udp 123 2001::211:aaaa:bbbb:d54c (ntpd) [47] allow 123 [48] allow OpenNTPD [50] allow to any [51] allow to any proto udp [53] allow to 2001::211:aaaa:bbbb:d54c [54] allow to 2001::211:aaaa:bbbb:d54c/112 [55] allow to 2001::211:aaaa:bbbb:d54c port 123 [56] allow to 2001::211:aaaa:bbbb:d54c/112 port 123 [57] allow to 2001::211:aaaa:bbbb:d54c port 123 proto udp [58] allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp [64] allow in on eth0 [65] allow in on eth0 proto udp [68] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 [70] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 [71] allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto udp [72] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 123 * (ntpd) [47] allow 123 [48] allow OpenNTPD [50] allow to any [51] allow to any proto udp [53] allow to 2001::211:aaaa:bbbb:d54c [54] allow to 2001::211:aaaa:bbbb:d54c/112 [55] allow to 2001::211:aaaa:bbbb:d54c port 123 [56] allow to 2001::211:aaaa:bbbb:d54c/112 port 123 [57] allow to 2001::211:aaaa:bbbb:d54c port 123 proto udp [58] allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp [64] allow in on eth0 [65] allow in on eth0 proto udp [68] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 [70] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 [72] allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 64: delete allow in 123 65: delete allow in OpenNTPD 66: delete allow in 123/tcp 67: delete allow to any 68: delete allow to any proto udp 69: delete allow to any proto tcp 70: delete allow to 10.0.2.101 71: delete allow to 10.0.2.9 72: delete allow to 10.0.0.0/16 73: delete allow to 10.0.2.0/24 74: delete allow to 10.0.3.0/24 75: delete allow to 2001::211:aaaa:bbbb:d54c 76: delete allow to 2001::211:aaaa:bbbb:d54c/112 77: delete allow to 10.0.2.101 port 123 78: delete allow to 10.0.0.0/16 port 123 79: delete allow to 10.0.2.0/24 port 123 80: delete allow to 10.0.3.0/24 port 123 81: delete allow to 2001::211:aaaa:bbbb:d54c port 123 82: delete allow to 2001::211:aaaa:bbbb:d54c/112 port 123 83: delete allow to 10.0.2.101 port 123 proto udp 84: delete allow to 10.0.0.0/16 app OpenNTPD 85: delete allow to 10.0.2.0/24 port 123 proto udp 86: delete allow to 10.0.3.0/24 port 123 proto udp 87: delete allow to 2001::211:aaaa:bbbb:d54c port 123 proto udp 88: delete allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 89: delete allow to 10.0.2.101 port 123 proto tcp 90: delete allow to 10.0.0.0/16 port 123 proto tcp 91: delete allow to 10.0.2.0/24 port 123 proto tcp 92: delete allow to 10.0.3.0/24 port 123 proto tcp 93: delete allow to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 94: delete allow to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp 95: delete allow out 123 96: delete allow out 123/udp 97: delete allow out 123/tcp 98: delete allow in on eth0 to any 99: delete allow in on eth0 to any proto udp 100: delete allow in on eth0 to any proto tcp 101: delete allow in on eth0 to 10.0.2.101 102: delete allow in on eth0 to 10.0.2.9 103: delete allow in on eth0 to 10.0.0.0/16 104: delete allow in on eth0 to 10.0.2.0/24 105: delete allow in on eth0 to 10.0.3.0/24 106: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c 107: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 108: delete allow in on eth0 to 10.0.2.101 port 123 109: delete allow in on eth0 to 10.0.0.0/16 port 123 110: delete allow in on eth0 to 10.0.2.0/24 port 123 111: delete allow in on eth0 to 10.0.3.0/24 port 123 112: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 113: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 114: delete allow in on eth0 to 10.0.2.101 port 123 proto udp 115: delete allow in on eth0 to 10.0.0.0/16 app OpenNTPD 116: delete allow in on eth0 to 10.0.2.0/24 port 123 proto udp 117: delete allow in on eth0 to 10.0.3.0/24 port 123 proto udp 118: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto udp 119: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp 120: delete allow in on eth0 to 10.0.2.101 port 123 proto tcp 121: delete allow in on eth0 to 10.0.0.0/16 port 123 proto tcp 122: delete allow in on eth0 to 10.0.2.0/24 port 123 proto tcp 123: delete allow in on eth0 to 10.0.3.0/24 port 123 proto tcp 124: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 125: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp show listening (live) with rules 126: allow 13/tcp 127: allow 123/udp 128: show listening 129: delete allow 13/tcp 130: delete allow 123/udp show added 131: limit 13/tcp 132: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 133: deny Samba 134: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw limit 13/tcp ufw deny Samba ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 135: delete limit 13/tcp 136: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw deny Samba ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 137: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp 138: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): ufw deny Samba 139: delete deny Samba 140: show added WARN: Checks disabled Added user rules (see 'ufw status' for running firewall): (None) ufw-0.36/tests/good/reports/bin/0000755000175000017500000000000013257500346015544 5ustar jamiejamieufw-0.36/tests/good/reports/bin/show_listening_debug0000755000175000017500000000613413257500346021700 0ustar jamiejamie#!/bin/bash make clean make evaluate sudo ufw disable export TESTPATH="`pwd`/tmp/ufw" cp $TESTPATH/../../tests/good/args/orig/profiles/openntpd $TESTPATH/etc/ufw/applications.d/openntpd sed -i "s#netstat_output = get_netstat_output.*#rc, netstat_output = cmd(['cat', '$TESTPATH/../../tests/good/reports/netstat.enlp'])#" $TESTPATH/lib/python/ufw/util.py sed -i "s#proc = '/proc/net/if_inet6'#proc = '$TESTPATH/../../tests/good/reports/proc_net_if_inet6'#" $TESTPATH/lib/python/ufw/util.py sed -i "s#proc = '/proc/net/dev'#proc = '$TESTPATH/../../tests/good/reports/proc_net_dev'#" $TESTPATH/lib/python/ufw/util.py sed -i "s#\(.*\)\(addr = .* 0x8915,.*\)#\\1if ifname == 'eth0':\n\\1\\1addr = '10.0.2.9'\n\\1elif ifname == 'eth1':\n\\1\\1addr = '10.0.2.101'\n\\1else:\n\\1\\1raise IOError\n\\1return normalize_address(addr, v6)[0]\n\\1\\2#" $TESTPATH/lib/python/ufw/util.py sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw do_cmd() { shift 2 sudo sh -c "PYTHONPATH=$PYTHONPATH:$TESTPATH/lib/python $TESTPATH/usr/sbin/ufw $*" 2>&1 | grep -v "WARN: Checks disabled" | grep -v "Rules updated" } for i in "" "in on eth0" ; do if [ -z "$i" ]; then do_cmd "0" null allow in 123 do_cmd "0" null allow in OpenNTPD do_cmd "0" null allow in 123/tcp else do_cmd "0" null allow out 123 do_cmd "0" null allow out 123/udp do_cmd "0" null allow out 123/tcp fi do_cmd "0" null allow $i to any do_cmd "0" null allow $i to any proto udp do_cmd "0" null allow $i to any proto tcp do_cmd "0" null allow $i to 10.0.2.101 do_cmd "0" null allow $i to 10.0.2.9 do_cmd "0" null allow $i to 10.0.0.0/16 do_cmd "0" null allow $i to 10.0.2.0/24 do_cmd "0" null allow $i to 10.0.3.0/24 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 do_cmd "0" null allow $i to 10.0.2.101 port 123 do_cmd "0" null allow $i to 10.0.0.0/16 port 123 do_cmd "0" null allow $i to 10.0.2.0/24 port 123 do_cmd "0" null allow $i to 10.0.3.0/24 port 123 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 do_cmd "0" null allow $i to 10.0.2.101 port 123 proto udp do_cmd "0" null allow $i to 10.0.0.0/16 app OpenNTPD do_cmd "0" null allow $i to 10.0.2.0/24 port 123 proto udp do_cmd "0" null allow $i to 10.0.3.0/24 port 123 proto udp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto udp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto udp do_cmd "0" null allow $i to 10.0.2.101 port 123 proto tcp do_cmd "0" null allow $i to 10.0.0.0/16 port 123 proto tcp do_cmd "0" null allow $i to 10.0.2.0/24 port 123 proto tcp do_cmd "0" null allow $i to 10.0.3.0/24 port 123 proto tcp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c port 123 proto tcp do_cmd "0" null allow $i to 2001::211:aaaa:bbbb:d54c/112 port 123 proto tcp done sed -i 's/DEBUGGING = False/DEBUGGING = True/' ./tmp/ufw/lib/python/ufw/util.py do_cmd "0" null show listening ufw-0.36/tests/good/route/0000755000175000017500000000000013404772663014443 5ustar jamiejamieufw-0.36/tests/good/route/orig0000777000175000017500000000000013257507473017504 2../../defaultsustar jamiejamieufw-0.36/tests/good/route/runtest.sh0000755000175000017500000001200113404772663016500 0ustar jamiejamie#!/bin/bash # Copyright 2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "Man page" >> $TESTTMP/result do_cmd "0" --dry-run route deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" --dry-run route delete deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" --dry-run route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 do_cmd "0" --dry-run route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 echo "SIMPLE" >> $TESTTMP/result do_cmd "0" --dry-run route allow daytime do_cmd "0" --dry-run route delete allow daytime do_cmd "0" --dry-run route allow daytime/tcp do_cmd "0" --dry-run route delete allow daytime/tcp do_cmd "0" --dry-run route allow daytime/udp do_cmd "0" --dry-run route delete allow daytime/udp echo "Interfaces" >> $TESTTMP/result in_if="fake0" out_if="fake1" do_cmd "0" --dry-run route allow in on $in_if do_cmd "0" --dry-run route delete allow in on $in_if do_cmd "0" --dry-run route deny out on $out_if do_cmd "0" --dry-run route delete deny out on $out_if echo "TO/FROM" >> $TESTTMP/result from="192.168.0.1" to="10.0.0.1" do_cmd "0" --dry-run route allow from $from do_cmd "0" --dry-run route delete allow from $from do_cmd "0" --dry-run route deny to $to do_cmd "0" --dry-run route delete deny to $to do_cmd "0" --dry-run route limit to $to from $from do_cmd "0" --dry-run route delete limit to $to from $from do_cmd "0" --dry-run route allow in on $in_if from $from do_cmd "0" --dry-run route delete allow in on $in_if from $from do_cmd "0" --dry-run route deny out on $out_if to $to do_cmd "0" --dry-run route delete deny out on $out_if to $to do_cmd "0" --dry-run route limit in on $in_if out on $out_if from $from to $to do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if from $from to $to do_cmd "0" --dry-run route allow from $from port 80 do_cmd "0" --dry-run route delete allow from $from port 80 do_cmd "0" --dry-run route deny to $to port 25 do_cmd "0" --dry-run route delete deny to $to port 25 do_cmd "0" --dry-run route limit in on $in_if out on $out_if from $from port 25 to $to port 25 proto tcp do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if from $from port 25 to $to port 25 proto tcp echo "Services" >> $TESTTMP/result do_cmd "0" --dry-run route allow to any port smtp from any port smtp do_cmd "0" --dry-run route delete allow to any port smtp from any port smtp do_cmd "0" --dry-run route allow in on $in_if out on $out_if to any port smtp from any port smtp do_cmd "0" --dry-run route delete allow in on $in_if out on $out_if to any port smtp from any port smtp echo "Netmasks" >> $TESTTMP/result do_cmd "0" --dry-run route reject from 192.168.0.1/32 to 192.168.0.0/16 do_cmd "0" --dry-run route delete reject from 192.168.0.1/32 to 192.168.0.0/16 echo "Multiports:" >> $TESTTMP/result do_cmd "0" --dry-run route limit 23,21,15:19,13/tcp do_cmd "0" --dry-run route delete limit 23,21,15:19,13/tcp do_cmd "0" --dry-run route allow in on $in_if out on $out_if from 192.168.0.1 port 23,21,15:19,13 to 10.0.0.0/8 port 24:26 proto tcp do_cmd "0" --dry-run route delete allow in on $in_if out on $out_if from 192.168.0.1 port 23,21,15:19,13 to 10.0.0.0/8 port 24:26 proto tcp do_cmd "0" --dry-run route deny in on $in_if to any port 34,35:39 from any port 24 proto udp do_cmd "0" --dry-run route delete deny in on $in_if to any port 34,35:39 from any port 24 proto udp echo "Insert" >> $TESTTMP/result do_cmd "0" null route allow 13 do_cmd "0" null route allow 23 do_cmd "0" null route insert 1 allow 9999 do_cmd "0" null route insert 1 allow log 9998 do_cmd "0" null route insert 2 reject to 192.168.0.1 from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null route delete allow 13 do_cmd "0" null route delete allow 23 do_cmd "0" null route delete allow 9999 do_cmd "0" null route delete allow log 9998 do_cmd "0" null route delete reject to 192.168.0.1 from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "ipv6 protocols" >> $TESTTMP/result do_cmd "0" --dry-run route allow in on $in_if to 10.0.0.1 proto ipv6 do_cmd "0" --dry-run route delete allow in on $in_if to 10.0.0.1 proto ipv6 do_cmd "0" --dry-run route deny out on $out_if to 10.0.0.1 from 10.4.0.0/16 proto ah do_cmd "0" --dry-run route delete deny out on $out_if to 10.0.0.1 from 10.4.0.0/16 proto ah do_cmd "0" --dry-run route limit in on $in_if out on $out_if to 10.0.0.1 proto esp do_cmd "0" --dry-run route delete limit in on $in_if out on $out_if to 10.0.0.1 proto esp exit 0 ufw-0.36/tests/good/route/result0000644000175000017500000022765713404772663015727 0ustar jamiejamieMan page 0: --dry-run route deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-forward -p udp --dport 514 -s 1.2.3.4 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 1: --dry-run route delete deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 2: --dry-run route allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-forward -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 3: --dry-run route delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated SIMPLE 4: --dry-run route allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 13 -j ACCEPT -A ufw-user-forward -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 5: --dry-run route delete allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 6: --dry-run route allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 7: --dry-run route delete allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 8: --dry-run route allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 9: --dry-run route delete allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Interfaces 10: --dry-run route allow in on fake0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow any any 0.0.0.0/0 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 11: --dry-run route delete allow in on fake0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 12: --dry-run route deny out on fake1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny any any 0.0.0.0/0 any 0.0.0.0/0 out_fake1 -A ufw-user-forward -o fake1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 13: --dry-run route delete deny out on fake1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TO/FROM 14: --dry-run route allow from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-forward -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 15: --dry-run route delete allow from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 16: --dry-run route deny to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny any any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-forward -d 10.0.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 17: --dry-run route delete deny to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 18: --dry-run route limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:limit any any 10.0.0.1 any 192.168.0.1 in -A ufw-user-forward -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-forward -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 19: --dry-run route delete limit to 10.0.0.1 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 20: --dry-run route allow in on fake0 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow any any 0.0.0.0/0 any 192.168.0.1 in_fake0 -A ufw-user-forward -i fake0 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 21: --dry-run route delete allow in on fake0 from 192.168.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 22: --dry-run route deny out on fake1 to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny any any 10.0.0.1 any 0.0.0.0/0 out_fake1 -A ufw-user-forward -o fake1 -d 10.0.0.1 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 23: --dry-run route delete deny out on fake1 to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 24: --dry-run route limit in on fake0 out on fake1 from 192.168.0.1 to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:limit any any 10.0.0.1 any 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -o fake1 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-forward -i fake0 -o fake1 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 25: --dry-run route delete limit in on fake0 out on fake1 from 192.168.0.1 to 10.0.0.1 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 26: --dry-run route allow from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow any any 0.0.0.0/0 80 192.168.0.1 in -A ufw-user-forward -p tcp -s 192.168.0.1 --sport 80 -j ACCEPT -A ufw-user-forward -p udp -s 192.168.0.1 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 27: --dry-run route delete allow from 192.168.0.1 port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 28: --dry-run route deny to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny any 25 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-forward -p tcp -d 10.0.0.1 --dport 25 -j DROP -A ufw-user-forward -p udp -d 10.0.0.1 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 29: --dry-run route delete deny to 10.0.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 30: --dry-run route limit in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:limit tcp 25 10.0.0.1 25 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-forward -i fake0 -o fake1 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 31: --dry-run route delete limit in on fake0 out on fake1 from 192.168.0.1 port 25 to 10.0.0.1 port 25 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Services 32: --dry-run route allow to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 25 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 33: --dry-run route delete allow to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 34: --dry-run route allow in on fake0 out on fake1 to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow tcp 25 0.0.0.0/0 25 0.0.0.0/0 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp --dport 25 --sport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 35: --dry-run route delete allow in on fake0 out on fake1 to any port smtp from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Netmasks 36: --dry-run route reject from 192.168.0.1/32 to 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:reject any any 192.168.0.0/16 any 192.168.0.1 in -A ufw-user-forward -d 192.168.0.0/16 -s 192.168.0.1 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 37: --dry-run route delete reject from 192.168.0.1/32 to 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Multiports: 38: --dry-run route limit 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:limit tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-forward -p tcp -m multiport --dports 13,15:19,21,23 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 39: --dry-run route delete limit 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 40: --dry-run route allow in on fake0 out on fake1 from 192.168.0.1 port 23,21,15:19,13 to 10.0.0.0/8 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow tcp 24:26 10.0.0.0/8 13,15:19,21,23 192.168.0.1 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p tcp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -d 10.0.0.0/8 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 41: --dry-run route delete allow in on fake0 out on fake1 from 192.168.0.1 port 23,21,15:19,13 to 10.0.0.0/8 port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 42: --dry-run route deny in on fake0 to any port 34,35:39 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny udp 34,35:39 0.0.0.0/0 24 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 43: --dry-run route delete deny in on fake0 to any port 34,35:39 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Insert 44: route allow 13 45: route allow 23 46: route insert 1 allow 9999 47: route insert 1 allow log 9998 48: route insert 2 reject to 192.168.0.1 from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow_log any 9998 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-forward -p tcp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -p tcp --dport 9998 -j RETURN -A ufw-user-forward -p tcp --dport 9998 -j ufw-user-logging-forward -A ufw-user-forward -p tcp --dport 9998 -j ACCEPT -A ufw-user-logging-forward -p udp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-forward -p udp --dport 9998 -j RETURN -A ufw-user-forward -p udp --dport 9998 -j ufw-user-logging-forward -A ufw-user-forward -p udp --dport 9998 -j ACCEPT ### tuple ### route:reject any any 192.168.0.1 any 10.0.0.1 in -A ufw-user-forward -d 192.168.0.1 -s 10.0.0.1 -j REJECT ### tuple ### route:allow any 9999 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 9999 -j ACCEPT -A ufw-user-forward -p udp --dport 9999 -j ACCEPT ### tuple ### route:allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 13 -j ACCEPT -A ufw-user-forward -p udp --dport 13 -j ACCEPT ### tuple ### route:allow any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-forward -p tcp --dport 23 -j ACCEPT -A ufw-user-forward -p udp --dport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 49: route delete allow 13 50: route delete allow 23 51: route delete allow 9999 52: route delete allow log 9998 53: route delete reject to 192.168.0.1 from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT ipv6 protocols 54: --dry-run route allow in on fake0 to 10.0.0.1 proto ipv6 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:allow ipv6 any 10.0.0.1 any 0.0.0.0/0 in_fake0 -A ufw-user-forward -i fake0 -p ipv6 -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 55: --dry-run route delete allow in on fake0 to 10.0.0.1 proto ipv6 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 56: --dry-run route deny out on fake1 to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:deny ah any 10.0.0.1 any 10.4.0.0/16 out_fake1 -A ufw-user-forward -o fake1 -p ah -d 10.0.0.1 -s 10.4.0.0/16 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 57: --dry-run route delete deny out on fake1 to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 58: --dry-run route limit in on fake0 out on fake1 to 10.0.0.1 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### route:limit esp any 10.0.0.1 any 0.0.0.0/0 in_fake0!out_fake1 -A ufw-user-forward -i fake0 -o fake1 -p esp -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -A ufw-user-forward -i fake0 -o fake1 -p esp -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-forward -i fake0 -o fake1 -p esp -d 10.0.0.1 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 59: --dry-run route delete limit in on fake0 out on fake1 to 10.0.0.1 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated ufw-0.36/tests/good/policy/0000755000175000017500000000000013257500736014600 5ustar jamiejamieufw-0.36/tests/good/policy/orig0000777000175000017500000000000013226727543017643 2../../defaultsustar jamiejamieufw-0.36/tests/good/policy/runtest.sh0000755000175000017500000000254213257500736016646 0ustar jamiejamie#!/bin/bash # Copyright 2009-2012 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING GOOD DEFAULT POLICY" >> $TESTTMP/result for i in INPUT OUTPUT FORWARD; do for j in ACCEPT DROP REJECT; do echo "Setting DEFAULT_${i}_POLICY to $j" >> $TESTTMP/result sed -i "s/DEFAULT_${i}_POLICY=.*/DEFAULT_${i}_POLICY=$j/" $TESTPATH/etc/default/ufw do_cmd "0" null --dry-run status # put it back to something valid sed -i "s/DEFAULT_${i}_POLICY=.*/DEFAULT_${i}_POLICY=DROP/" $TESTPATH/etc/default/ufw done done echo "TESTING ARGS (default)" >> $TESTTMP/result for i in "" incoming outgoing input output; do for j in allow deny reject ALLOW DENY REJECT; do do_cmd "0" --dry-run default $j $i done done exit 0 ufw-0.36/tests/good/policy/result0000644000175000017500000001150013257500736016036 0ustar jamiejamieTESTING GOOD DEFAULT POLICY Setting DEFAULT_INPUT_POLICY to ACCEPT 0: --dry-run status Setting DEFAULT_INPUT_POLICY to DROP 1: --dry-run status Setting DEFAULT_INPUT_POLICY to REJECT 2: --dry-run status Setting DEFAULT_OUTPUT_POLICY to ACCEPT 3: --dry-run status Setting DEFAULT_OUTPUT_POLICY to DROP 4: --dry-run status Setting DEFAULT_OUTPUT_POLICY to REJECT 5: --dry-run status Setting DEFAULT_FORWARD_POLICY to ACCEPT 6: --dry-run status Setting DEFAULT_FORWARD_POLICY to DROP 7: --dry-run status Setting DEFAULT_FORWARD_POLICY to REJECT 8: --dry-run status TESTING ARGS (default) 9: --dry-run default allow WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 10: --dry-run default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 11: --dry-run default reject WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 12: --dry-run default ALLOW WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 13: --dry-run default DENY WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 14: --dry-run default REJECT WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 15: --dry-run default allow incoming WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 16: --dry-run default deny incoming WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 17: --dry-run default reject incoming WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 18: --dry-run default ALLOW incoming WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 19: --dry-run default DENY incoming WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 20: --dry-run default REJECT incoming WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 21: --dry-run default allow outgoing WARN: Checks disabled Default outgoing policy changed to 'allow' (be sure to update your rules accordingly) 22: --dry-run default deny outgoing WARN: Checks disabled Default outgoing policy changed to 'deny' (be sure to update your rules accordingly) 23: --dry-run default reject outgoing WARN: Checks disabled Default outgoing policy changed to 'reject' (be sure to update your rules accordingly) 24: --dry-run default ALLOW outgoing WARN: Checks disabled Default outgoing policy changed to 'allow' (be sure to update your rules accordingly) 25: --dry-run default DENY outgoing WARN: Checks disabled Default outgoing policy changed to 'deny' (be sure to update your rules accordingly) 26: --dry-run default REJECT outgoing WARN: Checks disabled Default outgoing policy changed to 'reject' (be sure to update your rules accordingly) 27: --dry-run default allow input WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 28: --dry-run default deny input WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 29: --dry-run default reject input WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 30: --dry-run default ALLOW input WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 31: --dry-run default DENY input WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 32: --dry-run default REJECT input WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 33: --dry-run default allow output WARN: Checks disabled Default outgoing policy changed to 'allow' (be sure to update your rules accordingly) 34: --dry-run default deny output WARN: Checks disabled Default outgoing policy changed to 'deny' (be sure to update your rules accordingly) 35: --dry-run default reject output WARN: Checks disabled Default outgoing policy changed to 'reject' (be sure to update your rules accordingly) 36: --dry-run default ALLOW output WARN: Checks disabled Default outgoing policy changed to 'allow' (be sure to update your rules accordingly) 37: --dry-run default DENY output WARN: Checks disabled Default outgoing policy changed to 'deny' (be sure to update your rules accordingly) 38: --dry-run default REJECT output WARN: Checks disabled Default outgoing policy changed to 'reject' (be sure to update your rules accordingly) ufw-0.36/tests/good/netmasks/0000755000175000017500000000000013226727543015131 5ustar jamiejamieufw-0.36/tests/good/netmasks/orig0000777000175000017500000000000013226727543020171 2../../defaultsustar jamiejamieufw-0.36/tests/good/netmasks/runtest.sh0000755000175000017500000000232013226727543017171 0ustar jamiejamie#!/bin/bash # Copyright 2008 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #set -x source "$TESTPATH/../testlib.sh" echo "TESTING VALID CIDR" >> $TESTTMP/result for i in $(seq 0 32); do do_cmd "0" null --dry-run allow from 10.0.0.1/$i done echo "TESTING VALID DOTTED" >> $TESTTMP/result for i in $(seq 0 16 255); do do_cmd "0" null --dry-run allow from 10.0.0.1/255.255.255.$i do_cmd "0" null --dry-run allow from 10.0.0.1/255.255.$i.255 do_cmd "0" null --dry-run allow from 10.0.0.1/255.$i.255.255 do_cmd "0" null --dry-run allow from 10.0.0.1/$i.255.255.255 do_cmd "0" null --dry-run allow from 10.0.0.1/$i.$i.$i.$i done exit 0 ufw-0.36/tests/good/netmasks/result0000644000175000017500000001245013226727543016374 0ustar jamiejamieTESTING VALID CIDR 0: --dry-run allow from 10.0.0.1/0 1: --dry-run allow from 10.0.0.1/1 2: --dry-run allow from 10.0.0.1/2 3: --dry-run allow from 10.0.0.1/3 4: --dry-run allow from 10.0.0.1/4 5: --dry-run allow from 10.0.0.1/5 6: --dry-run allow from 10.0.0.1/6 7: --dry-run allow from 10.0.0.1/7 8: --dry-run allow from 10.0.0.1/8 9: --dry-run allow from 10.0.0.1/9 10: --dry-run allow from 10.0.0.1/10 11: --dry-run allow from 10.0.0.1/11 12: --dry-run allow from 10.0.0.1/12 13: --dry-run allow from 10.0.0.1/13 14: --dry-run allow from 10.0.0.1/14 15: --dry-run allow from 10.0.0.1/15 16: --dry-run allow from 10.0.0.1/16 17: --dry-run allow from 10.0.0.1/17 18: --dry-run allow from 10.0.0.1/18 19: --dry-run allow from 10.0.0.1/19 20: --dry-run allow from 10.0.0.1/20 21: --dry-run allow from 10.0.0.1/21 22: --dry-run allow from 10.0.0.1/22 23: --dry-run allow from 10.0.0.1/23 24: --dry-run allow from 10.0.0.1/24 25: --dry-run allow from 10.0.0.1/25 26: --dry-run allow from 10.0.0.1/26 27: --dry-run allow from 10.0.0.1/27 28: --dry-run allow from 10.0.0.1/28 29: --dry-run allow from 10.0.0.1/29 30: --dry-run allow from 10.0.0.1/30 31: --dry-run allow from 10.0.0.1/31 32: --dry-run allow from 10.0.0.1/32 TESTING VALID DOTTED 33: --dry-run allow from 10.0.0.1/255.255.255.0 34: --dry-run allow from 10.0.0.1/255.255.0.255 35: --dry-run allow from 10.0.0.1/255.0.255.255 36: --dry-run allow from 10.0.0.1/0.255.255.255 37: --dry-run allow from 10.0.0.1/0.0.0.0 38: --dry-run allow from 10.0.0.1/255.255.255.16 39: --dry-run allow from 10.0.0.1/255.255.16.255 40: --dry-run allow from 10.0.0.1/255.16.255.255 41: --dry-run allow from 10.0.0.1/16.255.255.255 42: --dry-run allow from 10.0.0.1/16.16.16.16 43: --dry-run allow from 10.0.0.1/255.255.255.32 44: --dry-run allow from 10.0.0.1/255.255.32.255 45: --dry-run allow from 10.0.0.1/255.32.255.255 46: --dry-run allow from 10.0.0.1/32.255.255.255 47: --dry-run allow from 10.0.0.1/32.32.32.32 48: --dry-run allow from 10.0.0.1/255.255.255.48 49: --dry-run allow from 10.0.0.1/255.255.48.255 50: --dry-run allow from 10.0.0.1/255.48.255.255 51: --dry-run allow from 10.0.0.1/48.255.255.255 52: --dry-run allow from 10.0.0.1/48.48.48.48 53: --dry-run allow from 10.0.0.1/255.255.255.64 54: --dry-run allow from 10.0.0.1/255.255.64.255 55: --dry-run allow from 10.0.0.1/255.64.255.255 56: --dry-run allow from 10.0.0.1/64.255.255.255 57: --dry-run allow from 10.0.0.1/64.64.64.64 58: --dry-run allow from 10.0.0.1/255.255.255.80 59: --dry-run allow from 10.0.0.1/255.255.80.255 60: --dry-run allow from 10.0.0.1/255.80.255.255 61: --dry-run allow from 10.0.0.1/80.255.255.255 62: --dry-run allow from 10.0.0.1/80.80.80.80 63: --dry-run allow from 10.0.0.1/255.255.255.96 64: --dry-run allow from 10.0.0.1/255.255.96.255 65: --dry-run allow from 10.0.0.1/255.96.255.255 66: --dry-run allow from 10.0.0.1/96.255.255.255 67: --dry-run allow from 10.0.0.1/96.96.96.96 68: --dry-run allow from 10.0.0.1/255.255.255.112 69: --dry-run allow from 10.0.0.1/255.255.112.255 70: --dry-run allow from 10.0.0.1/255.112.255.255 71: --dry-run allow from 10.0.0.1/112.255.255.255 72: --dry-run allow from 10.0.0.1/112.112.112.112 73: --dry-run allow from 10.0.0.1/255.255.255.128 74: --dry-run allow from 10.0.0.1/255.255.128.255 75: --dry-run allow from 10.0.0.1/255.128.255.255 76: --dry-run allow from 10.0.0.1/128.255.255.255 77: --dry-run allow from 10.0.0.1/128.128.128.128 78: --dry-run allow from 10.0.0.1/255.255.255.144 79: --dry-run allow from 10.0.0.1/255.255.144.255 80: --dry-run allow from 10.0.0.1/255.144.255.255 81: --dry-run allow from 10.0.0.1/144.255.255.255 82: --dry-run allow from 10.0.0.1/144.144.144.144 83: --dry-run allow from 10.0.0.1/255.255.255.160 84: --dry-run allow from 10.0.0.1/255.255.160.255 85: --dry-run allow from 10.0.0.1/255.160.255.255 86: --dry-run allow from 10.0.0.1/160.255.255.255 87: --dry-run allow from 10.0.0.1/160.160.160.160 88: --dry-run allow from 10.0.0.1/255.255.255.176 89: --dry-run allow from 10.0.0.1/255.255.176.255 90: --dry-run allow from 10.0.0.1/255.176.255.255 91: --dry-run allow from 10.0.0.1/176.255.255.255 92: --dry-run allow from 10.0.0.1/176.176.176.176 93: --dry-run allow from 10.0.0.1/255.255.255.192 94: --dry-run allow from 10.0.0.1/255.255.192.255 95: --dry-run allow from 10.0.0.1/255.192.255.255 96: --dry-run allow from 10.0.0.1/192.255.255.255 97: --dry-run allow from 10.0.0.1/192.192.192.192 98: --dry-run allow from 10.0.0.1/255.255.255.208 99: --dry-run allow from 10.0.0.1/255.255.208.255 100: --dry-run allow from 10.0.0.1/255.208.255.255 101: --dry-run allow from 10.0.0.1/208.255.255.255 102: --dry-run allow from 10.0.0.1/208.208.208.208 103: --dry-run allow from 10.0.0.1/255.255.255.224 104: --dry-run allow from 10.0.0.1/255.255.224.255 105: --dry-run allow from 10.0.0.1/255.224.255.255 106: --dry-run allow from 10.0.0.1/224.255.255.255 107: --dry-run allow from 10.0.0.1/224.224.224.224 108: --dry-run allow from 10.0.0.1/255.255.255.240 109: --dry-run allow from 10.0.0.1/255.255.240.255 110: --dry-run allow from 10.0.0.1/255.240.255.255 111: --dry-run allow from 10.0.0.1/240.255.255.255 112: --dry-run allow from 10.0.0.1/240.240.240.240 ufw-0.36/tests/good/apps/0000755000175000017500000000000013404772663014250 5ustar jamiejamieufw-0.36/tests/good/apps/orig0000777000175000017500000000000013226727543017307 2../../defaultsustar jamiejamieufw-0.36/tests/good/apps/runtest.sh0000755000175000017500000001700113404772663016312 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING APPLICATION INTEGRATION (args)" >> $TESTTMP/result do_cmd "0" app list do_cmd "0" app info Apache do_cmd "0" app info 'Apache Secure' do_cmd "0" app info 'Apache Full' do_cmd "0" app info Bind9 do_cmd "0" app info Samba do_cmd "0" app info 'Custom Web App' do_cmd "0" app info 'Custom Web App2' do_cmd "0" app info all do_cmd "0" app info 0verkill echo "TESTING APPLICATION INTEGRATION (simple rules)" >> $TESTTMP/result for target in allow deny limit ; do do_cmd "0" --dry-run $target Apache do_cmd "0" --dry-run $target 'Apache Secure' do_cmd "0" --dry-run $target 'Apache Full' do_cmd "0" --dry-run $target Bind9 do_cmd "0" --dry-run $target Samba do_cmd "0" --dry-run $target OpenNTPD do_cmd "0" --dry-run $target 'Multi TCP' do_cmd "0" --dry-run $target 'Multi UDP' do_cmd "0" --dry-run $target 'Custom Web App2' done echo "TESTING APPLICATION INTEGRATION (extended rules)" >> $TESTTMP/result for target in allow deny limit ; do for i in to from ; do for loc in 192.168.0.0/16 any ; do do_cmd "0" --dry-run $target $i $loc app Apache do_cmd "0" --dry-run $target $i $loc app 'Apache Secure' do_cmd "0" --dry-run $target $i $loc app 'Apache Full' do_cmd "0" --dry-run $target $i $loc app Bind9 do_cmd "0" --dry-run $target $i $loc app Samba do_cmd "0" --dry-run $target $i $loc app OpenNTPD do_cmd "0" --dry-run $target $i $loc app 'Multi TCP' do_cmd "0" --dry-run $target $i $loc app 'Multi UDP' done done for i in 192.168.0 any; do for j in from to; do k="to" if [ "$j" = "to" ]; then k="from" fi m="$i.1" n="$i.2" if [ "$i" = "any" ]; then m="$i" n="$i" fi do_cmd "0" --dry-run $target $j $m app Apache $k $n port 8080 do_cmd "0" --dry-run $target $j $m app OpenNTPD $k $n port 10123 do_cmd "0" --dry-run $target $j $m app Samba $k $n app Bind9 do_cmd "0" --dry-run $target $j $m app Samba $k $n port 13 do_cmd "0" --dry-run $target $j $m app Apache $k $n app 'Apache Full' done if [ "$i" != "any" ]; then i="$i.1" fi do_cmd "0" --dry-run $target to $i app Samba from $i app Samba done done echo "TESTING APPLICATION INTEGRATION (case insensitive)" >> $TESTTMP/result cat > $TESTPATH/etc/ufw/applications.d/runtest << EOM [runtest] title=runtest title description=runtest description ports=23/tcp EOM do_cmd "0" --dry-run allow runtest do_cmd "0" --dry-run allow RunTest rm -f $TESTPATH/etc/ufw/applications.d/runtest echo "TESTING APPLICATION INTEGRATION (update)" >> $TESTTMP/result do_cmd "0" app default allow do_cmd "0" --dry-run app update --add-new Apache do_cmd "0" app default deny do_cmd "0" --dry-run app update --add-new Samba do_cmd "0" app default skip do_cmd "0" --dry-run app update --add-new Bind9 do_cmd "0" app default reject do_cmd "0" --dry-run app update --add-new Samba echo "TESTING APPLICATION INTEGRATION (exact vs multi)" >> $TESTTMP/result cat > $TESTPATH/etc/ufw/applications.d/Runtest2 << EOM [Runtest2] title=runtest title description=runtest description ports=23/tcp EOM cat > $TESTPATH/etc/ufw/applications.d/RunTest2 << EOM [RunTest2] title=runtest title description=runtest description ports=24/tcp EOM do_cmd "0" null --dry-run allow RunTest2 rm -f $TESTPATH/etc/ufw/applications.d/Runtest2 $TESTPATH/etc/ufw/applications.d/RunTest2 echo "TESTING INSERT" >> $TESTTMP/result do_cmd "0" null allow Apache do_cmd "0" null allow Bind9 do_cmd "0" null insert 1 allow Samba do_cmd "0" null insert 2 reject 'Dovecot POP3' cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow Apache do_cmd "0" null delete allow Bind9 do_cmd "0" null delete allow Samba do_cmd "0" null delete reject 'Dovecot POP3' cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null allow Samba do_cmd "0" null allow 13 do_cmd "0" null insert 2 allow log-all from any to any app Samba do_cmd "0" null insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba do_cmd "0" null insert 2 allow from 192.168.0.1 to any app Samba do_cmd "0" null insert 2 allow from 192.168.0.1 app Samba to 10.0.0.1 do_cmd "0" null insert 2 allow from any app Samba to 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow Samba do_cmd "0" null delete allow 13 do_cmd "0" null delete allow log-all from any to any app Samba do_cmd "0" null delete allow from 192.168.0.1 to 10.0.0.1 app Samba do_cmd "0" null delete allow from 192.168.0.1 to any app Samba do_cmd "0" null delete allow from 192.168.0.1 app Samba to 10.0.0.1 do_cmd "0" null delete allow from any app Samba to 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "TESTING APPLICATION INTEGRATION (interfaces)" >> $TESTTMP/result for i in "in" "out" ; do for j in allow deny limit reject ; do do_cmd "0" null $j $i on eth0 to 192.168.0.1 app Samba do_cmd "0" null $j $i on eth0 from 10.0.0.1 app Samba do_cmd "0" null $j $i on eth0 from 10.0.0.1 to any app Samba cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete $j $i on eth0 to 192.168.0.1 app Samba do_cmd "0" null delete $j $i on eth0 from 10.0.0.1 app Samba do_cmd "0" null delete $j $i on eth0 from 10.0.0.1 to any app Samba cat $TESTCONFIG/user.rules >> $TESTTMP/result done do_cmd "0" null allow $i on eth0 to any app Samba do_cmd "0" null allow $i on eth1 to any port 13 do_cmd "0" null insert 2 allow $i on eth2 to any app Samba cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow $i on eth0 to any app Samba do_cmd "0" null delete allow $i on eth1 to any port 13 do_cmd "0" null delete allow $i on eth2 to any app Samba cat $TESTCONFIG/user.rules >> $TESTTMP/result done echo "TESTING SHIPPED APPLICATION PROFILES" >> $TESTTMP/result grep '^\[' $TESTPATH/etc/ufw/applications.d/ufw-* | cut -f 2 -d ':' | sed -e 's/\[//' -e 's/\]//' | \ while read line ; do do_cmd "0" null app info "$line" do_cmd "0" null allow "$line" do_cmd "0" null delete allow "$line" done cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend" >> $TESTTMP/result do_cmd "0" null allow to any app Samba do_cmd "0" null prepend deny to any app Samba from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow to any app Samba do_cmd "0" null delete deny to any app Samba from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result echo "Prepend (no rules)" >> $TESTTMP/result do_cmd "0" null prepend allow to any app Samba from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result do_cmd "0" null delete allow to any app Samba from 10.0.0.1 cat $TESTCONFIG/user.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/good/apps/result0000644000175000017500000167273613404772663015537 0ustar jamiejamieTESTING APPLICATION INTEGRATION (args) 0: app list WARN: Checks disabled Available applications: 0verkill A aZ9 _-.+ AIM Apache Apache Full Apache Secure Bind9 Bonjour CIFS Custom Web App Custom Web App2 DNS Deluge Dovecot IMAP Dovecot POP3 Dovecot Secure IMAP Dovecot Secure POP3 IMAP IMAPS IPP KTorrent Kerberos Admin Kerberos Full Kerberos KDC Kerberos Password LDAP LDAPS LPD MSN MSN SSL Mail submission Multi TCP Multi UDP NFS No Protocol OpenNTPD POP3 POP3S PeopleNearby SMTP SSH Samba Socks Telnet Transmission Transparent Proxy VNC WWW WWW Cache WWW Full WWW Secure XMPP Yahoo a aZ9 _-.+ qBittorrent svnserve 1: app info Apache WARN: Checks disabled Profile: Apache Title: Web Server Description: Apache v2 is the next generation of the omnipresent Apache web server. Port: 80/tcp 2: app info Apache Secure WARN: Checks disabled Profile: Apache Secure Title: Web Server (HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Port: 443/tcp 3: app info Apache Full WARN: Checks disabled Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp 4: app info Bind9 WARN: Checks disabled Profile: Bind9 Title: Internet Domain Name Server Description: The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supportsed by the Internet Software Consortium, www.isc.org. Port: 53 5: app info Samba WARN: Checks disabled Profile: Samba Title: LanManager-like file and printer server for Unix Description: The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Ports: 137,138/udp 139,445/tcp 6: app info Custom Web App WARN: Checks disabled Profile: Custom Web App Title: Example profile for a custom web application Description: Some nice descriptive text here Port: 8080/tcp 7: app info Custom Web App2 WARN: Checks disabled Profile: Custom Web App2 Title: Example profile for a custom web application Description: Some nice descriptive text here Port: 8080:8089/tcp 8: app info all WARN: Checks disabled Profile: 0verkill Title: 0verkill Description: A ASCII-art 2D deathmatch game Ports: 6666/udp 6666/tcp -- Profile: A aZ9 _-.+ Title: Example title Description: Example description Port: 80 -- Profile: AIM Title: AIM Talk Description: AIM talk protocol Port: 5190/tcp -- Profile: Apache Title: Web Server Description: Apache v2 is the next generation of the omnipresent Apache web server. Port: 80/tcp -- Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp -- Profile: Apache Secure Title: Web Server (HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Port: 443/tcp -- Profile: Bind9 Title: Internet Domain Name Server Description: The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supportsed by the Internet Software Consortium, www.isc.org. Port: 53 -- Profile: Bonjour Title: Bonjour Description: Bonjour protocol Ports: 5353/udp 5298 -- Profile: CIFS Title: SMB/CIFS server Description: SMB/CIFS server Ports: 137,138/udp 139,445/tcp -- Profile: Custom Web App Title: Example profile for a custom web application Description: Some nice descriptive text here Port: 8080/tcp -- Profile: Custom Web App2 Title: Example profile for a custom web application Description: Some nice descriptive text here Port: 8080:8089/tcp -- Profile: DNS Title: Internet Domain Name Server Description: Internet Domain Name Server Port: 53 -- Profile: Deluge Title: Deluge Description: Deluge BitTorrent client Port: 6881:6891/tcp -- Profile: Dovecot IMAP Title: Secure mail server (IMAP) Description: Dovecot is a mail server whose major goals are security and extreme reliability. Port: 143/tcp -- Profile: Dovecot POP3 Title: Secure mail server (POP3) Description: Dovecot is a mail server whose major goals are security and extreme reliability. Port: 110/tcp -- Profile: Dovecot Secure IMAP Title: Secure mail server (IMAPS) Description: Dovecot is a mail server whose major goals are security and extreme reliability. Port: 993/tcp -- Profile: Dovecot Secure POP3 Title: Secure mail server (POP3S) Description: Dovecot is a mail server whose major goals are security and extreme reliability. Port: 995/tcp -- Profile: IMAP Title: Mail server (IMAP) Description: Mail server (IMAP) Port: 143/tcp -- Profile: IMAPS Title: Secure mail server (IMAPS) Description: Secure mail server (IMAPS) Port: 993/tcp -- Profile: IPP Title: Cups server (IPP) Description: Cups server (IPP) Port: 631 -- Profile: KTorrent Title: KTorrent Description: KTorrent BitTorrent client Ports: 6881/tcp 4444/udp -- Profile: Kerberos Admin Title: Kerberos v5 admin Description: Kerberos v5 server Port: 749/tcp -- Profile: Kerberos Full Title: Kerberos v5 server Description: Kerberos v5 server Ports: 88,749/tcp 464/udp -- Profile: Kerberos KDC Title: Kerberos v5 KDC server Description: Kerberos v5 KDC server Port: 88 -- Profile: Kerberos Password Title: Kerberos v5 password Description: Kerberos v5 password Port: 464/udp -- Profile: LDAP Title: LDAP server Description: LDAP server Port: 389/tcp -- Profile: LDAPS Title: LDAP server (LDAPS) Description: LDAP server (LDAPS) Port: 636/tcp -- Profile: LPD Title: LPD server Description: LPD server Port: 515/tcp -- Profile: MSN Title: MSN Chat Description: MSN chat protocol (with file transfer and voice) Ports: 1863 6891:6900/tcp 6901 -- Profile: MSN SSL Title: MSN Chat (SSL) Description: MSN chat protocol (SSL) Port: 443/tcp -- Profile: Mail submission Title: Mail server (Submission) Description: Mail server (Submission) Port: 587/tcp -- Profile: Multi TCP Title: Mutli TCP Description: Example description Ports: 1234,5678/tcp -- Profile: Multi UDP Title: Multi UDP Description: Example description Ports: 1234,5678/udp -- Profile: NFS Title: NFS server Description: NFS and portmap server. Will also need access to mountd, statd and possibly others Ports: 2049,111/tcp 2049,111/udp -- Profile: No Protocol Title: No Protocol Description: Example description Port: 1234 -- Profile: OpenNTPD Title: OpenBSD NTP daemon Description: NTP, the Network Time Protocol, is used to keep the computer clocks synchronized. It provides the ability to sync the local clock to remote NTP servers and can act as NTP server itself, redistributing the local clock. Port: 123/udp -- Profile: POP3 Title: Mail server (POP3) Description: Mail server (POP3) Port: 110/tcp -- Profile: POP3S Title: Secure mail server (POP3S) Description: Secure mail server (POP3S) Port: 995/tcp -- Profile: PeopleNearby Title: People Nearby Description: People Nearby (Bonjour/Salut) functionality in Empathy Ports: 5353/udp 5298 -- Profile: SMTP Title: Mail server (SMTP) Description: Mail server (SMTP) Port: 25/tcp -- Profile: SSH Title: SSH server Description: SSH server Port: 22/tcp -- Profile: Samba Title: LanManager-like file and printer server for Unix Description: The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Ports: 137,138/udp 139,445/tcp -- Profile: Socks Title: Socks proxy Description: Socks proxy Port: 1080/tcp -- Profile: Telnet Title: Telnet server (insecure) Description: Telnet server (insecure) Port: 23/tcp -- Profile: Transmission Title: Transmission Description: Transmission BitTorrent client Port: 51413 -- Profile: Transparent Proxy Title: Transparent proxy Description: Transparent proxy Port: 8081/tcp -- Profile: VNC Title: VNC server Description: VNC server Port: 5900/tcp -- Profile: WWW Title: Web Server Description: Web server Port: 80/tcp -- Profile: WWW Cache Title: Web Server (8080) Description: Web Server (8080) Port: 8080/tcp -- Profile: WWW Full Title: Web Server (HTTP,HTTPS) Description: Web Server (HTTP,HTTPS) Ports: 80,443/tcp -- Profile: WWW Secure Title: Web Server (HTTPS) Description: Web Server (HTTPS) Port: 443/tcp -- Profile: XMPP Title: XMPP Chat Description: XMPP protocol (Jabber and Google Talk) Ports: 5222/tcp 5269/tcp -- Profile: Yahoo Title: Yahoo Chat Description: Yahoo chat protocol Port: 5050 -- Profile: a aZ9 _-.+ Title: Example title Description: Example description Port: 80/tcp -- Profile: qBittorrent Title: qBittorrent Description: qBittorrent BitTorrent client Port: 6881/tcp -- Profile: svnserve Title: Subversion server Description: Subversion server for access to Subversion repositories. Port: 3690/tcp 9: app info 0verkill WARN: Checks disabled Profile: 0verkill Title: 0verkill Description: A ASCII-art 2D deathmatch game Ports: 6666/udp 6666/tcp TESTING APPLICATION INTEGRATION (simple rules) 10: --dry-run allow Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 11: --dry-run allow Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -j ACCEPT -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 12: --dry-run allow Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 13: --dry-run allow Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 14: --dry-run allow Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 15: --dry-run allow OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -j ACCEPT -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 16: --dry-run allow Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ACCEPT -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 17: --dry-run allow Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ACCEPT -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 18: --dry-run allow Custom Web App2 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 8080:8089 0.0.0.0/0 any 0.0.0.0/0 Custom%20Web%20App2 - in -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -j ACCEPT -m comment --comment 'dapp_Custom%20Web%20App2' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 19: --dry-run deny Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 20: --dry-run deny Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -j DROP -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 21: --dry-run deny Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -j DROP -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 22: --dry-run deny Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 23: --dry-run deny Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 24: --dry-run deny OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -j DROP -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 25: --dry-run deny Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j DROP -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 26: --dry-run deny Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j DROP -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 27: --dry-run deny Custom Web App2 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 8080:8089 0.0.0.0/0 any 0.0.0.0/0 Custom%20Web%20App2 - in -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -j DROP -m comment --comment 'dapp_Custom%20Web%20App2' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 28: --dry-run limit Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 29: --dry-run limit Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 30: --dry-run limit Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 31: --dry-run limit Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 32: --dry-run limit Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 33: --dry-run limit OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 34: --dry-run limit Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 35: --dry-run limit Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 36: --dry-run limit Custom Web App2 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 8080:8089 0.0.0.0/0 any 0.0.0.0/0 Custom%20Web%20App2 - in -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Custom%20Web%20App2' -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Custom%20Web%20App2' -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -j ufw-user-limit-accept -m comment --comment 'dapp_Custom%20Web%20App2' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TESTING APPLICATION INTEGRATION (extended rules) 37: --dry-run allow to 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 192.168.0.0/16 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 38: --dry-run allow to 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -j ACCEPT -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 39: --dry-run allow to 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80,443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 40: --dry-run allow to 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 53 192.168.0.0/16 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 41: --dry-run allow to 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 42: --dry-run allow to 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 123 192.168.0.0/16 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -j ACCEPT -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 43: --dry-run allow to 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 44: --dry-run allow to 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ACCEPT -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 45: --dry-run allow to any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 46: --dry-run allow to any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -j ACCEPT -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 47: --dry-run allow to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ACCEPT -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 48: --dry-run allow to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 49: --dry-run allow to any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 50: --dry-run allow to any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -j ACCEPT -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 51: --dry-run allow to any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ACCEPT -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 52: --dry-run allow to any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ACCEPT -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 53: --dry-run allow from 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 80 192.168.0.0/16 - Apache in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -j ACCEPT -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 54: --dry-run allow from 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 443 192.168.0.0/16 - Apache%20Secure in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -j ACCEPT -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 55: --dry-run allow from 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 80,443 192.168.0.0/16 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 56: --dry-run allow from 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 53 192.168.0.0/16 - Bind9 in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -j ACCEPT -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -j ACCEPT -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 57: --dry-run allow from 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 192.168.0.0/16 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 58: --dry-run allow from 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 123 192.168.0.0/16 - OpenNTPD in -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -j ACCEPT -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 59: --dry-run allow from 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 60: --dry-run allow from 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ACCEPT -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 61: --dry-run allow from any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --sport 80 -j ACCEPT -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 62: --dry-run allow from any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 443 0.0.0.0/0 - Apache%20Secure in -A ufw-user-input -p tcp --sport 443 -j ACCEPT -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 63: --dry-run allow from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 80,443 0.0.0.0/0 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -j ACCEPT -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 64: --dry-run allow from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 53 0.0.0.0/0 - Bind9 in -A ufw-user-input -p tcp --sport 53 -j ACCEPT -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp --sport 53 -j ACCEPT -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 65: --dry-run allow from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 66: --dry-run allow from any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --sport 123 -j ACCEPT -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 67: --dry-run allow from any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -j ACCEPT -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 68: --dry-run allow from any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -j ACCEPT -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 69: --dry-run allow from 192.168.0.1 app Apache to 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 8080 192.168.0.2 80 192.168.0.1 - Apache in -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -j ACCEPT -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 70: --dry-run allow from 192.168.0.1 app OpenNTPD to 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 10123 192.168.0.2 123 192.168.0.1 - OpenNTPD in -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -j ACCEPT -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 71: --dry-run allow from 192.168.0.1 app Samba to 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### allow tcp 53 192.168.0.2 139,445 192.168.0.1 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 72: --dry-run allow from 192.168.0.1 app Samba to 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp 13 192.168.0.2 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 73: --dry-run allow from 192.168.0.1 app Apache to 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80,443 192.168.0.2 80 192.168.0.1 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 74: --dry-run allow to 192.168.0.1 app Apache from 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 192.168.0.1 8080 192.168.0.2 Apache - in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 75: --dry-run allow to 192.168.0.1 app OpenNTPD from 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 123 192.168.0.1 10123 192.168.0.2 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -j ACCEPT -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 76: --dry-run allow to 192.168.0.1 app Samba from 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### allow tcp 139,445 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 77: --dry-run allow to 192.168.0.1 app Samba from 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 78: --dry-run allow to 192.168.0.1 app Apache from 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 192.168.0.1 80,443 192.168.0.2 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -j ACCEPT -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 79: --dry-run allow to 192.168.0.1 app Samba from 192.168.0.1 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 80: --dry-run allow from any app Apache to any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 8080 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --dport 8080 --sport 80 -j ACCEPT -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 81: --dry-run allow from any app OpenNTPD to any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 10123 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --dport 10123 --sport 123 -j ACCEPT -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 82: --dry-run allow from any app Samba to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### allow tcp 53 0.0.0.0/0 139,445 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 83: --dry-run allow from any app Samba to any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp 13 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 84: --dry-run allow from any app Apache to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80,443 0.0.0.0/0 80 0.0.0.0/0 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -j ACCEPT -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 85: --dry-run allow to any app Apache from any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 8080 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 --sport 8080 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 86: --dry-run allow to any app OpenNTPD from any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 123 0.0.0.0/0 10123 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 --sport 10123 -j ACCEPT -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 87: --dry-run allow to any app Samba from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### allow tcp 139,445 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 88: --dry-run allow to any app Samba from any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 89: --dry-run allow to any app Apache from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 80,443 0.0.0.0/0 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -j ACCEPT -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 90: --dry-run allow to any app Samba from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 139,445 0.0.0.0/0 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 91: --dry-run deny to 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 192.168.0.0/16 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -j DROP -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 92: --dry-run deny to 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -j DROP -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 93: --dry-run deny to 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80,443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 94: --dry-run deny to 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 53 192.168.0.0/16 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -j DROP -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 95: --dry-run deny to 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 96: --dry-run deny to 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 123 192.168.0.0/16 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -j DROP -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 97: --dry-run deny to 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 98: --dry-run deny to 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j DROP -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 99: --dry-run deny to any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 100: --dry-run deny to any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -j DROP -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 101: --dry-run deny to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -j DROP -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 102: --dry-run deny to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j DROP -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 103: --dry-run deny to any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 104: --dry-run deny to any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -j DROP -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 105: --dry-run deny to any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j DROP -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 106: --dry-run deny to any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j DROP -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 107: --dry-run deny from 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 80 192.168.0.0/16 - Apache in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -j DROP -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 108: --dry-run deny from 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 443 192.168.0.0/16 - Apache%20Secure in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -j DROP -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 109: --dry-run deny from 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 80,443 192.168.0.0/16 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 110: --dry-run deny from 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 53 192.168.0.0/16 - Bind9 in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -j DROP -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -j DROP -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 111: --dry-run deny from 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp any 0.0.0.0/0 139,445 192.168.0.0/16 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 112: --dry-run deny from 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 123 192.168.0.0/16 - OpenNTPD in -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -j DROP -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 113: --dry-run deny from 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 114: --dry-run deny from 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j DROP -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 115: --dry-run deny from any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --sport 80 -j DROP -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 116: --dry-run deny from any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 443 0.0.0.0/0 - Apache%20Secure in -A ufw-user-input -p tcp --sport 443 -j DROP -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 117: --dry-run deny from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 80,443 0.0.0.0/0 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -j DROP -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 118: --dry-run deny from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 53 0.0.0.0/0 - Bind9 in -A ufw-user-input -p tcp --sport 53 -j DROP -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp --sport 53 -j DROP -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 119: --dry-run deny from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 120: --dry-run deny from any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --sport 123 -j DROP -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 121: --dry-run deny from any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -j DROP -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 122: --dry-run deny from any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -j DROP -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 123: --dry-run deny from 192.168.0.1 app Apache to 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 8080 192.168.0.2 80 192.168.0.1 - Apache in -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -j DROP -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 124: --dry-run deny from 192.168.0.1 app OpenNTPD to 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 10123 192.168.0.2 123 192.168.0.1 - OpenNTPD in -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -j DROP -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 125: --dry-run deny from 192.168.0.1 app Samba to 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### deny tcp 53 192.168.0.2 139,445 192.168.0.1 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 126: --dry-run deny from 192.168.0.1 app Samba to 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp 13 192.168.0.2 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 127: --dry-run deny from 192.168.0.1 app Apache to 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80,443 192.168.0.2 80 192.168.0.1 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 128: --dry-run deny to 192.168.0.1 app Apache from 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 192.168.0.1 8080 192.168.0.2 Apache - in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -j DROP -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 129: --dry-run deny to 192.168.0.1 app OpenNTPD from 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 123 192.168.0.1 10123 192.168.0.2 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -j DROP -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 130: --dry-run deny to 192.168.0.1 app Samba from 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### deny tcp 139,445 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 131: --dry-run deny to 192.168.0.1 app Samba from 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 132: --dry-run deny to 192.168.0.1 app Apache from 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 192.168.0.1 80,443 192.168.0.2 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -j DROP -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 133: --dry-run deny to 192.168.0.1 app Samba from 192.168.0.1 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 134: --dry-run deny from any app Apache to any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 8080 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --dport 8080 --sport 80 -j DROP -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 135: --dry-run deny from any app OpenNTPD to any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 10123 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --dport 10123 --sport 123 -j DROP -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 136: --dry-run deny from any app Samba to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### deny tcp 53 0.0.0.0/0 139,445 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -j DROP -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 137: --dry-run deny from any app Samba to any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp 13 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -j DROP -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 138: --dry-run deny from any app Apache to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80,443 0.0.0.0/0 80 0.0.0.0/0 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -j DROP -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 139: --dry-run deny to any app Apache from any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 8080 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 --sport 8080 -j DROP -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 140: --dry-run deny to any app OpenNTPD from any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 123 0.0.0.0/0 10123 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 --sport 10123 -j DROP -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 141: --dry-run deny to any app Samba from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### deny tcp 139,445 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -j DROP -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 142: --dry-run deny to any app Samba from any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 143: --dry-run deny to any app Apache from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 80,443 0.0.0.0/0 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -j DROP -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 144: --dry-run deny to any app Samba from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 139,445 0.0.0.0/0 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 145: --dry-run limit to 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 192.168.0.0/16 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 146: --dry-run limit to 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 147: --dry-run limit to 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80,443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 148: --dry-run limit to 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 53 192.168.0.0/16 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 149: --dry-run limit to 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 192.168.0.0/16 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 150: --dry-run limit to 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 123 192.168.0.0/16 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 151: --dry-run limit to 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 152: --dry-run limit to 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 153: --dry-run limit to any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 154: --dry-run limit to any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in -A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure' -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 155: --dry-run limit to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 156: --dry-run limit to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 157: --dry-run limit to any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 158: --dry-run limit to any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 159: --dry-run limit to any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 160: --dry-run limit to any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in -A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 161: --dry-run limit from 192.168.0.0/16 app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.0/16 - Apache in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 162: --dry-run limit from 192.168.0.0/16 app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 443 192.168.0.0/16 - Apache%20Secure in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 163: --dry-run limit from 192.168.0.0/16 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 80,443 192.168.0.0/16 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 164: --dry-run limit from 192.168.0.0/16 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 53 192.168.0.0/16 - Bind9 in -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 165: --dry-run limit from 192.168.0.0/16 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp any 0.0.0.0/0 139,445 192.168.0.0/16 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 166: --dry-run limit from 192.168.0.0/16 app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 123 192.168.0.0/16 - OpenNTPD in -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 167: --dry-run limit from 192.168.0.0/16 app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 168: --dry-run limit from 192.168.0.0/16 app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 169: --dry-run limit from any app Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 170: --dry-run limit from any app Apache Secure WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 443 0.0.0.0/0 - Apache%20Secure in -A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure' -A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure' -A ufw-user-input -p tcp --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 171: --dry-run limit from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 80,443 0.0.0.0/0 - Apache%20Full in -A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 172: --dry-run limit from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit any any 0.0.0.0/0 53 0.0.0.0/0 - Bind9 in -A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' -A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' -A ufw-user-input -p tcp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9' -A ufw-user-input -p udp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 173: --dry-run limit from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 174: --dry-run limit from any app OpenNTPD WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 175: --dry-run limit from any app Multi TCP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20TCP in -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP' -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 176: --dry-run limit from any app Multi UDP WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20UDP in -A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP' -A ufw-user-input -p udp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 177: --dry-run limit from 192.168.0.1 app Apache to 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 8080 192.168.0.2 80 192.168.0.1 - Apache in -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 178: --dry-run limit from 192.168.0.1 app OpenNTPD to 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 10123 192.168.0.2 123 192.168.0.1 - OpenNTPD in -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 179: --dry-run limit from 192.168.0.1 app Samba to 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### limit tcp 53 192.168.0.2 139,445 192.168.0.1 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 180: --dry-run limit from 192.168.0.1 app Samba to 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13 192.168.0.2 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp 13 192.168.0.2 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 181: --dry-run limit from 192.168.0.1 app Apache to 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80,443 192.168.0.2 80 192.168.0.1 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 182: --dry-run limit to 192.168.0.1 app Apache from 192.168.0.2 port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 192.168.0.1 8080 192.168.0.2 Apache - in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 183: --dry-run limit to 192.168.0.1 app OpenNTPD from 192.168.0.2 port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 123 192.168.0.1 10123 192.168.0.2 OpenNTPD - in -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 184: --dry-run limit to 192.168.0.1 app Samba from 192.168.0.2 app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### limit tcp 139,445 192.168.0.1 53 192.168.0.2 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 185: --dry-run limit to 192.168.0.1 app Samba from 192.168.0.2 port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 192.168.0.1 13 192.168.0.2 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 186: --dry-run limit to 192.168.0.1 app Apache from 192.168.0.2 app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 192.168.0.1 80,443 192.168.0.2 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 187: --dry-run limit to 192.168.0.1 app Samba from 192.168.0.1 app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### limit tcp 139,445 192.168.0.1 139,445 192.168.0.1 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 188: --dry-run limit from any app Apache to any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 8080 0.0.0.0/0 80 0.0.0.0/0 - Apache in -A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache' -A ufw-user-input -p tcp --dport 8080 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 189: --dry-run limit from any app OpenNTPD to any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 10123 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in -A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD' -A ufw-user-input -p udp --dport 10123 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 190: --dry-run limit from any app Samba to any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### tuple ### limit tcp 53 0.0.0.0/0 139,445 0.0.0.0/0 Bind9 Samba in -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 191: --dry-run limit from any app Samba to any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 13 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp 13 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 192: --dry-run limit from any app Apache to any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80,443 0.0.0.0/0 80 0.0.0.0/0 Apache%20Full Apache in -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache' -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 193: --dry-run limit to any app Apache from any port 8080 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 0.0.0.0/0 8080 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache' -A ufw-user-input -p tcp --dport 80 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 194: --dry-run limit to any app OpenNTPD from any port 10123 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 123 0.0.0.0/0 10123 0.0.0.0/0 OpenNTPD - in -A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD' -A ufw-user-input -p udp --dport 123 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 195: --dry-run limit to any app Samba from any app Bind9 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### tuple ### limit tcp 139,445 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 196: --dry-run limit to any app Samba from any port 13 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 13 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 13 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 13 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 197: --dry-run limit to any app Apache from any app Apache Full WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 80 0.0.0.0/0 80,443 0.0.0.0/0 Apache Apache%20Full in -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full' -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 198: --dry-run limit to any app Samba from any app Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 139,445 0.0.0.0/0 Samba Samba in -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TESTING APPLICATION INTEGRATION (case insensitive) 199: --dry-run allow runtest WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 runtest - in -A ufw-user-input -p tcp --dport 23 -j ACCEPT -m comment --comment 'dapp_runtest' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 200: --dry-run allow RunTest WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 23 0.0.0.0/0 any 0.0.0.0/0 runtest - in -A ufw-user-input -p tcp --dport 23 -j ACCEPT -m comment --comment 'dapp_runtest' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TESTING APPLICATION INTEGRATION (update) 201: app default allow WARN: Checks disabled Default application policy changed to 'allow' 202: --dry-run app update --add-new Apache WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 203: app default deny WARN: Checks disabled Default application policy changed to 'deny' 204: --dry-run app update --add-new Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 205: app default skip WARN: Checks disabled Default application policy changed to 'skip' 206: --dry-run app update --add-new Bind9 WARN: Checks disabled 207: app default reject WARN: Checks disabled Default application policy changed to 'reject' 208: --dry-run app update --add-new Samba WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated TESTING APPLICATION INTEGRATION (exact vs multi) 209: --dry-run allow RunTest2 TESTING INSERT 210: allow Apache 211: allow Bind9 212: insert 1 allow Samba 213: insert 2 reject Dovecot POP3 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 110 0.0.0.0/0 any 0.0.0.0/0 Dovecot%20POP3 - in -A ufw-user-input -p tcp --dport 110 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Dovecot%20POP3' ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache' ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' -A ufw-user-input -p udp --dport 53 -j ACCEPT -m comment --comment 'dapp_Bind9' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 214: delete allow Apache 215: delete allow Bind9 216: delete allow Samba 217: delete reject Dovecot POP3 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 218: allow Samba 219: allow 13 220: insert 2 allow log-all from any to any app Samba 221: insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba 222: insert 2 allow from 192.168.0.1 to any app Samba 223: insert 2 allow from 192.168.0.1 app Samba to 10.0.0.1 224: insert 2 allow from any app Samba to 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 0.0.0.0/0 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 0.0.0.0/0 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp any 10.0.0.1 137,138 192.168.0.1 - Samba in -A ufw-user-input -p udp -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 10.0.0.1 139,445 192.168.0.1 - Samba in -A ufw-user-input -p tcp -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 225: delete allow Samba 226: delete allow 13 227: delete allow log-all from any to any app Samba 228: delete allow from 192.168.0.1 to 10.0.0.1 app Samba 229: delete allow from 192.168.0.1 to any app Samba 230: delete allow from 192.168.0.1 app Samba to 10.0.0.1 231: delete allow from any app Samba to 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT TESTING APPLICATION INTEGRATION (interfaces) 232: allow in on eth0 to 192.168.0.1 app Samba 233: allow in on eth0 from 10.0.0.1 app Samba 234: allow in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 235: delete allow in on eth0 to 192.168.0.1 app Samba 236: delete allow in on eth0 from 10.0.0.1 app Samba 237: delete allow in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 238: deny in on eth0 to 192.168.0.1 app Samba 239: deny in on eth0 from 10.0.0.1 app Samba 240: deny in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 241: delete deny in on eth0 to 192.168.0.1 app Samba 242: delete deny in on eth0 from 10.0.0.1 app Samba 243: delete deny in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 244: limit in on eth0 to 192.168.0.1 app Samba 245: limit in on eth0 from 10.0.0.1 app Samba 246: limit in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 247: delete limit in on eth0 to 192.168.0.1 app Samba 248: delete limit in on eth0 from 10.0.0.1 app Samba 249: delete limit in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 250: reject in on eth0 to 192.168.0.1 app Samba 251: reject in on eth0 from 10.0.0.1 app Samba 252: reject in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'sapp_Samba' ### tuple ### reject tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'sapp_Samba' ### tuple ### reject udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 253: delete reject in on eth0 to 192.168.0.1 app Samba 254: delete reject in on eth0 from 10.0.0.1 app Samba 255: delete reject in on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 256: allow in on eth0 to any app Samba 257: allow in on eth1 to any port 13 258: insert 2 allow in on eth2 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth0 -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2 -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in_eth1 -A ufw-user-input -i eth1 -p tcp --dport 13 -j ACCEPT -A ufw-user-input -i eth1 -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 259: delete allow in on eth0 to any app Samba 260: delete allow in on eth1 to any port 13 261: delete allow in on eth2 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 262: allow out on eth0 to 192.168.0.1 app Samba 263: allow out on eth0 from 10.0.0.1 app Samba 264: allow out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'sapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 265: delete allow out on eth0 to 192.168.0.1 app Samba 266: delete allow out on eth0 from 10.0.0.1 app Samba 267: delete allow out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 268: deny out on eth0 to 192.168.0.1 app Samba 269: deny out on eth0 from 10.0.0.1 app Samba 270: deny out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'sapp_Samba' ### tuple ### deny udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 271: delete deny out on eth0 to 192.168.0.1 app Samba 272: delete deny out on eth0 from 10.0.0.1 app Samba 273: delete deny out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 274: limit out on eth0 to 192.168.0.1 app Samba 275: limit out on eth0 from 10.0.0.1 app Samba 276: limit out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba' ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 277: delete limit out on eth0 to 192.168.0.1 app Samba 278: delete limit out on eth0 from 10.0.0.1 app Samba 279: delete limit out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 280: reject out on eth0 to 192.168.0.1 app Samba 281: reject out on eth0 from 10.0.0.1 app Samba 282: reject out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### tuple ### reject udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'sapp_Samba' ### tuple ### reject tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'sapp_Samba' ### tuple ### reject udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 283: delete reject out on eth0 to 192.168.0.1 app Samba 284: delete reject out on eth0 from 10.0.0.1 app Samba 285: delete reject out on eth0 from 10.0.0.1 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 286: allow out on eth0 to any app Samba 287: allow out on eth1 to any port 13 288: insert 2 allow out on eth2 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth0 -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2 -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 out_eth1 -A ufw-user-output -o eth1 -p tcp --dport 13 -j ACCEPT -A ufw-user-output -o eth1 -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 289: delete allow out on eth0 to any app Samba 290: delete allow out on eth1 to any port 13 291: delete allow out on eth2 to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT TESTING SHIPPED APPLICATION PROFILES 292: app info Transmission 293: allow Transmission 294: delete allow Transmission 295: app info Deluge 296: allow Deluge 297: delete allow Deluge 298: app info KTorrent 299: allow KTorrent 300: delete allow KTorrent 301: app info qBittorrent 302: allow qBittorrent 303: delete allow qBittorrent 304: app info PeopleNearby 305: allow PeopleNearby 306: delete allow PeopleNearby 307: app info Bonjour 308: allow Bonjour 309: delete allow Bonjour 310: app info MSN 311: allow MSN 312: delete allow MSN 313: app info MSN SSL 314: allow MSN SSL 315: delete allow MSN SSL 316: app info AIM 317: allow AIM 318: delete allow AIM 319: app info Yahoo 320: allow Yahoo 321: delete allow Yahoo 322: app info XMPP 323: allow XMPP 324: delete allow XMPP 325: app info Kerberos KDC 326: allow Kerberos KDC 327: delete allow Kerberos KDC 328: app info Kerberos Admin 329: allow Kerberos Admin 330: delete allow Kerberos Admin 331: app info Kerberos Password 332: allow Kerberos Password 333: delete allow Kerberos Password 334: app info Kerberos Full 335: allow Kerberos Full 336: delete allow Kerberos Full 337: app info LDAP 338: allow LDAP 339: delete allow LDAP 340: app info LDAPS 341: allow LDAPS 342: delete allow LDAPS 343: app info DNS 344: allow DNS 345: delete allow DNS 346: app info CIFS 347: allow CIFS 348: delete allow CIFS 349: app info NFS 350: allow NFS 351: delete allow NFS 352: app info svnserve 353: allow svnserve 354: delete allow svnserve 355: app info Telnet 356: allow Telnet 357: delete allow Telnet 358: app info SSH 359: allow SSH 360: delete allow SSH 361: app info VNC 362: allow VNC 363: delete allow VNC 364: app info POP3 365: allow POP3 366: delete allow POP3 367: app info POP3S 368: allow POP3S 369: delete allow POP3S 370: app info IMAP 371: allow IMAP 372: delete allow IMAP 373: app info IMAPS 374: allow IMAPS 375: delete allow IMAPS 376: app info SMTP 377: allow SMTP 378: delete allow SMTP 379: app info Mail submission 380: allow Mail submission 381: delete allow Mail submission 382: app info IPP 383: allow IPP 384: delete allow IPP 385: app info LPD 386: allow LPD 387: delete allow LPD 388: app info Socks 389: allow Socks 390: delete allow Socks 391: app info Transparent Proxy 392: allow Transparent Proxy 393: delete allow Transparent Proxy 394: app info WWW 395: allow WWW 396: delete allow WWW 397: app info WWW Secure 398: allow WWW Secure 399: delete allow WWW Secure 400: app info WWW Full 401: allow WWW Full 402: delete allow WWW Full 403: app info WWW Cache 404: allow WWW Cache 405: delete allow WWW Cache *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT Prepend 292: allow to any app Samba 293: prepend deny to any app Samba from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 294: delete allow to any app Samba 295: delete deny to any app Samba from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Prepend (no rules) 296: prepend allow to any app Samba from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT 297: delete allow to any app Samba from 10.0.0.1 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT ufw-0.36/tests/__init__.py0000644000175000017500000000000013257507473014455 0ustar jamiejamieufw-0.36/tests/ipv6/0000755000175000017500000000000013226727543013240 5ustar jamiejamieufw-0.36/tests/ipv6/good_args6/0000755000175000017500000000000013226727543015272 5ustar jamiejamieufw-0.36/tests/ipv6/good_args6/orig0000777000175000017500000000000013226727543020332 2../../defaultsustar jamiejamieufw-0.36/tests/ipv6/good_args6/runtest.sh0000755000175000017500000000266213226727543017343 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "0" --dry-run logging on do_cmd "0" --dry-run logging off do_cmd "0" --dry-run LOGGING ON do_cmd "0" --dry-run LOGGING OFF echo "TESTING ARGS (default)" >> $TESTTMP/result do_cmd "0" --dry-run default allow do_cmd "0" --dry-run default deny do_cmd "0" --dry-run default reject do_cmd "0" --dry-run DEFAULT ALLOW do_cmd "0" --dry-run DEFAULT DENY do_cmd "0" --dry-run DEFAULT REJECT echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result || exit 1 do_cmd "0" --dry-run enable do_cmd "0" --dry-run disable do_cmd "0" --dry-run ENABLE do_cmd "0" --dry-run DISABLE echo "TESTING ARGS (status)" >> $TESTTMP/result || exit 1 do_cmd "0" --dry-run status exit 0 ufw-0.36/tests/ipv6/good_args6/result0000644000175000017500000000326713226727543016543 0ustar jamiejamieTESTING ARGS (logging) 0: --dry-run logging on WARN: Checks disabled Logging enabled 1: --dry-run logging off WARN: Checks disabled Logging disabled 2: --dry-run LOGGING ON WARN: Checks disabled Logging enabled 3: --dry-run LOGGING OFF WARN: Checks disabled Logging disabled TESTING ARGS (default) 4: --dry-run default allow WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 5: --dry-run default deny WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 6: --dry-run default reject WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) 7: --dry-run DEFAULT ALLOW WARN: Checks disabled Default incoming policy changed to 'allow' (be sure to update your rules accordingly) 8: --dry-run DEFAULT DENY WARN: Checks disabled Default incoming policy changed to 'deny' (be sure to update your rules accordingly) 9: --dry-run DEFAULT REJECT WARN: Checks disabled Default incoming policy changed to 'reject' (be sure to update your rules accordingly) TESTING ARGS (enable/disable) 10: --dry-run enable WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 11: --dry-run disable WARN: Checks disabled > running ufw-init Firewall stopped and disabled on system startup 12: --dry-run ENABLE WARN: Checks disabled > running ufw-init Firewall is active and enabled on system startup 13: --dry-run DISABLE WARN: Checks disabled > running ufw-init Firewall stopped and disabled on system startup TESTING ARGS (status) 14: --dry-run status WARN: Checks disabled > Checking iptables > Checking ip6tables ufw-0.36/tests/ipv6/logging/0000755000175000017500000000000013257512304014655 5ustar jamiejamieufw-0.36/tests/ipv6/logging/orig0000777000175000017500000000000013226727543017726 2../../defaultsustar jamiejamieufw-0.36/tests/ipv6/logging/runtest.sh0000755000175000017500000000623713257512304016730 0ustar jamiejamie#!/bin/bash # Copyright 2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #set -x source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "TESTING LOG RULES" >> $TESTTMP/result from="2001:db8::/32" to="2001:db8:3:4:5:6:7:8" for i in allow deny limit reject ; do for j in log log-all ; do do_cmd "0" null $i $j 23 do_cmd "0" null $i $j Samba echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete $i $j 23 do_cmd "0" null delete $i $j Samba echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null $i $j from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete $i $j from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result done done echo "TESTING LOG RULES (updating)" >> $TESTTMP/result do_cmd "0" null allow log Samba do_cmd "0" null deny log-all from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null deny log Samba do_cmd "0" null reject log-all from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete deny log Samba do_cmd "0" null delete reject log-all from $from to $to port smtp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "TESTING LOG RULES (interfaces)" >> $TESTTMP/result do_cmd "0" null allow in on eth0 log do_cmd "0" null allow in on eth0 log from $from to $to port 24 proto tcp do_cmd "0" null deny in on eth0 log-all from $from to $to port 25 proto tcp do_cmd "0" null allow out on eth0 log do_cmd "0" null allow out on eth0 log from $from to $to port 24 proto tcp do_cmd "0" null deny out on eth0 log-all from $from to $to port 25 proto tcp echo "contents of user*.rules:" >> $TESTTMP/result cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/ipv6/logging/result0000644000175000017500000036074013257507473016143 0ustar jamiejamieTESTING LOG RULES 0: allow log 23 1: allow log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 2: delete allow log 23 3: delete allow log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 4: allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 5: delete allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 6: allow log-all 23 7: allow log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 8: delete allow log-all 23 9: delete allow log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 10: allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 11: delete allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 12: deny log 23 13: deny log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 14: delete deny log 23 15: delete deny log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 16: deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 17: delete deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 18: deny log-all 23 19: deny log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 20: delete deny log-all 23 21: delete deny log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 22: deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 23: delete deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 24: limit log 23 25: limit log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 26: delete limit log 23 27: delete limit log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 28: limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 29: delete limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 30: limit log-all 23 31: limit log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 32: delete limit log-all 23 33: delete limit log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 34: limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 35: delete limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 36: reject log 23 37: reject log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 38: delete reject log 23 39: delete reject log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 40: reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 41: delete reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 42: reject log-all 23 43: reject log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 44: delete reject log-all 23 45: delete reject log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 46: reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 47: delete reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT TESTING LOG RULES (updating) 48: allow log Samba 49: deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 50: deny log Samba 51: reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 52: delete deny log Samba 53: delete reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT TESTING LOG RULES (interfaces) 54: allow in on eth0 log 55: allow in on eth0 log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 24 proto tcp 56: deny in on eth0 log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 25 proto tcp 57: allow out on eth0 log 58: allow out on eth0 log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 24 proto tcp 59: deny out on eth0 log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 25 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -j RETURN -A ufw-user-input -i eth0 -j ufw-user-logging-input -A ufw-user-input -i eth0 -j ACCEPT ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -j RETURN -A ufw-user-output -o eth0 -j ufw-user-logging-output -A ufw-user-output -o eth0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 -A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -i eth0 -j RETURN -A ufw6-user-input -i eth0 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -j ACCEPT ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 -A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-output -o eth0 -j RETURN -A ufw6-user-output -o eth0 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -j ACCEPT ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT ufw-0.36/tests/ipv6/logging/result.1.30000644000175000017500000013754413257507473016447 0ustar jamiejamieTESTING LOG RULES 0: allow log 23 1: allow log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### allow_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### END RULES ### COMMIT 2: delete allow log 23 3: delete allow log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 4: allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### COMMIT 5: delete allow log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 6: allow log-all 23 7: allow log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j ACCEPT -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j ACCEPT ### tuple ### allow_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### allow_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j ACCEPT ### END RULES ### COMMIT 8: delete allow log-all 23 9: delete allow log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 10: allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### allow_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### COMMIT 11: delete allow log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 12: deny log 23 13: deny log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### deny_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### END RULES ### COMMIT 14: delete deny log 23 15: delete deny log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 16: deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### COMMIT 17: delete deny log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 18: deny log-all 23 19: deny log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### deny_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### deny_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j DROP ### END RULES ### COMMIT 20: delete deny log-all 23 21: delete deny log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 22: deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### COMMIT 23: delete deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 24: limit log 23 25: limit log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 26: delete limit log 23 27: delete limit log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 28: limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 29: delete limit log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 30: limit log-all 23 31: limit log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba' -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 32: delete limit log-all 23 33: delete limit log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 34: limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 35: delete limit log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 36: reject log 23 37: reject log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### reject_log any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### END RULES ### COMMIT 38: delete reject log 23 39: delete reject log Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 40: reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### COMMIT 41: delete reject log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 42: reject log-all 23 43: reject log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp --dport 23 -j RETURN -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp --dport 23 -j RETURN -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 23 -j REJECT ### tuple ### reject_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba' ### tuple ### reject_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### reject_log-all any 23 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset -A ufw6-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p udp --dport 23 -j RETURN -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 23 -j REJECT ### END RULES ### COMMIT 44: delete reject log-all 23 45: delete reject log-all Samba contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT 46: reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### reject_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### COMMIT 47: delete reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT TESTING LOG RULES (updating) 48: allow log Samba 49: deny log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### COMMIT 50: deny log Samba 51: reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### reject_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset ### END RULES ### COMMIT 52: delete deny log Samba 53: delete reject log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port smtp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### END RULES ### COMMIT TESTING LOG RULES (interfaces) 54: allow in on eth0 log 55: allow in on eth0 log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 24 proto tcp 56: deny in on eth0 log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 25 proto tcp 57: allow out on eth0 log 58: allow out on eth0 log from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 24 proto tcp 59: deny out on eth0 log-all from 2001:db8::/32 to 2001:db8:3:4:5:6:7:8 port 25 proto tcp contents of user*.rules: *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -i eth0 -j RETURN -A ufw-user-input -i eth0 -j ufw-user-logging-input -A ufw-user-input -i eth0 -j ACCEPT ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-output -o eth0 -j RETURN -A ufw-user-output -o eth0 -j ufw-user-logging-output -A ufw-user-output -o eth0 -j ACCEPT ### END RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### ### tuple ### allow_log any any ::/0 any ::/0 in_eth0 -A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -i eth0 -j RETURN -A ufw6-user-input -i eth0 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -j ACCEPT ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0 -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### tuple ### allow_log any any ::/0 any ::/0 out_eth0 -A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-output -o eth0 -j RETURN -A ufw6-user-output -o eth0 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -j ACCEPT ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT ### tuple ### deny_log-all tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0 -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-output -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### COMMIT ufw-0.36/tests/ipv6/rules6/0000755000175000017500000000000013404772663014461 5ustar jamiejamieufw-0.36/tests/ipv6/rules6/orig0000777000175000017500000000000013226727543017520 2../../defaultsustar jamiejamieufw-0.36/tests/ipv6/rules6/runtest.sh0000755000175000017500000001511113404772663016523 0ustar jamiejamie#!/bin/bash # Copyright 2008 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "Man page" >> $TESTTMP/result do_cmd "0" --dry-run deny proto tcp from 2001:db8::/32 to any port 25 echo "TO/FROM" >> $TESTTMP/result from="2001:db8::/32" to="2001:db8:3:4:5:6:7:8" for x in allow deny limit do do_cmd "0" --dry-run $x from $from do_cmd "0" --dry-run delete $x from $from do_cmd "0" --dry-run $x to $to do_cmd "0" --dry-run delete $x to $to do_cmd "0" --dry-run $x to $to from $from do_cmd "0" --dry-run delete $x to $to from $from do_cmd "0" --dry-run $x from $from port 80 do_cmd "0" --dry-run delete $x from $from port 80 do_cmd "0" --dry-run $x to $to port 25 do_cmd "0" --dry-run delete $x to $to port 25 do_cmd "0" --dry-run $x to $to from $from port 80 do_cmd "0" --dry-run delete $x to $to from $from port 80 do_cmd "0" --dry-run $x to $to port 25 from $from do_cmd "0" --dry-run delete $x to $to port 25 from $from do_cmd "0" --dry-run $x to $to port 25 from $from port 80 do_cmd "0" --dry-run delete $x to $to port 25 from $from port 80 for y in udp tcp do do_cmd "0" --dry-run $x from $from port 80 proto $y do_cmd "0" --dry-run delete $x from $from port 80 proto $y do_cmd "0" --dry-run $x to $to port 25 proto $y do_cmd "0" --dry-run delete $x to $to port 25 proto $y do_cmd "0" --dry-run $x to $to from $from port 80 proto $y do_cmd "0" --dry-run delete $x to $to from $from port 80 proto $y do_cmd "0" --dry-run $x to $to port 25 proto $y from $from do_cmd "0" --dry-run delete $x to $to port 25 proto $y from $from do_cmd "0" --dry-run $x to $to port 25 proto $y from $from port 80 do_cmd "0" --dry-run delete $x to $to port 25 proto $y from $from port 80 done do_cmd "0" --dry-run $x to $to port smtp from $from port daytime do_cmd "0" --dry-run delete $x to $to port smtp from $from port daytime do_cmd "0" --dry-run $x to $to port tftp from $from port daytime do_cmd "0" --dry-run delete $x to $to port tftp from $from port daytime do_cmd "0" --dry-run $x to $to port daytime from $from port domain do_cmd "0" --dry-run delete $x to $to port daytime from $from port domain done echo "Netmasks" >> $TESTTMP/result do_cmd "0" --dry-run allow to ::1/0 do_cmd "0" --dry-run allow to ::1/32 do_cmd "0" --dry-run allow to ::1/128 do_cmd "0" --dry-run allow from ::1/0 do_cmd "0" --dry-run allow from ::1/32 do_cmd "0" --dry-run allow from ::1/128 do_cmd "0" --dry-run allow from ::1/32 to ::1/128 echo "Multiports:" >> $TESTTMP/result for i in 2001:db8:85a3:8d3:1319:8a2e:370:734 any; do for j in from to; do k="to" if [ "$j" = "to" ]; then k="from" fi m="${i}1" n="${i}2" if [ "$i" = "any" ]; then m="$i" n="$i" fi do_cmd "0" --dry-run allow $j $m port 34,35 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 proto tcp do_cmd "0" --dry-run allow $j $m port 210,23,21,15:19,13 proto udp do_cmd "0" --dry-run allow $j $m port 34,35 $k $n port 24 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 $k $n port 24 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 $k $n port 24 proto tcp do_cmd "0" --dry-run allow $j $m port 23,21,15:19,13 $k $n port 24 proto udp do_cmd "0" --dry-run allow $j $m port 34,35 $k $n port 24:26 proto tcp do_cmd "0" --dry-run allow $j $m port 34,35:39 $k $n port 24:26 proto udp do_cmd "0" --dry-run allow $j $m port 35:39 $k $n port 24:26 proto tcp do_cmd "0" --dry-run allow $j $m port 23,21,15:19,13 $k $n port 24:26 proto udp done done echo "Interfaces" >> $TESTTMP/result for i in "in" "out" ; do for j in allow deny reject ; do do_cmd "0" null --dry-run $j $i on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 do_cmd "0" null --dry-run $j $i on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp done done echo "IPSec" >> $TESTTMP/result do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah echo "Comments" >> $TESTTMP/result || exit 1 do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \"SSH\ port\" do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \"SSH\ port\" cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend" >> $TESTTMP/result do_cmd "0" null allow from 2001:db8::/32 do_cmd "0" null prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow from 2001:db8::/32 do_cmd "0" null delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend (no rules)" >> $TESTTMP/result do_cmd "0" null prepend allow from 2001:db8::/32 cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow from 2001:db8::/32 cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null prepend allow from 2001:db8::/32 to any app Samba cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow from 2001:db8::/32 to any app Samba cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend (multi rules)" >> $TESTTMP/result do_cmd "0" null allow from 2001:db8::/32 do_cmd "0" null prepend deny to 2a02:2210:12:a:b820:fff:fea2:25d1 port 23 do_cmd "0" null prepend deny to 2a02:2210:12:a:b820:fff:fea2:25d1 app Samba cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow from 2001:db8::/32 do_cmd "0" null delete deny to 2a02:2210:12:a:b820:fff:fea2:25d1 port 23 do_cmd "0" null delete deny to 2a02:2210:12:a:b820:fff:fea2:25d1 app Samba cat $TESTCONFIG/user6.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/ipv6/rules6/result0000644000175000017500000072017213404772663015733 0ustar jamiejamieMan page 0: --dry-run deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 ::/0 any 2001:db8::/32 in -A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) TO/FROM 1: --dry-run allow from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 2: --dry-run delete allow from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 3: --dry-run allow to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 4: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 5: --dry-run allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 6: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 7: --dry-run allow from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 8: --dry-run delete allow from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 9: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 10: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 11: --dry-run allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 12: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 13: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 14: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 15: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 16: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 17: --dry-run allow from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 18: --dry-run delete allow from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 19: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 20: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 21: --dry-run allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 22: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 23: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 24: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 25: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 26: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 27: --dry-run allow from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 28: --dry-run delete allow from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 29: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 30: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 31: --dry-run allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 32: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 33: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 34: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 35: --dry-run allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 36: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 37: --dry-run allow to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 2001:db8:3:4:5:6:7:8 13 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 38: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 39: --dry-run allow to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 69 2001:db8:3:4:5:6:7:8 13 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 69 -s 2001:db8::/32 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 40: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 41: --dry-run allow to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 13 2001:db8:3:4:5:6:7:8 53 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 13 -s 2001:db8::/32 --sport 53 -j ACCEPT -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 13 -s 2001:db8::/32 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 42: --dry-run delete allow to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 43: --dry-run deny from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 44: --dry-run delete deny from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 45: --dry-run deny to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 46: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 47: --dry-run deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 48: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 49: --dry-run deny from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 50: --dry-run delete deny from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 51: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 52: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 53: --dry-run deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 54: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 55: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 56: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 57: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 58: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 59: --dry-run deny from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p udp -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 60: --dry-run delete deny from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 61: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 62: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 63: --dry-run deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 64: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 65: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 66: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 67: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 68: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 69: --dry-run deny from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp any ::/0 80 2001:db8::/32 in -A ufw6-user-input -p tcp -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 70: --dry-run delete deny from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 71: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 any ::/0 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 72: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 73: --dry-run deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp any 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 74: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 75: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 76: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 77: --dry-run deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 80 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 78: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 79: --dry-run deny to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 2001:db8:3:4:5:6:7:8 13 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 --sport 13 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 80: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 81: --dry-run deny to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 69 2001:db8:3:4:5:6:7:8 13 2001:db8::/32 in -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 69 -s 2001:db8::/32 --sport 13 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 82: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 83: --dry-run deny to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any 13 2001:db8:3:4:5:6:7:8 53 2001:db8::/32 in -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 13 -s 2001:db8::/32 --sport 53 -j DROP -A ufw6-user-input -p udp -d 2001:db8:3:4:5:6:7:8 --dport 13 -s 2001:db8::/32 --sport 53 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 84: --dry-run delete deny to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 85: --dry-run limit from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 86: --dry-run delete limit from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 87: --dry-run limit to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 88: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 89: --dry-run limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 90: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 91: --dry-run limit from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 92: --dry-run delete limit from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 93: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 94: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 95: --dry-run limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 96: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 97: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 98: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 99: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 100: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 101: --dry-run limit from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 102: --dry-run delete limit from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 103: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 104: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 105: --dry-run limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 106: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto udp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 107: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 108: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 109: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 110: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto udp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 111: --dry-run limit from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 112: --dry-run delete limit from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 113: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 114: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 115: --dry-run limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 116: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 from 2001:db8::/32 port 80 proto tcp WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 117: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 118: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 119: --dry-run limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 120: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port 25 proto tcp from 2001:db8::/32 port 80 WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 121: --dry-run limit to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 122: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port smtp from 2001:db8::/32 port daytime WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 123: --dry-run limit to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 124: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port tftp from 2001:db8::/32 port daytime WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 125: --dry-run limit to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled Skipping unsupported IPv6 'limit' rule 126: --dry-run delete limit to 2001:db8:3:4:5:6:7:8 port daytime from 2001:db8::/32 port domain WARN: Checks disabled Skipping unsupported IPv6 'limit' rule Netmasks 127: --dry-run allow to ::1/0 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1/0 any ::/0 in -A ufw6-user-input -d ::1/0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 128: --dry-run allow to ::1/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1/32 any ::/0 in -A ufw6-user-input -d ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 129: --dry-run allow to ::1/128 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1 any ::/0 in -A ufw6-user-input -d ::1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 130: --dry-run allow from ::1/0 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1/0 in -A ufw6-user-input -s ::1/0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 131: --dry-run allow from ::1/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1/32 in -A ufw6-user-input -s ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 132: --dry-run allow from ::1/128 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1 in -A ufw6-user-input -s ::1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 133: --dry-run allow from ::1/32 to ::1/128 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1 any ::1/32 in -A ufw6-user-input -d ::1 -s ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) Multiports: 134: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any ::/0 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --sports 34,35 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 135: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any ::/0 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --sports 34,35:39 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 136: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any ::/0 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --sports 35:39 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 137: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 210,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any ::/0 13,15:19,21,23,210 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --sports 13,15:19,21,23,210 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 138: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 139: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 140: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --dports 24 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 141: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --dports 24 -m multiport --sports 13,15:19,21,23 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 142: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 34,35 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 143: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 34,35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 144: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 145: --dry-run allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 in -A ufw6-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 146: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 147: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 148: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 149: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 210,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23,210 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23,210 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 150: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 151: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 152: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 153: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 154: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 155: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 156: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 157: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 158: --dry-run allow from any port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any ::/0 34,35 ::/0 in -A ufw6-user-input -p tcp -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 159: --dry-run allow from any port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any ::/0 34,35:39 ::/0 in -A ufw6-user-input -p udp -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 160: --dry-run allow from any port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp any ::/0 35:39 ::/0 in -A ufw6-user-input -p tcp -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 161: --dry-run allow from any port 210,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 13,15:19,21,23,210 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --sports 13,15:19,21,23,210 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp any ::/0 13,15:19,21,23,210 ::/0 in -A ufw6-user-input -p udp -m multiport --sports 13,15:19,21,23,210 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 162: --dry-run allow from any port 34,35 to any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24 ::/0 34,35 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 163: --dry-run allow from any port 34,35:39 to any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24 ::/0 34,35:39 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 164: --dry-run allow from any port 35:39 to any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24 ::/0 35:39 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 24 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 165: --dry-run allow from any port 23,21,15:19,13 to any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 0.0.0.0/0 13,15:19,21,23 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24 ::/0 13,15:19,21,23 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 24 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 166: --dry-run allow from any port 34,35 to any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 0.0.0.0/0 34,35 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 ::/0 34,35 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 167: --dry-run allow from any port 34,35:39 to any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 0.0.0.0/0 34,35:39 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24:26 ::/0 34,35:39 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 168: --dry-run allow from any port 35:39 to any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 0.0.0.0/0 35:39 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 24:26 ::/0 35:39 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 24:26 -m multiport --sports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 169: --dry-run allow from any port 23,21,15:19,13 to any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24:26 0.0.0.0/0 13,15:19,21,23 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 24:26 ::/0 13,15:19,21,23 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 24:26 -m multiport --sports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 170: --dry-run allow to any port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 171: --dry-run allow to any port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 172: --dry-run allow to any port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 173: --dry-run allow to any port 210,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23,210 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23,210 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23,210 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23,210 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 174: --dry-run allow to any port 34,35 from any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 ::/0 24 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 175: --dry-run allow to any port 34,35:39 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 ::/0 24 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 176: --dry-run allow to any port 35:39 from any port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 ::/0 24 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 177: --dry-run allow to any port 23,21,15:19,13 from any port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 ::/0 24 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 178: --dry-run allow to any port 34,35 from any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 ::/0 24:26 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 179: --dry-run allow to any port 34,35:39 from any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 ::/0 24:26 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 180: --dry-run allow to any port 35:39 from any port 24:26 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 ::/0 24:26 ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 181: --dry-run allow to any port 23,21,15:19,13 from any port 24:26 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 ::/0 24:26 ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) Interfaces 182: --dry-run allow in on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 183: --dry-run allow in on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp 184: --dry-run deny in on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 185: --dry-run deny in on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp 186: --dry-run reject in on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 187: --dry-run reject in on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp 188: --dry-run allow out on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 189: --dry-run allow out on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp 190: --dry-run deny out on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 191: --dry-run deny out on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp 192: --dry-run reject out on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 193: --dry-run reject out on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp IPSec 194: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 195: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 196: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 197: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) Comments 198: allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment "SSH port" WARN: Checks disabled Rules updated (v6) 199: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment "SSH port" WARN: Checks disabled Rules updated (v6) *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend 200: allow from 2001:db8::/32 201: prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any ::/0 any 2a02:2210:12:a:b820:fff:fea2:25d1 in -A ufw6-user-input -s 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 202: delete allow from 2001:db8::/32 203: delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend (no rules) 204: prepend allow from 2001:db8::/32 *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 205: delete allow from 2001:db8::/32 *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 206: prepend allow from 2001:db8::/32 to any app Samba *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 137,138 ::/0 any 2001:db8::/32 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -s 2001:db8::/32 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any 2001:db8::/32 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -s 2001:db8::/32 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 207: delete allow from 2001:db8::/32 to any app Samba *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend (multi rules) 208: allow from 2001:db8::/32 209: prepend deny to 2a02:2210:12:a:b820:fff:fea2:25d1 port 23 210: prepend deny to 2a02:2210:12:a:b820:fff:fea2:25d1 app Samba *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 137,138 2a02:2210:12:a:b820:fff:fea2:25d1 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -d 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 2a02:2210:12:a:b820:fff:fea2:25d1 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -d 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny any 23 2a02:2210:12:a:b820:fff:fea2:25d1 any ::/0 in -A ufw6-user-input -p tcp -d 2a02:2210:12:a:b820:fff:fea2:25d1 --dport 23 -j DROP -A ufw6-user-input -p udp -d 2a02:2210:12:a:b820:fff:fea2:25d1 --dport 23 -j DROP ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 211: delete allow from 2001:db8::/32 212: delete deny to 2a02:2210:12:a:b820:fff:fea2:25d1 port 23 213: delete deny to 2a02:2210:12:a:b820:fff:fea2:25d1 app Samba *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT ufw-0.36/tests/ipv6/rules64/0000755000175000017500000000000013404772663014545 5ustar jamiejamieufw-0.36/tests/ipv6/rules64/orig0000777000175000017500000000000013226727543017604 2../../defaultsustar jamiejamieufw-0.36/tests/ipv6/rules64/runtest.sh0000755000175000017500000003031213404772663016607 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "Man page" >> $TESTTMP/result do_cmd "0" --dry-run allow 53 do_cmd "0" --dry-run allow 25/tcp do_cmd "0" --dry-run allow smtp do_cmd "0" --dry-run deny proto tcp to any port 80 do_cmd "0" --dry-run deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 do_cmd "0" --dry-run deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "0" --dry-run deny 80/tcp do_cmd "0" --dry-run delete deny 80/tcp do_cmd "0" --dry-run limit daytime/tcp do_cmd "0" --dry-run deny 53 do_cmd "0" --dry-run allow 80/tcp do_cmd "0" --dry-run allow from 10.0.0.0/8 do_cmd "0" --dry-run allow from 172.16.0.0/12 do_cmd "0" --dry-run allow from 192.168.0.0/16 do_cmd "0" --dry-run deny proto udp from 1.2.3.4 to any port 514 do_cmd "0" --dry-run allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 echo "Services SIMPLE" >> $TESTTMP/result do_cmd "0" --dry-run allow smtp do_cmd "0" --dry-run delete allow smtp do_cmd "0" --dry-run allow smtp/tcp do_cmd "0" --dry-run delete allow smtp/tcp do_cmd "0" --dry-run allow tftp do_cmd "0" --dry-run delete allow tftp do_cmd "0" --dry-run allow tftp/udp do_cmd "0" --dry-run delete allow tftp/udp do_cmd "0" --dry-run allow daytime do_cmd "0" --dry-run delete allow daytime do_cmd "0" --dry-run allow daytime/tcp do_cmd "0" --dry-run delete allow daytime/tcp do_cmd "0" --dry-run allow daytime/udp do_cmd "0" --dry-run delete allow daytime/udp echo "Services EXTENDED" >> $TESTTMP/result do_cmd "0" --dry-run allow to any port smtp from any port daytime do_cmd "0" --dry-run delete allow to any port smtp from any port daytime do_cmd "0" --dry-run allow to any port tftp from any port daytime do_cmd "0" --dry-run delete allow to any port tftp from any port daytime do_cmd "0" --dry-run allow to any port daytime from any port domain do_cmd "0" --dry-run delete allow to any port daytime from any port domain echo "Netmasks" >> $TESTTMP/result do_cmd "0" --dry-run allow to 192.168.0.0/0 do_cmd "0" --dry-run allow to 192.168.0.0/16 do_cmd "0" --dry-run allow to 192.168.0.1/32 do_cmd "0" --dry-run allow from 192.168.0.0/0 do_cmd "0" --dry-run allow from 192.168.0.0/16 do_cmd "0" --dry-run allow from 192.168.0.1/32 do_cmd "0" --dry-run allow from 192.168.0.1/32 to 192.168.0.2/32 do_cmd "0" --dry-run allow to ::1/0 do_cmd "0" --dry-run allow to ::1/32 do_cmd "0" --dry-run allow to ::1/128 do_cmd "0" --dry-run allow from ::1/0 do_cmd "0" --dry-run allow from ::1/32 do_cmd "0" --dry-run allow from ::1/128 do_cmd "0" --dry-run allow from ::1/32 to ::1/16 echo "Netmasks (CIDR)" >> $TESTTMP/result for i in $(seq 0 32); do do_cmd "0" null --dry-run allow to 192.168.0.1/$i do_cmd "0" null --dry-run allow from 192.168.0.1/$i do_cmd "0" null --dry-run allow from 192.168.0.1/$i to 192.168.0.2/$i done echo "TESTING VALID DOTTED" >> $TESTTMP/result for i in $(seq 0 16 255); do do_cmd "0" null --dry-run allow from 10.0.0.1/255.255.255.$i do_cmd "0" null --dry-run allow from 10.0.0.1/255.255.$i.255 do_cmd "0" null --dry-run allow from 10.0.0.1/255.$i.255.255 do_cmd "0" null --dry-run allow from 10.0.0.1/$i.255.255.255 do_cmd "0" null --dry-run allow from 10.0.0.1/$i.$i.$i.$i done echo "Multiports:" >> $TESTTMP/result do_cmd "0" --dry-run allow from 192.168.0.1 port 34,35 proto tcp do_cmd "0" --dry-run allow from 192.168.0.1 port 34,35:39 proto udp do_cmd "0" --dry-run allow from 192.168.0.1 port 35:39 proto tcp do_cmd "0" --dry-run allow from 192.168.0.1 port 210,23,21,15:19,13 proto udp do_cmd "0" --dry-run allow from 192.168.0.1 port 34,35 to 192.168.0.2 port 24 proto tcp do_cmd "0" --dry-run allow from 192.168.0.1 port 34,35:39 to 192.168.0.2 port 24 proto udp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp # simple syntax for i in allow deny limit; do for j in tcp udp; do do_cmd "0" --dry-run $i 34,35/$j do_cmd "0" --dry-run $i 34,35:39/$j do_cmd "0" --dry-run $i 35:39/$j do_cmd "0" --dry-run $i 23,21,15:19,13/$j done done echo "Man page (reject)" >> $TESTTMP/result do_cmd "0" --dry-run reject auth echo "Reject" >> $TESTTMP/result do_cmd "0" --dry-run reject to any port auth from any port smtp do_cmd "0" --dry-run delete reject to any port auth from any port smtp do_cmd "0" --dry-run reject to 10.0.0.1 port domain from 192.168.0.1 port auth do_cmd "0" --dry-run delete reject to 10.0.0.1 port domain from 192.168.0.1 port auth for i in any tcp udp ; do p="/$i" if [ "$i" = "any" ]; then p="" else do_cmd "0" --dry-run reject 23,21,15:19,13$p fi do_cmd "0" --dry-run reject 116$p done do_cmd "0" --dry-run reject from 2001:db8::/32 to any port 25 do_cmd "0" --dry-run reject to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp do_cmd "0" --dry-run reject to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp echo "Insert" >> $TESTTMP/result do_cmd "0" null allow to 127.0.0.1 port 13 do_cmd "0" null allow to 127.0.0.1 port 23 do_cmd "0" null allow to ::1 port 24 do_cmd "0" null allow to ::1 port 25 echo "ipv4 rule in ipv4 section" >> $TESTTMP/result do_cmd "0" null insert 2 allow to 127.0.0.1 port 8888 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "ipv6 rule in ipv6 section" >> $TESTTMP/result do_cmd "0" null delete allow to 127.0.0.1 port 8888 do_cmd "0" null insert 4 allow to ::1 port 8888 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "ipv6 rule in ipv4 section" >> $TESTTMP/result do_cmd "0" null delete allow to ::1 port 8888 do_cmd "1" null insert 2 allow to ::1 port 8888 echo "ipv4 rule in ipv6 section" >> $TESTTMP/result do_cmd "0" null delete allow to ::1 port 8888 do_cmd "1" null insert 4 allow to 127.0.0.1 port 8888 echo "'both' rule in ipv4 section" >> $TESTTMP/result do_cmd "0" null delete allow to 127.0.0.1 port 8888 do_cmd "0" null insert 2 allow 8888 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "'both' rule in ipv6 section" >> $TESTTMP/result do_cmd "0" null delete allow 8888 do_cmd "0" null insert 4 allow log 8888 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow to 127.0.0.1 port 13 do_cmd "0" null delete allow to 127.0.0.1 port 23 do_cmd "0" null delete allow to ::1 port 24 do_cmd "0" null delete allow to ::1 port 25 do_cmd "0" null delete allow log 8888 cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Interfaces" >> $TESTTMP/result for i in "in" "out" ; do do_cmd "0" null allow $i on eth0 do_cmd "0" null allow $i on eth0 to 192.168.0.1 do_cmd "0" null deny $i on eth0 from 192.168.0.1 port 13 proto tcp do_cmd "0" null reject $i on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 do_cmd "0" null allow $i on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow $i on eth0 do_cmd "0" null delete allow $i on eth0 to 192.168.0.1 do_cmd "0" null delete deny $i on eth0 from 192.168.0.1 port 13 proto tcp do_cmd "0" null delete reject $i on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 do_cmd "0" null delete allow $i on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp cat $TESTCONFIG/user.rules >> $TESTTMP/result cat $TESTCONFIG/user6.rules >> $TESTTMP/result done echo "IPSec" >> $TESTTMP/result do_cmd "0" --dry-run allow to 10.0.0.1 proto esp do_cmd "0" --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto esp do_cmd "0" --dry-run allow to 10.0.0.1 proto ah do_cmd "0" --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ah do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah do_cmd "0" --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah do_cmd "0" --dry-run allow to any proto esp do_cmd "0" --dry-run allow to any proto ah echo "Comments" >> $TESTTMP/result || exit 1 do_cmd "0" allow to 10.0.0.1 from 10.4.0.0/16 comment \"SSH\ port\" do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \"SSH\ port\" do_cmd "0" delete allow to 10.0.0.1 from 10.4.0.0/16 comment \"SSH\ port\" do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment \"SSH\ port\" cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend" >> $TESTTMP/result do_cmd "0" null allow 22/tcp do_cmd "0" null allow from 1.2.3.4 do_cmd "0" null allow from 2001:db8::/32 do_cmd "0" null prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 do_cmd "0" null prepend deny from 6.7.8.9 cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow 22/tcp do_cmd "0" null delete allow from 1.2.3.4 do_cmd "0" null delete allow from 2001:db8::/32 do_cmd "0" null delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 do_cmd "0" null delete deny from 6.7.8.9 cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend (no rules)" >> $TESTTMP/result do_cmd "0" null prepend allow 22/tcp cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow 22/tcp cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null prepend allow to any app Samba cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow to any app Samba cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend (multi rules)" >> $TESTTMP/result do_cmd "0" null allow 22/tcp do_cmd "0" null prepend deny 23 do_cmd "0" null prepend deny to any app Samba cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow 22/tcp do_cmd "0" null delete deny 23 do_cmd "0" null delete deny to any app Samba cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result echo "Prepend (example rules)" >> $TESTTMP/result do_cmd "0" null allow 22/tcp do_cmd "0" null allow from 1.2.3.4 do_cmd "0" null allow from 2001:db8::/32 do_cmd "0" null prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 do_cmd "0" null prepend deny from 6.7.8.9 cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result do_cmd "0" null delete allow 22/tcp do_cmd "0" null delete allow from 1.2.3.4 do_cmd "0" null delete allow from 2001:db8::/32 do_cmd "0" null delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 do_cmd "0" null delete deny from 6.7.8.9 cat $TESTCONFIG/user.rules $TESTCONFIG/user6.rules >> $TESTTMP/result exit 0 ufw-0.36/tests/ipv6/rules64/result0000644000175000017500000106360613404772663016022 0ustar jamiejamieMan page 0: --dry-run allow 53 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j ACCEPT -A ufw-user-input -p udp --dport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 53 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 53 -j ACCEPT -A ufw6-user-input -p udp --dport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 1: --dry-run allow 25/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 2: --dry-run allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 3: --dry-run deny proto tcp to any port 80 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 80 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 4: --dry-run deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 5: --dry-run deny proto tcp from 2001:db8::/32 to any port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 25 ::/0 any 2001:db8::/32 in -A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 6: --dry-run deny 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 80 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 80 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 7: --dry-run delete deny 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 8: --dry-run limit daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 9: --dry-run deny 53 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any 53 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 53 -j DROP -A ufw-user-input -p udp --dport 53 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any 53 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 53 -j DROP -A ufw6-user-input -p udp --dport 53 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 10: --dry-run allow 80/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 80 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 80 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 11: --dry-run allow from 10.0.0.0/8 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 12: --dry-run allow from 172.16.0.0/12 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 172.16.0.0/12 in -A ufw-user-input -s 172.16.0.0/12 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 13: --dry-run allow from 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 14: --dry-run deny proto udp from 1.2.3.4 to any port 514 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 514 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -p udp --dport 514 -s 1.2.3.4 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 15: --dry-run allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Services SIMPLE 16: --dry-run allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 17: --dry-run delete allow smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 18: --dry-run allow smtp/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 19: --dry-run delete allow smtp/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 20: --dry-run allow tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 69 ::/0 any ::/0 in -A ufw6-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 21: --dry-run delete allow tftp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 22: --dry-run allow tftp/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 69 ::/0 any ::/0 in -A ufw6-user-input -p udp --dport 69 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 23: --dry-run delete allow tftp/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 24: --dry-run allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 13 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 13 -j ACCEPT -A ufw6-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 25: --dry-run delete allow daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 26: --dry-run allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 13 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 27: --dry-run delete allow daytime/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 28: --dry-run allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13 ::/0 any ::/0 in -A ufw6-user-input -p udp --dport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 29: --dry-run delete allow daytime/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) Services EXTENDED 30: --dry-run allow to any port smtp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 25 ::/0 13 ::/0 in -A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 31: --dry-run delete allow to any port smtp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 32: --dry-run allow to any port tftp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in -A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 69 ::/0 13 ::/0 in -A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 33: --dry-run delete allow to any port tftp from any port daytime WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 34: --dry-run allow to any port daytime from any port domain WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 0.0.0.0/0 53 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT -A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 13 ::/0 53 ::/0 in -A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT -A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 35: --dry-run delete allow to any port daytime from any port domain WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) Netmasks 36: --dry-run allow to 192.168.0.0/0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT WARN: Rule changed after normalization Rules updated 37: --dry-run allow to 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.0/16 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 38: --dry-run allow to 192.168.0.1/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.1 any 0.0.0.0/0 in -A ufw-user-input -d 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 39: --dry-run allow from 192.168.0.0/0 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT WARN: Rule changed after normalization Rules updated 40: --dry-run allow from 192.168.0.0/16 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.0/16 in -A ufw-user-input -s 192.168.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 41: --dry-run allow from 192.168.0.1/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 192.168.0.1 in -A ufw-user-input -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 42: --dry-run allow from 192.168.0.1/32 to 192.168.0.2/32 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 192.168.0.2 any 192.168.0.1 in -A ufw-user-input -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 43: --dry-run allow to ::1/0 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1/0 any ::/0 in -A ufw6-user-input -d ::1/0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 44: --dry-run allow to ::1/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1/32 any ::/0 in -A ufw6-user-input -d ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 45: --dry-run allow to ::1/128 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1 any ::/0 in -A ufw6-user-input -d ::1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 46: --dry-run allow from ::1/0 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1/0 in -A ufw6-user-input -s ::1/0 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 47: --dry-run allow from ::1/32 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1/32 in -A ufw6-user-input -s ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 48: --dry-run allow from ::1/128 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::1 in -A ufw6-user-input -s ::1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 49: --dry-run allow from ::1/32 to ::1/16 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::1/16 any ::1/32 in -A ufw6-user-input -d ::1/16 -s ::1/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) Netmasks (CIDR) 50: --dry-run allow to 192.168.0.1/0 51: --dry-run allow from 192.168.0.1/0 52: --dry-run allow from 192.168.0.1/0 to 192.168.0.2/0 53: --dry-run allow to 192.168.0.1/1 54: --dry-run allow from 192.168.0.1/1 55: --dry-run allow from 192.168.0.1/1 to 192.168.0.2/1 56: --dry-run allow to 192.168.0.1/2 57: --dry-run allow from 192.168.0.1/2 58: --dry-run allow from 192.168.0.1/2 to 192.168.0.2/2 59: --dry-run allow to 192.168.0.1/3 60: --dry-run allow from 192.168.0.1/3 61: --dry-run allow from 192.168.0.1/3 to 192.168.0.2/3 62: --dry-run allow to 192.168.0.1/4 63: --dry-run allow from 192.168.0.1/4 64: --dry-run allow from 192.168.0.1/4 to 192.168.0.2/4 65: --dry-run allow to 192.168.0.1/5 66: --dry-run allow from 192.168.0.1/5 67: --dry-run allow from 192.168.0.1/5 to 192.168.0.2/5 68: --dry-run allow to 192.168.0.1/6 69: --dry-run allow from 192.168.0.1/6 70: --dry-run allow from 192.168.0.1/6 to 192.168.0.2/6 71: --dry-run allow to 192.168.0.1/7 72: --dry-run allow from 192.168.0.1/7 73: --dry-run allow from 192.168.0.1/7 to 192.168.0.2/7 74: --dry-run allow to 192.168.0.1/8 75: --dry-run allow from 192.168.0.1/8 76: --dry-run allow from 192.168.0.1/8 to 192.168.0.2/8 77: --dry-run allow to 192.168.0.1/9 78: --dry-run allow from 192.168.0.1/9 79: --dry-run allow from 192.168.0.1/9 to 192.168.0.2/9 80: --dry-run allow to 192.168.0.1/10 81: --dry-run allow from 192.168.0.1/10 82: --dry-run allow from 192.168.0.1/10 to 192.168.0.2/10 83: --dry-run allow to 192.168.0.1/11 84: --dry-run allow from 192.168.0.1/11 85: --dry-run allow from 192.168.0.1/11 to 192.168.0.2/11 86: --dry-run allow to 192.168.0.1/12 87: --dry-run allow from 192.168.0.1/12 88: --dry-run allow from 192.168.0.1/12 to 192.168.0.2/12 89: --dry-run allow to 192.168.0.1/13 90: --dry-run allow from 192.168.0.1/13 91: --dry-run allow from 192.168.0.1/13 to 192.168.0.2/13 92: --dry-run allow to 192.168.0.1/14 93: --dry-run allow from 192.168.0.1/14 94: --dry-run allow from 192.168.0.1/14 to 192.168.0.2/14 95: --dry-run allow to 192.168.0.1/15 96: --dry-run allow from 192.168.0.1/15 97: --dry-run allow from 192.168.0.1/15 to 192.168.0.2/15 98: --dry-run allow to 192.168.0.1/16 99: --dry-run allow from 192.168.0.1/16 100: --dry-run allow from 192.168.0.1/16 to 192.168.0.2/16 101: --dry-run allow to 192.168.0.1/17 102: --dry-run allow from 192.168.0.1/17 103: --dry-run allow from 192.168.0.1/17 to 192.168.0.2/17 104: --dry-run allow to 192.168.0.1/18 105: --dry-run allow from 192.168.0.1/18 106: --dry-run allow from 192.168.0.1/18 to 192.168.0.2/18 107: --dry-run allow to 192.168.0.1/19 108: --dry-run allow from 192.168.0.1/19 109: --dry-run allow from 192.168.0.1/19 to 192.168.0.2/19 110: --dry-run allow to 192.168.0.1/20 111: --dry-run allow from 192.168.0.1/20 112: --dry-run allow from 192.168.0.1/20 to 192.168.0.2/20 113: --dry-run allow to 192.168.0.1/21 114: --dry-run allow from 192.168.0.1/21 115: --dry-run allow from 192.168.0.1/21 to 192.168.0.2/21 116: --dry-run allow to 192.168.0.1/22 117: --dry-run allow from 192.168.0.1/22 118: --dry-run allow from 192.168.0.1/22 to 192.168.0.2/22 119: --dry-run allow to 192.168.0.1/23 120: --dry-run allow from 192.168.0.1/23 121: --dry-run allow from 192.168.0.1/23 to 192.168.0.2/23 122: --dry-run allow to 192.168.0.1/24 123: --dry-run allow from 192.168.0.1/24 124: --dry-run allow from 192.168.0.1/24 to 192.168.0.2/24 125: --dry-run allow to 192.168.0.1/25 126: --dry-run allow from 192.168.0.1/25 127: --dry-run allow from 192.168.0.1/25 to 192.168.0.2/25 128: --dry-run allow to 192.168.0.1/26 129: --dry-run allow from 192.168.0.1/26 130: --dry-run allow from 192.168.0.1/26 to 192.168.0.2/26 131: --dry-run allow to 192.168.0.1/27 132: --dry-run allow from 192.168.0.1/27 133: --dry-run allow from 192.168.0.1/27 to 192.168.0.2/27 134: --dry-run allow to 192.168.0.1/28 135: --dry-run allow from 192.168.0.1/28 136: --dry-run allow from 192.168.0.1/28 to 192.168.0.2/28 137: --dry-run allow to 192.168.0.1/29 138: --dry-run allow from 192.168.0.1/29 139: --dry-run allow from 192.168.0.1/29 to 192.168.0.2/29 140: --dry-run allow to 192.168.0.1/30 141: --dry-run allow from 192.168.0.1/30 142: --dry-run allow from 192.168.0.1/30 to 192.168.0.2/30 143: --dry-run allow to 192.168.0.1/31 144: --dry-run allow from 192.168.0.1/31 145: --dry-run allow from 192.168.0.1/31 to 192.168.0.2/31 146: --dry-run allow to 192.168.0.1/32 147: --dry-run allow from 192.168.0.1/32 148: --dry-run allow from 192.168.0.1/32 to 192.168.0.2/32 TESTING VALID DOTTED 149: --dry-run allow from 10.0.0.1/255.255.255.0 150: --dry-run allow from 10.0.0.1/255.255.0.255 151: --dry-run allow from 10.0.0.1/255.0.255.255 152: --dry-run allow from 10.0.0.1/0.255.255.255 153: --dry-run allow from 10.0.0.1/0.0.0.0 154: --dry-run allow from 10.0.0.1/255.255.255.16 155: --dry-run allow from 10.0.0.1/255.255.16.255 156: --dry-run allow from 10.0.0.1/255.16.255.255 157: --dry-run allow from 10.0.0.1/16.255.255.255 158: --dry-run allow from 10.0.0.1/16.16.16.16 159: --dry-run allow from 10.0.0.1/255.255.255.32 160: --dry-run allow from 10.0.0.1/255.255.32.255 161: --dry-run allow from 10.0.0.1/255.32.255.255 162: --dry-run allow from 10.0.0.1/32.255.255.255 163: --dry-run allow from 10.0.0.1/32.32.32.32 164: --dry-run allow from 10.0.0.1/255.255.255.48 165: --dry-run allow from 10.0.0.1/255.255.48.255 166: --dry-run allow from 10.0.0.1/255.48.255.255 167: --dry-run allow from 10.0.0.1/48.255.255.255 168: --dry-run allow from 10.0.0.1/48.48.48.48 169: --dry-run allow from 10.0.0.1/255.255.255.64 170: --dry-run allow from 10.0.0.1/255.255.64.255 171: --dry-run allow from 10.0.0.1/255.64.255.255 172: --dry-run allow from 10.0.0.1/64.255.255.255 173: --dry-run allow from 10.0.0.1/64.64.64.64 174: --dry-run allow from 10.0.0.1/255.255.255.80 175: --dry-run allow from 10.0.0.1/255.255.80.255 176: --dry-run allow from 10.0.0.1/255.80.255.255 177: --dry-run allow from 10.0.0.1/80.255.255.255 178: --dry-run allow from 10.0.0.1/80.80.80.80 179: --dry-run allow from 10.0.0.1/255.255.255.96 180: --dry-run allow from 10.0.0.1/255.255.96.255 181: --dry-run allow from 10.0.0.1/255.96.255.255 182: --dry-run allow from 10.0.0.1/96.255.255.255 183: --dry-run allow from 10.0.0.1/96.96.96.96 184: --dry-run allow from 10.0.0.1/255.255.255.112 185: --dry-run allow from 10.0.0.1/255.255.112.255 186: --dry-run allow from 10.0.0.1/255.112.255.255 187: --dry-run allow from 10.0.0.1/112.255.255.255 188: --dry-run allow from 10.0.0.1/112.112.112.112 189: --dry-run allow from 10.0.0.1/255.255.255.128 190: --dry-run allow from 10.0.0.1/255.255.128.255 191: --dry-run allow from 10.0.0.1/255.128.255.255 192: --dry-run allow from 10.0.0.1/128.255.255.255 193: --dry-run allow from 10.0.0.1/128.128.128.128 194: --dry-run allow from 10.0.0.1/255.255.255.144 195: --dry-run allow from 10.0.0.1/255.255.144.255 196: --dry-run allow from 10.0.0.1/255.144.255.255 197: --dry-run allow from 10.0.0.1/144.255.255.255 198: --dry-run allow from 10.0.0.1/144.144.144.144 199: --dry-run allow from 10.0.0.1/255.255.255.160 200: --dry-run allow from 10.0.0.1/255.255.160.255 201: --dry-run allow from 10.0.0.1/255.160.255.255 202: --dry-run allow from 10.0.0.1/160.255.255.255 203: --dry-run allow from 10.0.0.1/160.160.160.160 204: --dry-run allow from 10.0.0.1/255.255.255.176 205: --dry-run allow from 10.0.0.1/255.255.176.255 206: --dry-run allow from 10.0.0.1/255.176.255.255 207: --dry-run allow from 10.0.0.1/176.255.255.255 208: --dry-run allow from 10.0.0.1/176.176.176.176 209: --dry-run allow from 10.0.0.1/255.255.255.192 210: --dry-run allow from 10.0.0.1/255.255.192.255 211: --dry-run allow from 10.0.0.1/255.192.255.255 212: --dry-run allow from 10.0.0.1/192.255.255.255 213: --dry-run allow from 10.0.0.1/192.192.192.192 214: --dry-run allow from 10.0.0.1/255.255.255.208 215: --dry-run allow from 10.0.0.1/255.255.208.255 216: --dry-run allow from 10.0.0.1/255.208.255.255 217: --dry-run allow from 10.0.0.1/208.255.255.255 218: --dry-run allow from 10.0.0.1/208.208.208.208 219: --dry-run allow from 10.0.0.1/255.255.255.224 220: --dry-run allow from 10.0.0.1/255.255.224.255 221: --dry-run allow from 10.0.0.1/255.224.255.255 222: --dry-run allow from 10.0.0.1/224.255.255.255 223: --dry-run allow from 10.0.0.1/224.224.224.224 224: --dry-run allow from 10.0.0.1/255.255.255.240 225: --dry-run allow from 10.0.0.1/255.255.240.255 226: --dry-run allow from 10.0.0.1/255.240.255.255 227: --dry-run allow from 10.0.0.1/240.255.255.255 228: --dry-run allow from 10.0.0.1/240.240.240.240 Multiports: 229: --dry-run allow from 192.168.0.1 port 34,35 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 34,35 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --sports 34,35 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 230: --dry-run allow from 192.168.0.1 port 34,35:39 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 34,35:39 192.168.0.1 in -A ufw-user-input -p udp -m multiport --sports 34,35:39 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 231: --dry-run allow from 192.168.0.1 port 35:39 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp any 0.0.0.0/0 35:39 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --sports 35:39 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 232: --dry-run allow from 192.168.0.1 port 210,23,21,15:19,13 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp any 0.0.0.0/0 13,15:19,21,23,210 192.168.0.1 in -A ufw-user-input -p udp -m multiport --sports 13,15:19,21,23,210 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 233: --dry-run allow from 192.168.0.1 port 34,35 to 192.168.0.2 port 24 proto tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 24 192.168.0.2 34,35 192.168.0.1 in -A ufw-user-input -p tcp -m multiport --dports 24 -m multiport --sports 34,35 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 234: --dry-run allow from 192.168.0.1 port 34,35:39 to 192.168.0.2 port 24 proto udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 24 192.168.0.2 34,35:39 192.168.0.1 in -A ufw-user-input -p udp -m multiport --dports 24 -m multiport --sports 34,35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 235: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 236: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 237: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 238: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 34,35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 239: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 240: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 23,21,15:19,13 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24:26 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 2001:db8:85a3:8d3:1319:8a2e:370:7341 24:26 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 241: --dry-run allow 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 242: --dry-run allow 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 34,35:39 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 243: --dry-run allow 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 35:39 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 244: --dry-run allow 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 245: --dry-run allow 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 246: --dry-run allow 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 34,35:39 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 247: --dry-run allow 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 35:39 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 35:39 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 248: --dry-run allow 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 249: --dry-run deny 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 34,35 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 250: --dry-run deny 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 34,35:39 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 251: --dry-run deny 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 35:39 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 252: --dry-run deny 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny tcp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 253: --dry-run deny 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 34,35 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 254: --dry-run deny 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 34,35:39 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 34,35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 255: --dry-run deny 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 35:39 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 35:39 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 256: --dry-run deny 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 257: --dry-run limit 34,35/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 258: --dry-run limit 34,35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 259: --dry-run limit 35:39/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 260: --dry-run limit 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 261: --dry-run limit 34,35/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 262: --dry-run limit 34,35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 263: --dry-run limit 35:39/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule 264: --dry-run limit 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### limit udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --set -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ufw-user-limit-accept ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated Skipping unsupported IPv6 'limit' rule Man page (reject) 265: --dry-run reject auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 113 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject tcp 113 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 113 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) Reject 266: --dry-run reject to any port auth from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 113 0.0.0.0/0 25 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 113 --sport 25 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject tcp 113 ::/0 25 ::/0 in -A ufw6-user-input -p tcp --dport 113 --sport 25 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 267: --dry-run delete reject to any port auth from any port smtp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 268: --dry-run reject to 10.0.0.1 port domain from 192.168.0.1 port auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 53 10.0.0.1 113 192.168.0.1 in -A ufw-user-input -p tcp -d 10.0.0.1 --dport 53 -s 192.168.0.1 --sport 113 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 269: --dry-run delete reject to 10.0.0.1 port domain from 192.168.0.1 port auth WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 270: --dry-run reject 116 WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject any 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset -A ufw-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject any 116 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 271: --dry-run reject 23,21,15:19,13/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject tcp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p tcp -m multiport --dports 13,15:19,21,23 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 272: --dry-run reject 116/tcp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject tcp 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject tcp 116 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 116 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 273: --dry-run reject 23,21,15:19,13/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject udp 13,15:19,21,23 ::/0 any ::/0 in -A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j REJECT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 274: --dry-run reject 116/udp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### reject udp 116 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject udp 116 ::/0 any ::/0 in -A ufw6-user-input -p udp --dport 116 -j REJECT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 275: --dry-run reject from 2001:db8::/32 to any port 25 WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject any 25 ::/0 any 2001:db8::/32 in -A ufw6-user-input -p tcp --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset -A ufw6-user-input -p udp --dport 25 -s 2001:db8::/32 -j REJECT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 276: --dry-run reject to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto tcp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject tcp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p tcp -m multiport --dports 35:39 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j REJECT --reject-with tcp-reset ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 277: --dry-run reject to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 from 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 24 proto udp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### reject udp 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 24 2001:db8:85a3:8d3:1319:8a2e:370:7342 in -A ufw6-user-input -p udp -m multiport --dports 35:39 -m multiport --sports 24 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -s 2001:db8:85a3:8d3:1319:8a2e:370:7342 -j REJECT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) Insert 278: allow to 127.0.0.1 port 13 279: allow to 127.0.0.1 port 23 280: allow to ::1 port 24 281: allow to ::1 port 25 ipv4 rule in ipv4 section 282: insert 2 allow to 127.0.0.1 port 8888 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 13 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 13 -j ACCEPT ### tuple ### allow any 8888 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 8888 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 8888 -j ACCEPT ### tuple ### allow any 23 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 23 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 24 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 24 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT ### tuple ### allow any 25 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT ipv6 rule in ipv6 section 283: delete allow to 127.0.0.1 port 8888 284: insert 4 allow to ::1 port 8888 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 13 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 13 -j ACCEPT ### tuple ### allow any 23 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 23 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 24 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 24 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT ### tuple ### allow any 8888 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 8888 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 8888 -j ACCEPT ### tuple ### allow any 25 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT ipv6 rule in ipv4 section 285: delete allow to ::1 port 8888 286: insert 2 allow to ::1 port 8888 ipv4 rule in ipv6 section 287: delete allow to ::1 port 8888 288: insert 4 allow to 127.0.0.1 port 8888 'both' rule in ipv4 section 289: delete allow to 127.0.0.1 port 8888 290: insert 2 allow 8888 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 13 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 13 -j ACCEPT ### tuple ### allow any 8888 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 8888 -j ACCEPT -A ufw-user-input -p udp --dport 8888 -j ACCEPT ### tuple ### allow any 23 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 23 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 24 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 24 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT ### tuple ### allow any 25 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 25 -j ACCEPT ### tuple ### allow any 8888 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 8888 -j ACCEPT -A ufw6-user-input -p udp --dport 8888 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 'both' rule in ipv6 section 291: delete allow 8888 292: insert 4 allow log 8888 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any 13 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 13 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 13 -j ACCEPT ### tuple ### allow any 23 127.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p tcp -d 127.0.0.1 --dport 23 -j ACCEPT -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT ### tuple ### allow_log any 8888 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p tcp --dport 8888 -j RETURN -A ufw-user-input -p tcp --dport 8888 -j ufw-user-logging-input -A ufw-user-input -p tcp --dport 8888 -j ACCEPT -A ufw-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-user-logging-input -p udp --dport 8888 -j RETURN -A ufw-user-input -p udp --dport 8888 -j ufw-user-logging-input -A ufw-user-input -p udp --dport 8888 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any 24 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 24 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT ### tuple ### allow_log any 8888 ::/0 any ::/0 in -A ufw6-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p tcp --dport 8888 -j RETURN -A ufw6-user-input -p tcp --dport 8888 -j ufw6-user-logging-input -A ufw6-user-input -p tcp --dport 8888 -j ACCEPT -A ufw6-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw6-user-logging-input -p udp --dport 8888 -j RETURN -A ufw6-user-input -p udp --dport 8888 -j ufw6-user-logging-input -A ufw6-user-input -p udp --dport 8888 -j ACCEPT ### tuple ### allow any 25 ::1 any ::/0 in -A ufw6-user-input -p tcp -d ::1 --dport 25 -j ACCEPT -A ufw6-user-input -p udp -d ::1 --dport 25 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 293: delete allow to 127.0.0.1 port 13 294: delete allow to 127.0.0.1 port 23 295: delete allow to ::1 port 24 296: delete allow to ::1 port 25 297: delete allow log 8888 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Interfaces 298: allow in on eth0 299: allow in on eth0 to 192.168.0.1 300: deny in on eth0 from 192.168.0.1 port 13 proto tcp 301: reject in on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 302: allow in on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -j ACCEPT ### tuple ### allow any any 192.168.0.1 any 0.0.0.0/0 in_eth0 -A ufw-user-input -i eth0 -d 192.168.0.1 -j ACCEPT ### tuple ### deny tcp any 0.0.0.0/0 13 192.168.0.1 in_eth0 -A ufw-user-input -i eth0 -p tcp -s 192.168.0.1 --sport 13 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::/0 in_eth0 -A ufw6-user-input -i eth0 -j ACCEPT ### tuple ### reject any any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in_eth0 -A ufw6-user-input -i eth0 -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j REJECT ### tuple ### allow tcp any ::/0 13 2001:db8:85a3:8d3:1319:8a2e:370:734 in_eth0 -A ufw6-user-input -i eth0 -p tcp -s 2001:db8:85a3:8d3:1319:8a2e:370:734 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 303: delete allow in on eth0 304: delete allow in on eth0 to 192.168.0.1 305: delete deny in on eth0 from 192.168.0.1 port 13 proto tcp 306: delete reject in on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 307: delete allow in on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 308: allow out on eth0 309: allow out on eth0 to 192.168.0.1 310: deny out on eth0 from 192.168.0.1 port 13 proto tcp 311: reject out on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 312: allow out on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -j ACCEPT ### tuple ### allow any any 192.168.0.1 any 0.0.0.0/0 out_eth0 -A ufw-user-output -o eth0 -d 192.168.0.1 -j ACCEPT ### tuple ### deny tcp any 0.0.0.0/0 13 192.168.0.1 out_eth0 -A ufw-user-output -o eth0 -p tcp -s 192.168.0.1 --sport 13 -j DROP ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow any any ::/0 any ::/0 out_eth0 -A ufw6-user-output -o eth0 -j ACCEPT ### tuple ### reject any any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 out_eth0 -A ufw6-user-output -o eth0 -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j REJECT ### tuple ### allow tcp any ::/0 13 2001:db8:85a3:8d3:1319:8a2e:370:734 out_eth0 -A ufw6-user-output -o eth0 -p tcp -s 2001:db8:85a3:8d3:1319:8a2e:370:734 --sport 13 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 313: delete allow out on eth0 314: delete allow out on eth0 to 192.168.0.1 315: delete deny out on eth0 from 192.168.0.1 port 13 proto tcp 316: delete reject out on eth0 to 2001:db8:85a3:8d3:1319:8a2e:370:734 317: delete allow out on eth0 from 2001:db8:85a3:8d3:1319:8a2e:370:734 port 13 proto tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT IPSec 318: --dry-run allow to 10.0.0.1 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow esp any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p esp -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 319: --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow esp any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p esp -d 10.0.0.1 -s 10.4.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 320: --dry-run allow to 10.0.0.1 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ah any 10.0.0.1 any 0.0.0.0/0 in -A ufw-user-input -p ah -d 10.0.0.1 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 321: --dry-run allow to 10.0.0.1 from 10.4.0.0/16 proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ah any 10.0.0.1 any 10.4.0.0/16 in -A ufw-user-input -p ah -d 10.0.0.1 -s 10.4.0.0/16 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT Rules updated 322: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto esp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 323: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto esp WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow esp any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p esp -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 324: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 proto ah WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any ::/0 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 325: --dry-run allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah WARN: Checks disabled *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow ah any 2001:db8:85a3:8d3:1319:8a2e:370:734 any 2001:db8::/32 in -A ufw6-user-input -p ah -d 2001:db8:85a3:8d3:1319:8a2e:370:734 -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated (v6) 326: --dry-run allow to any proto esp WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow esp any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p esp -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow esp any ::/0 any ::/0 in -A ufw6-user-input -p esp -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) 327: --dry-run allow to any proto ah WARN: Checks disabled *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow ah any 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p ah -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow ah any ::/0 any ::/0 in -A ufw6-user-input -p ah -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Rules updated Rules updated (v6) Comments 328: allow to 10.0.0.1 from 10.4.0.0/16 comment "SSH port" WARN: Checks disabled Rules updated 329: allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment "SSH port" WARN: Checks disabled Rules updated (v6) 330: delete allow to 10.0.0.1 from 10.4.0.0/16 comment "SSH port" WARN: Checks disabled Rules updated 331: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:734 from 2001:db8::/32 proto ah comment "SSH port" WARN: Checks disabled Rules updated (v6) *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend 332: allow 22/tcp 333: allow from 1.2.3.4 334: allow from 2001:db8::/32 335: prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 336: prepend deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 6.7.8.9 in -A ufw-user-input -s 6.7.8.9 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any ::/0 any 2a02:2210:12:a:b820:fff:fea2:25d1 in -A ufw6-user-input -s 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP ### tuple ### allow tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 337: delete allow 22/tcp 338: delete allow from 1.2.3.4 339: delete allow from 2001:db8::/32 340: delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 341: delete deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend (no rules) 342: prepend allow 22/tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 343: delete allow 22/tcp *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 344: prepend allow to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba' ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba' ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 345: delete allow to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend (multi rules) 346: allow 22/tcp 347: prepend deny 23 348: prepend deny to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny any 23 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 23 -j DROP -A ufw-user-input -p udp --dport 23 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny udp 137,138 ::/0 any ::/0 Samba - in -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny tcp 139,445 ::/0 any ::/0 Samba - in -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba' ### tuple ### deny any 23 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 23 -j DROP -A ufw6-user-input -p udp --dport 23 -j DROP ### tuple ### allow tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 349: delete allow 22/tcp 350: delete deny 23 351: delete deny to any app Samba *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT Prepend (example rules) 352: allow 22/tcp 353: allow from 1.2.3.4 354: allow from 2001:db8::/32 355: prepend deny from 2a02:2210:12:a:b820:fff:fea2:25d1 356: prepend deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### tuple ### deny any any 0.0.0.0/0 any 6.7.8.9 in -A ufw-user-input -s 6.7.8.9 -j DROP ### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in -A ufw-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any 0.0.0.0/0 any 1.2.3.4 in -A ufw-user-input -s 1.2.3.4 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### tuple ### deny any any ::/0 any 2a02:2210:12:a:b820:fff:fea2:25d1 in -A ufw6-user-input -s 2a02:2210:12:a:b820:fff:fea2:25d1 -j DROP ### tuple ### allow tcp 22 ::/0 any ::/0 in -A ufw6-user-input -p tcp --dport 22 -j ACCEPT ### tuple ### allow any any ::/0 any 2001:db8::/32 in -A ufw6-user-input -s 2001:db8::/32 -j ACCEPT ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT 357: delete allow 22/tcp 358: delete allow from 1.2.3.4 359: delete allow from 2001:db8::/32 360: delete deny from 2a02:2210:12:a:b820:fff:fea2:25d1 361: delete deny from 6.7.8.9 *filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-before-logging-input - [0:0] :ufw-before-logging-output - [0:0] :ufw-before-logging-forward - [0:0] :ufw-user-logging-input - [0:0] :ufw-user-logging-output - [0:0] :ufw-user-logging-forward - [0:0] :ufw-after-logging-input - [0:0] :ufw-after-logging-output - [0:0] :ufw-after-logging-forward - [0:0] :ufw-logging-deny - [0:0] :ufw-logging-allow - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### ### RATE LIMITING ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT ### END RATE LIMITING ### COMMIT *filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] :ufw6-before-logging-input - [0:0] :ufw6-before-logging-output - [0:0] :ufw6-before-logging-forward - [0:0] :ufw6-user-logging-input - [0:0] :ufw6-user-logging-output - [0:0] :ufw6-user-logging-forward - [0:0] :ufw6-after-logging-input - [0:0] :ufw6-after-logging-output - [0:0] :ufw6-after-logging-forward - [0:0] :ufw6-logging-deny - [0:0] :ufw6-logging-allow - [0:0] ### RULES ### ### END RULES ### ### LOGGING ### -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10 -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10 ### END LOGGING ### COMMIT ufw-0.36/tests/ipv6/bad_args6/0000755000175000017500000000000013404772663015071 5ustar jamiejamieufw-0.36/tests/ipv6/bad_args6/orig0000777000175000017500000000000013226727543020130 2../../defaultsustar jamiejamieufw-0.36/tests/ipv6/bad_args6/runtest.sh0000755000175000017500000002105013404772663017132 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" sed -i 's/IPV6=no/IPV6=yes/' $TESTPATH/etc/default/ufw echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "1" null --dry-run logging do_cmd "1" null --dry-run logging foo do_cmd "1" null --dry-run loggin on echo "TESTING ARGS (default)" >> $TESTTMP/result do_cmd "1" null --dry-run default do_cmd "1" null --dry-run default foo do_cmd "1" null --dry-run default accept do_cmd "1" null --dry-run defaul allow do_cmd "1" null --dry-run default limit echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result # bad do_cmd "1" null --dry-run enabled do_cmd "1" null --dry-run disabled echo "TESTING ARGS (allow/deny/limit)" >> $TESTTMP/result do_cmd "1" null --dry-run allow do_cmd "1" null --dry-run deny do_cmd "1" null --dry-run limit echo "TESTING ARGS (allow/deny/limit bad port)" >> $TESTTMP/result do_cmd "1" null --dry-run alow 25 do_cmd "1" null --dry-run dny 25 do_cmd "1" null --dry-run limt 25 do_cmd "1" null --dry-run allow 25a do_cmd "1" null --dry-run deny 25a do_cmd "1" null --dry-run limit 25a do_cmd "1" null --dry-run allow 65536 do_cmd "1" null --dry-run deny 65536 do_cmd "1" null --dry-run limit 65536 do_cmd "1" null --dry-run allow 0 do_cmd "1" null --dry-run deny 0 do_cmd "1" null --dry-run limit 0 do_cmd "1" null --dry-run deny XXX do_cmd "1" null --dry-run deny foobar echo "TESTING ARGS (allow/deny/limit bad to/from)" >> $TESTTMP/result ip="2001:db8:3:4:5:6:7:8" for action in allow deny limit do do_cmd "1" null --dry-run $action prot tcp from any do_cmd "1" null --dry-run $action proto tcp fro any do_cmd "1" null --dry-run $action proto tcp top any do_cmd "1" null --dry-run $action proto tcp to any por 25 do_cmd "1" null --dry-run $action port 25 do_cmd "1" null --dry-run $action to anu do_cmd "1" null --dry-run $action proto tcq to any port 25 do_cmd "1" null --dry-run $action proto tcp proto udp to any port 25 do_cmd "1" null --dry-run $action to do_cmd "1" null --dry-run $action to port 25 do_cmd "1" null --dry-run $action from do_cmd "1" null --dry-run $action from port 25 do_cmd "1" null --dry-run $action to any port do_cmd "1" null --dry-run $action to port 25 do_cmd "1" null --dry-run $action from $ip to do_cmd "1" null --dry-run $action from $ip from do_cmd "1" null --dry-run $action from $ip port 25 to do_cmd "1" null --dry-run $action from $ip port 25 from do_cmd "1" null --dry-run $action to $ip from do_cmd "1" null --dry-run $action to $ip to do_cmd "1" null --dry-run $action to $ip port smtp from do_cmd "1" null --dry-run $action to $ip port smtp to do_cmd "1" null --dry-run $action to from $ip do_cmd "1" null --dry-run $action from to $ip do_cmd "1" null --dry-run $action to from $ip port 25 do_cmd "1" null --dry-run $action from to $ip port 25 do_cmd "1" null --dry-run $action from from $ip do_cmd "1" null --dry-run $action to to $ip do_cmd "1" null --dry-run $action from from $ip port smtp do_cmd "1" null --dry-run $action to to $ip port smtp done echo "TESTING ARGS (bad ip)" >> $TESTTMP/result do_cmd "1" null --dry-run allow to 2001:db8:::/32 do_cmd "1" null --dry-run allow to 2001:db8::/129 do_cmd "1" null --dry-run allow to 2001:gb8::/32 do_cmd "1" null --dry-run allow to 2001:db8:3:4:5:6:7:8:9 do_cmd "1" null --dry-run allow to foo do_cmd "1" null --dry-run allow to xxx:xxx:xxx:xx:xxx:xxx:xxx:xxx do_cmd "1" null --dry-run allow to g001:db8:3:4:5:6:7:8 do_cmd "1" null --dry-run allow to 2001:gb8:3:4:5:6:7:8 do_cmd "1" null --dry-run allow to 2001:db8:g:4:5:6:7:8 do_cmd "1" null --dry-run allow to 2001:db8:3:g:5:6:7:8 do_cmd "1" null --dry-run allow to 2001:db8:3:4:g:6:7:8 do_cmd "1" null --dry-run allow to 2001:db8:3:4:5:g:7:8 do_cmd "1" null --dry-run allow to 2001:db8:3:4:5:6:g:8 do_cmd "1" null --dry-run allow to 2001:db8:3:4:5:6:7:g do_cmd "1" null --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:0000/129 do_cmd "1" null --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:00000/128 do_cmd "1" null --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:00000/12a echo "TESTING ARGS (delete)" >> $TESTTMP/result do_cmd "1" null --dry-run delete echo "TESTING ARGS (allow/deny/limit mixed ipv4/ipv6)" >> $TESTTMP/result do_cmd "1" null --dry-run allow to 10.0.0.1 from 2001:db8::/32 do_cmd "1" null --dry-run deny to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp do_cmd "1" null --dry-run limit to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp do_cmd "1" null --dry-run allow to 2001:db8::/32 port 25 from 10.0.0.1 proto udp do_cmd "1" null --dry-run deny to 2001:db8::/32 from 10.0.0.1 do_cmd "1" null --dry-run limit to 2001:db8::/32 from 10.0.0.1 echo "TESTING BAD SERVICES" >> $TESTTMP/result # use 'esp' as the protocol for smtp since it shouldn't ever match since some # systems list 'udp' as valid with smtp (LP: #815982) do_cmd "1" null --dry-run allow smtp/esp do_cmd "1" null --dry-run allow tftp/tcp do_cmd "1" null --dry-run allow to any port smtp from any port tftp do_cmd "1" null --dry-run allow to any port tftp from any port smtp do_cmd "1" null --dry-run allow to any port smtp from any port 23 proto esp do_cmd "1" null --dry-run allow to any port 23 from any port smtp proto esp do_cmd "1" null --dry-run allow to any port tftp from any port 23 proto tcp do_cmd "1" null --dry-run allow to any port 23 from any port tftp proto tcp do_cmd "1" null --dry-run allow to any port smtp from any port ssh proto esp do_cmd "1" null --dry-run allow to any port tftp from any port ssh proto tcp echo "TESTING BAD MULTIPORTS" >> $TESTTMP/result for i in allow deny limit; do for j in from to; do do_cmd "1" null --dry-run $i $j any port 20,21 do_cmd "1" null --dry-run $i $j any port 20,2L proto udp do_cmd "1" null --dry-run $i $j any port 2o,21 proto tcp do_cmd "1" null --dry-run $i $j any port 20, proto udp do_cmd "1" null --dry-run $i $j any port ,20 proto tcp do_cmd "1" null --dry-run $i $j any port ,20, proto udp do_cmd "1" null --dry-run $i $j any port 20: proto tcp do_cmd "1" null --dry-run $i $j any port :20 proto udp do_cmd "1" null --dry-run $i $j any port :20: proto tcp do_cmd "1" null --dry-run $i $j any port 20:65536 proto udp do_cmd "1" null --dry-run $i $j any port 0:65 proto tcp do_cmd "1" null --dry-run $i $j any port ,20:24 proto udp do_cmd "1" null --dry-run $i $j any port 20:24, proto tcp do_cmd "1" null --dry-run $i $j any port ,20:24, proto udp do_cmd "1" null --dry-run $i $j any port 24:20 proto tcp do_cmd "1" null --dry-run $i $j any port 2A:20 proto tcp do_cmd "1" null --dry-run $i $j any port 24:2o proto tcp do_cmd "1" null --dry-run $i $j any port http,smtp proto tcp do_cmd "1" null --dry-run $i $j any port 80,smtp proto tcp do_cmd "1" null --dry-run $i $j any port http,25 proto tcp done do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp do_cmd "1" null --dry-run $i from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp do_cmd "1" null --dry-run $i from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto udp done echo "TESTING BAD INTERFACES" >> $TESTTMP/result for i in "in" "out"; do for j in allow deny limit reject; do do_cmd "1" null --dry-run $j $i on e?th0 to 2001:db8:3:4:5:6:7:8 do_cmd "1" null --dry-run $j $i eth0 to 2001:db8:3:4:5:6:7:8 do_cmd "1" null --dry-run $j ina eth0 to 2001:db8:3:4:5:6:7:8 do_cmd "1" null --dry-run $j on eth0 to 2001:db8:3:4:5:6:7:8 do_cmd "1" null --dry-run $j log $i on eth0 to 2001:db8:3:4:5:6:7:8 done done exit 0 ufw-0.36/tests/ipv6/bad_args6/result0000644000175000017500000004175613404772663016347 0ustar jamiejamieTESTING ARGS (logging) 0: --dry-run logging 1: --dry-run logging foo 2: --dry-run loggin on TESTING ARGS (default) 3: --dry-run default 4: --dry-run default foo 5: --dry-run default accept 6: --dry-run defaul allow 7: --dry-run default limit TESTING ARGS (enable/disable) 8: --dry-run enabled 9: --dry-run disabled TESTING ARGS (allow/deny/limit) 10: --dry-run allow 11: --dry-run deny 12: --dry-run limit TESTING ARGS (allow/deny/limit bad port) 13: --dry-run alow 25 14: --dry-run dny 25 15: --dry-run limt 25 16: --dry-run allow 25a 17: --dry-run deny 25a 18: --dry-run limit 25a 19: --dry-run allow 65536 20: --dry-run deny 65536 21: --dry-run limit 65536 22: --dry-run allow 0 23: --dry-run deny 0 24: --dry-run limit 0 25: --dry-run deny XXX 26: --dry-run deny foobar TESTING ARGS (allow/deny/limit bad to/from) 27: --dry-run allow prot tcp from any 28: --dry-run allow proto tcp fro any 29: --dry-run allow proto tcp top any 30: --dry-run allow proto tcp to any por 25 31: --dry-run allow port 25 32: --dry-run allow to anu 33: --dry-run allow proto tcq to any port 25 34: --dry-run allow proto tcp proto udp to any port 25 35: --dry-run allow to 36: --dry-run allow to port 25 37: --dry-run allow from 38: --dry-run allow from port 25 39: --dry-run allow to any port 40: --dry-run allow to port 25 41: --dry-run allow from 2001:db8:3:4:5:6:7:8 to 42: --dry-run allow from 2001:db8:3:4:5:6:7:8 from 43: --dry-run allow from 2001:db8:3:4:5:6:7:8 port 25 to 44: --dry-run allow from 2001:db8:3:4:5:6:7:8 port 25 from 45: --dry-run allow to 2001:db8:3:4:5:6:7:8 from 46: --dry-run allow to 2001:db8:3:4:5:6:7:8 to 47: --dry-run allow to 2001:db8:3:4:5:6:7:8 port smtp from 48: --dry-run allow to 2001:db8:3:4:5:6:7:8 port smtp to 49: --dry-run allow to from 2001:db8:3:4:5:6:7:8 50: --dry-run allow from to 2001:db8:3:4:5:6:7:8 51: --dry-run allow to from 2001:db8:3:4:5:6:7:8 port 25 52: --dry-run allow from to 2001:db8:3:4:5:6:7:8 port 25 53: --dry-run allow from from 2001:db8:3:4:5:6:7:8 54: --dry-run allow to to 2001:db8:3:4:5:6:7:8 55: --dry-run allow from from 2001:db8:3:4:5:6:7:8 port smtp 56: --dry-run allow to to 2001:db8:3:4:5:6:7:8 port smtp 57: --dry-run deny prot tcp from any 58: --dry-run deny proto tcp fro any 59: --dry-run deny proto tcp top any 60: --dry-run deny proto tcp to any por 25 61: --dry-run deny port 25 62: --dry-run deny to anu 63: --dry-run deny proto tcq to any port 25 64: --dry-run deny proto tcp proto udp to any port 25 65: --dry-run deny to 66: --dry-run deny to port 25 67: --dry-run deny from 68: --dry-run deny from port 25 69: --dry-run deny to any port 70: --dry-run deny to port 25 71: --dry-run deny from 2001:db8:3:4:5:6:7:8 to 72: --dry-run deny from 2001:db8:3:4:5:6:7:8 from 73: --dry-run deny from 2001:db8:3:4:5:6:7:8 port 25 to 74: --dry-run deny from 2001:db8:3:4:5:6:7:8 port 25 from 75: --dry-run deny to 2001:db8:3:4:5:6:7:8 from 76: --dry-run deny to 2001:db8:3:4:5:6:7:8 to 77: --dry-run deny to 2001:db8:3:4:5:6:7:8 port smtp from 78: --dry-run deny to 2001:db8:3:4:5:6:7:8 port smtp to 79: --dry-run deny to from 2001:db8:3:4:5:6:7:8 80: --dry-run deny from to 2001:db8:3:4:5:6:7:8 81: --dry-run deny to from 2001:db8:3:4:5:6:7:8 port 25 82: --dry-run deny from to 2001:db8:3:4:5:6:7:8 port 25 83: --dry-run deny from from 2001:db8:3:4:5:6:7:8 84: --dry-run deny to to 2001:db8:3:4:5:6:7:8 85: --dry-run deny from from 2001:db8:3:4:5:6:7:8 port smtp 86: --dry-run deny to to 2001:db8:3:4:5:6:7:8 port smtp 87: --dry-run limit prot tcp from any 88: --dry-run limit proto tcp fro any 89: --dry-run limit proto tcp top any 90: --dry-run limit proto tcp to any por 25 91: --dry-run limit port 25 92: --dry-run limit to anu 93: --dry-run limit proto tcq to any port 25 94: --dry-run limit proto tcp proto udp to any port 25 95: --dry-run limit to 96: --dry-run limit to port 25 97: --dry-run limit from 98: --dry-run limit from port 25 99: --dry-run limit to any port 100: --dry-run limit to port 25 101: --dry-run limit from 2001:db8:3:4:5:6:7:8 to 102: --dry-run limit from 2001:db8:3:4:5:6:7:8 from 103: --dry-run limit from 2001:db8:3:4:5:6:7:8 port 25 to 104: --dry-run limit from 2001:db8:3:4:5:6:7:8 port 25 from 105: --dry-run limit to 2001:db8:3:4:5:6:7:8 from 106: --dry-run limit to 2001:db8:3:4:5:6:7:8 to 107: --dry-run limit to 2001:db8:3:4:5:6:7:8 port smtp from 108: --dry-run limit to 2001:db8:3:4:5:6:7:8 port smtp to 109: --dry-run limit to from 2001:db8:3:4:5:6:7:8 110: --dry-run limit from to 2001:db8:3:4:5:6:7:8 111: --dry-run limit to from 2001:db8:3:4:5:6:7:8 port 25 112: --dry-run limit from to 2001:db8:3:4:5:6:7:8 port 25 113: --dry-run limit from from 2001:db8:3:4:5:6:7:8 114: --dry-run limit to to 2001:db8:3:4:5:6:7:8 115: --dry-run limit from from 2001:db8:3:4:5:6:7:8 port smtp 116: --dry-run limit to to 2001:db8:3:4:5:6:7:8 port smtp TESTING ARGS (bad ip) 117: --dry-run allow to 2001:db8:::/32 118: --dry-run allow to 2001:db8::/129 119: --dry-run allow to 2001:gb8::/32 120: --dry-run allow to 2001:db8:3:4:5:6:7:8:9 121: --dry-run allow to foo 122: --dry-run allow to xxx:xxx:xxx:xx:xxx:xxx:xxx:xxx 123: --dry-run allow to g001:db8:3:4:5:6:7:8 124: --dry-run allow to 2001:gb8:3:4:5:6:7:8 125: --dry-run allow to 2001:db8:g:4:5:6:7:8 126: --dry-run allow to 2001:db8:3:g:5:6:7:8 127: --dry-run allow to 2001:db8:3:4:g:6:7:8 128: --dry-run allow to 2001:db8:3:4:5:g:7:8 129: --dry-run allow to 2001:db8:3:4:5:6:g:8 130: --dry-run allow to 2001:db8:3:4:5:6:7:g 131: --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:0000/129 132: --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:00000/128 133: --dry-run allow to 2001:0db8:0000:0000:0000:0000:0000:00000/12a TESTING ARGS (delete) 134: --dry-run delete TESTING ARGS (allow/deny/limit mixed ipv4/ipv6) 135: --dry-run allow to 10.0.0.1 from 2001:db8::/32 136: --dry-run deny to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp 137: --dry-run limit to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp 138: --dry-run allow to 2001:db8::/32 port 25 from 10.0.0.1 proto udp 139: --dry-run deny to 2001:db8::/32 from 10.0.0.1 140: --dry-run limit to 2001:db8::/32 from 10.0.0.1 TESTING BAD SERVICES 141: --dry-run allow smtp/esp 142: --dry-run allow tftp/tcp 143: --dry-run allow to any port smtp from any port tftp 144: --dry-run allow to any port tftp from any port smtp 145: --dry-run allow to any port smtp from any port 23 proto esp 146: --dry-run allow to any port 23 from any port smtp proto esp 147: --dry-run allow to any port tftp from any port 23 proto tcp 148: --dry-run allow to any port 23 from any port tftp proto tcp 149: --dry-run allow to any port smtp from any port ssh proto esp 150: --dry-run allow to any port tftp from any port ssh proto tcp TESTING BAD MULTIPORTS 151: --dry-run allow from any port 20,21 152: --dry-run allow from any port 20,2L proto udp 153: --dry-run allow from any port 2o,21 proto tcp 154: --dry-run allow from any port 20, proto udp 155: --dry-run allow from any port ,20 proto tcp 156: --dry-run allow from any port ,20, proto udp 157: --dry-run allow from any port 20: proto tcp 158: --dry-run allow from any port :20 proto udp 159: --dry-run allow from any port :20: proto tcp 160: --dry-run allow from any port 20:65536 proto udp 161: --dry-run allow from any port 0:65 proto tcp 162: --dry-run allow from any port ,20:24 proto udp 163: --dry-run allow from any port 20:24, proto tcp 164: --dry-run allow from any port ,20:24, proto udp 165: --dry-run allow from any port 24:20 proto tcp 166: --dry-run allow from any port 2A:20 proto tcp 167: --dry-run allow from any port 24:2o proto tcp 168: --dry-run allow from any port http,smtp proto tcp 169: --dry-run allow from any port 80,smtp proto tcp 170: --dry-run allow from any port http,25 proto tcp 171: --dry-run allow to any port 20,21 172: --dry-run allow to any port 20,2L proto udp 173: --dry-run allow to any port 2o,21 proto tcp 174: --dry-run allow to any port 20, proto udp 175: --dry-run allow to any port ,20 proto tcp 176: --dry-run allow to any port ,20, proto udp 177: --dry-run allow to any port 20: proto tcp 178: --dry-run allow to any port :20 proto udp 179: --dry-run allow to any port :20: proto tcp 180: --dry-run allow to any port 20:65536 proto udp 181: --dry-run allow to any port 0:65 proto tcp 182: --dry-run allow to any port ,20:24 proto udp 183: --dry-run allow to any port 20:24, proto tcp 184: --dry-run allow to any port ,20:24, proto udp 185: --dry-run allow to any port 24:20 proto tcp 186: --dry-run allow to any port 2A:20 proto tcp 187: --dry-run allow to any port 24:2o proto tcp 188: --dry-run allow to any port http,smtp proto tcp 189: --dry-run allow to any port 80,smtp proto tcp 190: --dry-run allow to any port http,25 proto tcp 191: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 192: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 193: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 194: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto udp 195: --dry-run deny from any port 20,21 196: --dry-run deny from any port 20,2L proto udp 197: --dry-run deny from any port 2o,21 proto tcp 198: --dry-run deny from any port 20, proto udp 199: --dry-run deny from any port ,20 proto tcp 200: --dry-run deny from any port ,20, proto udp 201: --dry-run deny from any port 20: proto tcp 202: --dry-run deny from any port :20 proto udp 203: --dry-run deny from any port :20: proto tcp 204: --dry-run deny from any port 20:65536 proto udp 205: --dry-run deny from any port 0:65 proto tcp 206: --dry-run deny from any port ,20:24 proto udp 207: --dry-run deny from any port 20:24, proto tcp 208: --dry-run deny from any port ,20:24, proto udp 209: --dry-run deny from any port 24:20 proto tcp 210: --dry-run deny from any port 2A:20 proto tcp 211: --dry-run deny from any port 24:2o proto tcp 212: --dry-run deny from any port http,smtp proto tcp 213: --dry-run deny from any port 80,smtp proto tcp 214: --dry-run deny from any port http,25 proto tcp 215: --dry-run deny to any port 20,21 216: --dry-run deny to any port 20,2L proto udp 217: --dry-run deny to any port 2o,21 proto tcp 218: --dry-run deny to any port 20, proto udp 219: --dry-run deny to any port ,20 proto tcp 220: --dry-run deny to any port ,20, proto udp 221: --dry-run deny to any port 20: proto tcp 222: --dry-run deny to any port :20 proto udp 223: --dry-run deny to any port :20: proto tcp 224: --dry-run deny to any port 20:65536 proto udp 225: --dry-run deny to any port 0:65 proto tcp 226: --dry-run deny to any port ,20:24 proto udp 227: --dry-run deny to any port 20:24, proto tcp 228: --dry-run deny to any port ,20:24, proto udp 229: --dry-run deny to any port 24:20 proto tcp 230: --dry-run deny to any port 2A:20 proto tcp 231: --dry-run deny to any port 24:2o proto tcp 232: --dry-run deny to any port http,smtp proto tcp 233: --dry-run deny to any port 80,smtp proto tcp 234: --dry-run deny to any port http,25 proto tcp 235: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 236: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 237: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 238: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto udp 239: --dry-run limit from any port 20,21 240: --dry-run limit from any port 20,2L proto udp 241: --dry-run limit from any port 2o,21 proto tcp 242: --dry-run limit from any port 20, proto udp 243: --dry-run limit from any port ,20 proto tcp 244: --dry-run limit from any port ,20, proto udp 245: --dry-run limit from any port 20: proto tcp 246: --dry-run limit from any port :20 proto udp 247: --dry-run limit from any port :20: proto tcp 248: --dry-run limit from any port 20:65536 proto udp 249: --dry-run limit from any port 0:65 proto tcp 250: --dry-run limit from any port ,20:24 proto udp 251: --dry-run limit from any port 20:24, proto tcp 252: --dry-run limit from any port ,20:24, proto udp 253: --dry-run limit from any port 24:20 proto tcp 254: --dry-run limit from any port 2A:20 proto tcp 255: --dry-run limit from any port 24:2o proto tcp 256: --dry-run limit from any port http,smtp proto tcp 257: --dry-run limit from any port 80,smtp proto tcp 258: --dry-run limit from any port http,25 proto tcp 259: --dry-run limit to any port 20,21 260: --dry-run limit to any port 20,2L proto udp 261: --dry-run limit to any port 2o,21 proto tcp 262: --dry-run limit to any port 20, proto udp 263: --dry-run limit to any port ,20 proto tcp 264: --dry-run limit to any port ,20, proto udp 265: --dry-run limit to any port 20: proto tcp 266: --dry-run limit to any port :20 proto udp 267: --dry-run limit to any port :20: proto tcp 268: --dry-run limit to any port 20:65536 proto udp 269: --dry-run limit to any port 0:65 proto tcp 270: --dry-run limit to any port ,20:24 proto udp 271: --dry-run limit to any port 20:24, proto tcp 272: --dry-run limit to any port ,20:24, proto udp 273: --dry-run limit to any port 24:20 proto tcp 274: --dry-run limit to any port 2A:20 proto tcp 275: --dry-run limit to any port 24:2o proto tcp 276: --dry-run limit to any port http,smtp proto tcp 277: --dry-run limit to any port 80,smtp proto tcp 278: --dry-run limit to any port http,25 proto tcp 279: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 280: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 281: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 282: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto udp TESTING BAD INTERFACES 283: --dry-run allow in on e?th0 to 2001:db8:3:4:5:6:7:8 284: --dry-run allow in eth0 to 2001:db8:3:4:5:6:7:8 285: --dry-run allow ina eth0 to 2001:db8:3:4:5:6:7:8 286: --dry-run allow on eth0 to 2001:db8:3:4:5:6:7:8 287: --dry-run allow log in on eth0 to 2001:db8:3:4:5:6:7:8 288: --dry-run deny in on e?th0 to 2001:db8:3:4:5:6:7:8 289: --dry-run deny in eth0 to 2001:db8:3:4:5:6:7:8 290: --dry-run deny ina eth0 to 2001:db8:3:4:5:6:7:8 291: --dry-run deny on eth0 to 2001:db8:3:4:5:6:7:8 292: --dry-run deny log in on eth0 to 2001:db8:3:4:5:6:7:8 293: --dry-run limit in on e?th0 to 2001:db8:3:4:5:6:7:8 294: --dry-run limit in eth0 to 2001:db8:3:4:5:6:7:8 295: --dry-run limit ina eth0 to 2001:db8:3:4:5:6:7:8 296: --dry-run limit on eth0 to 2001:db8:3:4:5:6:7:8 297: --dry-run limit log in on eth0 to 2001:db8:3:4:5:6:7:8 298: --dry-run reject in on e?th0 to 2001:db8:3:4:5:6:7:8 299: --dry-run reject in eth0 to 2001:db8:3:4:5:6:7:8 300: --dry-run reject ina eth0 to 2001:db8:3:4:5:6:7:8 301: --dry-run reject on eth0 to 2001:db8:3:4:5:6:7:8 302: --dry-run reject log in on eth0 to 2001:db8:3:4:5:6:7:8 303: --dry-run allow out on e?th0 to 2001:db8:3:4:5:6:7:8 304: --dry-run allow out eth0 to 2001:db8:3:4:5:6:7:8 305: --dry-run allow ina eth0 to 2001:db8:3:4:5:6:7:8 306: --dry-run allow on eth0 to 2001:db8:3:4:5:6:7:8 307: --dry-run allow log out on eth0 to 2001:db8:3:4:5:6:7:8 308: --dry-run deny out on e?th0 to 2001:db8:3:4:5:6:7:8 309: --dry-run deny out eth0 to 2001:db8:3:4:5:6:7:8 310: --dry-run deny ina eth0 to 2001:db8:3:4:5:6:7:8 311: --dry-run deny on eth0 to 2001:db8:3:4:5:6:7:8 312: --dry-run deny log out on eth0 to 2001:db8:3:4:5:6:7:8 313: --dry-run limit out on e?th0 to 2001:db8:3:4:5:6:7:8 314: --dry-run limit out eth0 to 2001:db8:3:4:5:6:7:8 315: --dry-run limit ina eth0 to 2001:db8:3:4:5:6:7:8 316: --dry-run limit on eth0 to 2001:db8:3:4:5:6:7:8 317: --dry-run limit log out on eth0 to 2001:db8:3:4:5:6:7:8 318: --dry-run reject out on e?th0 to 2001:db8:3:4:5:6:7:8 319: --dry-run reject out eth0 to 2001:db8:3:4:5:6:7:8 320: --dry-run reject ina eth0 to 2001:db8:3:4:5:6:7:8 321: --dry-run reject on eth0 to 2001:db8:3:4:5:6:7:8 322: --dry-run reject log out on eth0 to 2001:db8:3:4:5:6:7:8 ufw-0.36/tests/testlib.sh0000644000175000017500000000555413257507473014371 0ustar jamiejamie#!/bin/bash # Copyright 2008-2013 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . cp tests/defaults/profiles/* $TESTPATH/etc/ufw/applications.d let count=0 do_cmd() { if [ "$1" = "0" ] || [ "$1" = "1" ]; then expected="$1" shift fi do_stats="yes" cmd_results_file="$TESTTMP/result" if [ "$1" = "null" ]; then cmd_results_file="/dev/null" shift elif [ "$1" = "nostats" ]; then do_stats="no" cmd_results_file="/dev/null" shift fi # Some systems now have http/udp as valid, but not www/udp instead of # the other way around (eg Debian netbase 4.47). Try to account for # that. modified_args= if [ "$1" = "http-or-www" ]; then shift if egrep -q '^http\s+80/udp' /etc/services ; then modified_args=`echo $@ | sed 's/ http *$/ www/'` fi fi echo "$count: $@" >> $TESTTMP/result # Some tests require the quoting behavior that the shell gives us # with "$@", so only use $modified_args if we have to. if [ -z "$modified_args" ]; then $TESTPATH/usr/sbin/ufw "$@" >> $cmd_results_file 2>&1 else $TESTPATH/usr/sbin/ufw $modified_args >> $cmd_results_file 2>&1 fi rc="$?" if [ "$rc" != "$expected" ]; then echo "Command '$@' exited with '$rc', but expected '$expected'" exit 1 fi let count=count+1 echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result if [ "$do_stats" = "yes" ]; then individual=$(cat $statsdir/individual) let individual=individual+1 echo $individual > $statsdir/individual fi } do_extcmd() { if [ "$1" = "0" ] || [ "$1" = "1" ]; then expected="$1" shift fi do_stats="yes" cmd_results_file="$TESTTMP/result" if [ "$1" = "null" ]; then cmd_results_file="/dev/null" shift elif [ "$1" = "nostats" ]; then do_stats="no" cmd_results_file="/dev/null" shift fi echo "$count: $@" >> $TESTTMP/result $@ >> $cmd_results_file 2>&1 rc="$?" if [ "$rc" != "$expected" ]; then echo "Command '$@' exited with '$rc', but expected '$expected'" exit 1 fi let count=count+1 echo "" >> $TESTTMP/result echo "" >> $TESTTMP/result if [ "$do_stats" = "yes" ]; then individual=$(cat $statsdir/individual) let individual=individual+1 echo $individual > $statsdir/individual fi } cleanup() { do_cmd "0" nostats disable $TESTSTATE/ufw-init flush-all } ufw-0.36/tests/bad/0000755000175000017500000000000013226727543013102 5ustar jamiejamieufw-0.36/tests/bad/args/0000755000175000017500000000000013404772663014037 5ustar jamiejamieufw-0.36/tests/bad/args/orig0000777000175000017500000000000013226727543017076 2../../defaultsustar jamiejamieufw-0.36/tests/bad/args/runtest.sh0000755000175000017500000003133513404772663016107 0ustar jamiejamie#!/bin/bash # Copyright 2008-2014 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "1" null --dry-run logging do_cmd "1" null --dry-run logging foo do_cmd "1" null --dry-run loggin on echo "TESTING ARGS (default)" >> $TESTTMP/result for i in "" "input" "incoming" "output" "outgoing" "routed"; do do_cmd "1" null --dry-run default $i do_cmd "1" null --dry-run default foo $i do_cmd "1" null --dry-run default accept $i do_cmd "1" null --dry-run defaul allow $i do_cmd "1" null --dry-run default limit $i done echo "TESTING ARGS (enable/disable)" >> $TESTTMP/result # bad do_cmd "1" null --dry-run enabled do_cmd "1" null --dry-run disabled do_cmd "1" null --dry-run enable OpenSSH do_cmd "1" null --dry-run disable OpenSSH echo "TESTING ARGS (allow/deny/limit)" >> $TESTTMP/result do_cmd "1" null --dry-run allow do_cmd "1" null --dry-run deny do_cmd "1" null --dry-run limit echo "TESTING ARGS (allow/deny/limit bad port)" >> $TESTTMP/result do_cmd "1" null --dry-run alow 25 do_cmd "1" null --dry-run dny 25 do_cmd "1" null --dry-run limt 25 do_cmd "1" null --dry-run allow 25a do_cmd "1" null --dry-run deny 25a do_cmd "1" null --dry-run limit 25a do_cmd "1" null --dry-run allow 65536 do_cmd "1" null --dry-run deny 65536 do_cmd "1" null --dry-run limit 65536 do_cmd "1" null --dry-run allow 0 do_cmd "1" null --dry-run deny 0 do_cmd "1" null --dry-run limit 0 do_cmd "1" null --dry-run deny XXX do_cmd "1" null --dry-run deny foobar echo "TESTING ARGS (allow/deny/limit bad to/from)" >> $TESTTMP/result ip="192.168.0.1" for action in allow deny limit do do_cmd "1" null --dry-run $action prot tcp from any do_cmd "1" null --dry-run $action proto tcp fro any do_cmd "1" null --dry-run $action proto tcp top any do_cmd "1" null --dry-run $action proto tcp to any por 25 do_cmd "1" null --dry-run $action port 25 do_cmd "1" null --dry-run $action to anu do_cmd "1" null --dry-run $action proto tcq to any port 25 do_cmd "1" null --dry-run $action proto tcp proto udp to any port 25 do_cmd "1" null --dry-run $action to do_cmd "1" null --dry-run $action to port 25 do_cmd "1" null --dry-run $action from do_cmd "1" null --dry-run $action from port 25 do_cmd "1" null --dry-run $action to any port do_cmd "1" null --dry-run $action to port 25 do_cmd "1" null --dry-run $action from $ip to do_cmd "1" null --dry-run $action from $ip from do_cmd "1" null --dry-run $action from $ip port 25 to do_cmd "1" null --dry-run $action from $ip port 25 from do_cmd "1" null --dry-run $action to $ip from do_cmd "1" null --dry-run $action to $ip to do_cmd "1" null --dry-run $action to $ip port smtp from do_cmd "1" null --dry-run $action to $ip port smtp to do_cmd "1" null --dry-run $action to from $ip do_cmd "1" null --dry-run $action from to $ip do_cmd "1" null --dry-run $action to from $ip port 25 do_cmd "1" null --dry-run $action from to $ip port 25 do_cmd "1" null --dry-run $action from from $ip do_cmd "1" null --dry-run $action to to $ip do_cmd "1" null --dry-run $action from from $ip port smtp do_cmd "1" null --dry-run $action to to $ip port smtp done echo "TESTING ARGS (bad ip)" >> $TESTTMP/result do_cmd "1" null --dry-run allow to 192.168.0. do_cmd "1" null --dry-run allow to 192.168.0.1.1 do_cmd "1" null --dry-run allow to foo do_cmd "1" null --dry-run allow to xxx.xxx.xxx.xx do_cmd "1" null --dry-run allow to 192a.168.0.1 do_cmd "1" null --dry-run allow to 192.168a.0.1 do_cmd "1" null --dry-run allow to 192.168.0a.1 do_cmd "1" null --dry-run allow to 192.168.1.a1 do_cmd "1" null --dry-run allow to 192.168.1..1 do_cmd "1" null --dry-run allow to 192.168.1..1/24 do_cmd "1" null --dry-run allow to 192.168.1.256 do_cmd "1" null --dry-run allow to 256.0.0.0 do_cmd "1" null --dry-run allow to 10.256.0.0 echo "TESTING ARGS (delete)" >> $TESTTMP/result do_cmd "1" null --dry-run delete echo "TESTING ARGS (allow/deny/limit mixed ipv4/ipv6)" >> $TESTTMP/result do_cmd "1" null --dry-run allow to 10.0.0.1 from 2001:db8::/32 do_cmd "1" null --dry-run deny to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp do_cmd "1" null --dry-run limit to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp do_cmd "1" null --dry-run allow to 2001:db8::/32 port 25 from 10.0.0.1 proto udp do_cmd "1" null --dry-run deny to 2001:db8::/32 from 10.0.0.1 do_cmd "1" null --dry-run limit to 2001:db8::/32 from 10.0.0.1 echo "TESTING ARGS (allow/deny/limit ipv6 when not enabled)" >> $TESTTMP/result do_cmd "1" null --dry-run deny proto tcp from 2001:db8::/32 to any port 25 do_cmd "1" null --dry-run allow proto tcp from 2001:db8::/32 port 25 to any do_cmd "1" null --dry-run limit proto tcp from 2001:db8::/32 port 25 to any do_cmd "1" null --dry-run deny proto udp to 2001:db8::/32 from any port 25 do_cmd "1" null --dry-run allow proto udp to 2001:db8::/32 port 25 from any do_cmd "1" null --dry-run limit proto udp to 2001:db8::/32 port 25 from any echo "TESTING BAD SERVICES" >> $TESTTMP/result # use 'esp' as the protocol for smtp since it shouldn't ever match since some # systems list 'udp' as valid with smtp (LP: #815982) do_cmd "1" null --dry-run allow smtp/esp do_cmd "1" null --dry-run allow tftp/tcp do_cmd "1" null --dry-run allow to any port smtp from any port tftp do_cmd "1" null --dry-run allow to any port tftp from any port smtp do_cmd "1" null --dry-run allow to any port smtp from any port 23 proto esp do_cmd "1" null --dry-run allow to any port 23 from any port smtp proto esp do_cmd "1" null --dry-run allow to any port tftp from any port 23 proto tcp do_cmd "1" null --dry-run allow to any port 23 from any port tftp proto tcp do_cmd "1" null --dry-run allow to any port smtp from any port daytime proto esp do_cmd "1" null --dry-run allow to any port tftp from any port daytime proto tcp echo "TESTING BAD MULTIPORTS" >> $TESTTMP/result # extended syntax for i in allow deny limit; do for j in from to; do do_cmd "1" null --dry-run $i $j any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp do_cmd "1" null --dry-run $i $j any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp do_cmd "1" null --dry-run $i $j any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp do_cmd "1" null --dry-run $i $j any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp do_cmd "1" null --dry-run $i $j any port 20,21 do_cmd "1" null --dry-run $i $j any port 20,2L do_cmd "1" null --dry-run $i $j any port 2o,21 do_cmd "1" null --dry-run $i $j any port 20, proto udp do_cmd "1" null --dry-run $i $j any port ,20 proto tcp do_cmd "1" null --dry-run $i $j any port ,20, proto udp do_cmd "1" null --dry-run $i $j any port 20: proto tcp do_cmd "1" null --dry-run $i $j any port :20 proto udp do_cmd "1" null --dry-run $i $j any port :20: proto tcp do_cmd "1" null --dry-run $i $j any port 20:65536 proto udp do_cmd "1" null --dry-run $i $j any port 0:65 proto tcp do_cmd "1" null --dry-run $i $j any port ,20:24 proto udp do_cmd "1" null --dry-run $i $j any port 20:24, proto tcp do_cmd "1" null --dry-run $i $j any port ,20:24, proto udp do_cmd "1" null --dry-run $i $j any port 24:20 proto tcp do_cmd "1" null --dry-run $i $j any port 2A:20 proto tcp do_cmd "1" null --dry-run $i $j any port 24:2o proto tcp do_cmd "1" null --dry-run $i $j any port daytime,smtp proto tcp do_cmd "1" null --dry-run $i $j any port 13,smtp proto tcp do_cmd "1" null --dry-run $i $j any port daytime,25 proto tcp done do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp do_cmd "1" null --dry-run $i to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp done # simple syntax for i in allow deny limit; do do_cmd "1" --dry-run $i 34,35 do_cmd "1" --dry-run $i 34,35:39 do_cmd "1" --dry-run $i 35:39 do_cmd "1" --dry-run $i 23,21,15:19,22 for j in tcp udp; do do_cmd "1" null --dry-run $i 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/$j do_cmd "1" null --dry-run $i 20,2L/$j do_cmd "1" null --dry-run $i 2o,21/$j do_cmd "1" null --dry-run $i 20,/$j do_cmd "1" null --dry-run $i ,20/$j do_cmd "1" null --dry-run $i ,20,/$j do_cmd "1" null --dry-run $i 20:/$j do_cmd "1" null --dry-run $i :20/$j do_cmd "1" null --dry-run $i :20:/$j do_cmd "1" null --dry-run $i 20:65536/$j do_cmd "1" null --dry-run $i 0:65/$j do_cmd "1" null --dry-run $i ,20:24/$j do_cmd "1" null --dry-run $i 20:24,/$j do_cmd "1" null --dry-run $i ,20:24,/$j do_cmd "1" null --dry-run $i 24:20/$j do_cmd "1" null --dry-run $i 2A:20/$j do_cmd "1" null --dry-run $i 24:2o/$j do_cmd "1" null --dry-run $i daytime,smtp/tcp do_cmd "1" null --dry-run $i 13,smtp/tcp do_cmd "1" null --dry-run $i daytime,25/tcp done done echo "TESTING ARGS (app)" >> $TESTTMP/result do_cmd "1" null --dry-run app do_cmd "1" null --dry-run app lis do_cmd "1" null --dry-run app info do_cmd "1" null --dry-run app ino foo do_cmd "1" null --dry-run app default do_cmd "1" null --dry-run app defalt foo do_cmd "1" null --dry-run app update do_cmd "1" null --dry-run app rfresh foo do_cmd "1" null --dry-run app info foo% echo "TESTING ARGS (logging)" >> $TESTTMP/result do_cmd "1" null --dry-run logging offf grep -q "^LOGLEVEL=low" $TESTPATH/etc/ufw/ufw.conf || echo "ERROR: loglevel changed" do_cmd "1" null --dry-run logging onn do_cmd "1" null --dry-run logging loww do_cmd "1" null --dry-run logging meduim grep -q "^LOGLEVEL=low" $TESTPATH/etc/ufw/ufw.conf || echo "ERROR: loglevel changed" do_cmd "1" null --dry-run logging hih grep -q "^LOGLEVEL=low" $TESTPATH/etc/ufw/ufw.conf || echo "ERROR: loglevel changed" do_cmd "1" null --dry-run logging ful1 grep -q "^LOGLEVEL=low" $TESTPATH/etc/ufw/ufw.conf || echo "ERROR: loglevel changed" do_cmd "1" null --dry-run allow logg 13 do_cmd "1" null --dry-run allow logall 13 do_cmd "1" null --dry-run allow log-al1 13 echo "TESTING ARGS (insert)" >> $TESTTMP/result do_cmd "0" null allow 13 do_cmd "0" null allow 23 do_cmd "1" null insert 0 allow 24 do_cmd "1" null insert 3 allow 24 do_cmd "1" null insert allow 24 do_cmd "1" null allow insert 2 24 do_cmd "0" null insert 1 allow 13 do_cmd "0" null insert 1 allow log 13 do_cmd "0" null delete allow 13 do_cmd "0" null delete allow 23 echo "TESTING ARGS (interfaces)" >> $TESTTMP/result for j in "in" "out"; do for i in allow deny limit; do do_cmd "1" null --dry-run $i $j on eth0:1 do_cmd "1" null --dry-run $i $j on e?th0 do_cmd "1" null --dry-run $i on eth0 do_cmd "1" null --dry-run $i ina on eth0 do_cmd "1" null --dry-run $i $j ona eth0 do_cmd "1" null --dry-run $i $j eth0 do_cmd "1" null --dry-run $i $j on eth0 to do_cmd "1" null --dry-run $i $j on eth0 from do_cmd "1" null --dry-run $i $j on eth0 from any to do_cmd "1" null --dry-run $i $j on eth0 any from do_cmd "1" null --dry-run $i $j on eth0 any from to any proto do_cmd "1" null --dry-run $i log $j on eth0 do_cmd "1" null --dry-run $i log-all $j on eth0 done done echo "TESTING ARGS (status)" >> $TESTTMP/result do_cmd "1" null --dry-run status foo do_cmd "1" null --dry-run status numbere do_cmd "1" null --dry-run status erbose echo "TESTING ARGS (show)" >> $TESTTMP/result do_cmd "1" null --dry-run show do_cmd "1" null --dry-run show ra exit 0 ufw-0.36/tests/bad/args/result0000644000175000017500000007046513404772663015314 0ustar jamiejamieTESTING ARGS (logging) 0: --dry-run logging 1: --dry-run logging foo 2: --dry-run loggin on TESTING ARGS (default) 3: --dry-run default 4: --dry-run default foo 5: --dry-run default accept 6: --dry-run defaul allow 7: --dry-run default limit 8: --dry-run default input 9: --dry-run default foo input 10: --dry-run default accept input 11: --dry-run defaul allow input 12: --dry-run default limit input 13: --dry-run default incoming 14: --dry-run default foo incoming 15: --dry-run default accept incoming 16: --dry-run defaul allow incoming 17: --dry-run default limit incoming 18: --dry-run default output 19: --dry-run default foo output 20: --dry-run default accept output 21: --dry-run defaul allow output 22: --dry-run default limit output 23: --dry-run default outgoing 24: --dry-run default foo outgoing 25: --dry-run default accept outgoing 26: --dry-run defaul allow outgoing 27: --dry-run default limit outgoing 28: --dry-run default routed 29: --dry-run default foo routed 30: --dry-run default accept routed 31: --dry-run defaul allow routed 32: --dry-run default limit routed TESTING ARGS (enable/disable) 33: --dry-run enabled 34: --dry-run disabled 35: --dry-run enable OpenSSH 36: --dry-run disable OpenSSH TESTING ARGS (allow/deny/limit) 37: --dry-run allow 38: --dry-run deny 39: --dry-run limit TESTING ARGS (allow/deny/limit bad port) 40: --dry-run alow 25 41: --dry-run dny 25 42: --dry-run limt 25 43: --dry-run allow 25a 44: --dry-run deny 25a 45: --dry-run limit 25a 46: --dry-run allow 65536 47: --dry-run deny 65536 48: --dry-run limit 65536 49: --dry-run allow 0 50: --dry-run deny 0 51: --dry-run limit 0 52: --dry-run deny XXX 53: --dry-run deny foobar TESTING ARGS (allow/deny/limit bad to/from) 54: --dry-run allow prot tcp from any 55: --dry-run allow proto tcp fro any 56: --dry-run allow proto tcp top any 57: --dry-run allow proto tcp to any por 25 58: --dry-run allow port 25 59: --dry-run allow to anu 60: --dry-run allow proto tcq to any port 25 61: --dry-run allow proto tcp proto udp to any port 25 62: --dry-run allow to 63: --dry-run allow to port 25 64: --dry-run allow from 65: --dry-run allow from port 25 66: --dry-run allow to any port 67: --dry-run allow to port 25 68: --dry-run allow from 192.168.0.1 to 69: --dry-run allow from 192.168.0.1 from 70: --dry-run allow from 192.168.0.1 port 25 to 71: --dry-run allow from 192.168.0.1 port 25 from 72: --dry-run allow to 192.168.0.1 from 73: --dry-run allow to 192.168.0.1 to 74: --dry-run allow to 192.168.0.1 port smtp from 75: --dry-run allow to 192.168.0.1 port smtp to 76: --dry-run allow to from 192.168.0.1 77: --dry-run allow from to 192.168.0.1 78: --dry-run allow to from 192.168.0.1 port 25 79: --dry-run allow from to 192.168.0.1 port 25 80: --dry-run allow from from 192.168.0.1 81: --dry-run allow to to 192.168.0.1 82: --dry-run allow from from 192.168.0.1 port smtp 83: --dry-run allow to to 192.168.0.1 port smtp 84: --dry-run deny prot tcp from any 85: --dry-run deny proto tcp fro any 86: --dry-run deny proto tcp top any 87: --dry-run deny proto tcp to any por 25 88: --dry-run deny port 25 89: --dry-run deny to anu 90: --dry-run deny proto tcq to any port 25 91: --dry-run deny proto tcp proto udp to any port 25 92: --dry-run deny to 93: --dry-run deny to port 25 94: --dry-run deny from 95: --dry-run deny from port 25 96: --dry-run deny to any port 97: --dry-run deny to port 25 98: --dry-run deny from 192.168.0.1 to 99: --dry-run deny from 192.168.0.1 from 100: --dry-run deny from 192.168.0.1 port 25 to 101: --dry-run deny from 192.168.0.1 port 25 from 102: --dry-run deny to 192.168.0.1 from 103: --dry-run deny to 192.168.0.1 to 104: --dry-run deny to 192.168.0.1 port smtp from 105: --dry-run deny to 192.168.0.1 port smtp to 106: --dry-run deny to from 192.168.0.1 107: --dry-run deny from to 192.168.0.1 108: --dry-run deny to from 192.168.0.1 port 25 109: --dry-run deny from to 192.168.0.1 port 25 110: --dry-run deny from from 192.168.0.1 111: --dry-run deny to to 192.168.0.1 112: --dry-run deny from from 192.168.0.1 port smtp 113: --dry-run deny to to 192.168.0.1 port smtp 114: --dry-run limit prot tcp from any 115: --dry-run limit proto tcp fro any 116: --dry-run limit proto tcp top any 117: --dry-run limit proto tcp to any por 25 118: --dry-run limit port 25 119: --dry-run limit to anu 120: --dry-run limit proto tcq to any port 25 121: --dry-run limit proto tcp proto udp to any port 25 122: --dry-run limit to 123: --dry-run limit to port 25 124: --dry-run limit from 125: --dry-run limit from port 25 126: --dry-run limit to any port 127: --dry-run limit to port 25 128: --dry-run limit from 192.168.0.1 to 129: --dry-run limit from 192.168.0.1 from 130: --dry-run limit from 192.168.0.1 port 25 to 131: --dry-run limit from 192.168.0.1 port 25 from 132: --dry-run limit to 192.168.0.1 from 133: --dry-run limit to 192.168.0.1 to 134: --dry-run limit to 192.168.0.1 port smtp from 135: --dry-run limit to 192.168.0.1 port smtp to 136: --dry-run limit to from 192.168.0.1 137: --dry-run limit from to 192.168.0.1 138: --dry-run limit to from 192.168.0.1 port 25 139: --dry-run limit from to 192.168.0.1 port 25 140: --dry-run limit from from 192.168.0.1 141: --dry-run limit to to 192.168.0.1 142: --dry-run limit from from 192.168.0.1 port smtp 143: --dry-run limit to to 192.168.0.1 port smtp TESTING ARGS (bad ip) 144: --dry-run allow to 192.168.0. 145: --dry-run allow to 192.168.0.1.1 146: --dry-run allow to foo 147: --dry-run allow to xxx.xxx.xxx.xx 148: --dry-run allow to 192a.168.0.1 149: --dry-run allow to 192.168a.0.1 150: --dry-run allow to 192.168.0a.1 151: --dry-run allow to 192.168.1.a1 152: --dry-run allow to 192.168.1..1 153: --dry-run allow to 192.168.1..1/24 154: --dry-run allow to 192.168.1.256 155: --dry-run allow to 256.0.0.0 156: --dry-run allow to 10.256.0.0 TESTING ARGS (delete) 157: --dry-run delete TESTING ARGS (allow/deny/limit mixed ipv4/ipv6) 158: --dry-run allow to 10.0.0.1 from 2001:db8::/32 159: --dry-run deny to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp 160: --dry-run limit to 10.0.0.1 port 25 from 2001:db8::/32 proto tcp 161: --dry-run allow to 2001:db8::/32 port 25 from 10.0.0.1 proto udp 162: --dry-run deny to 2001:db8::/32 from 10.0.0.1 163: --dry-run limit to 2001:db8::/32 from 10.0.0.1 TESTING ARGS (allow/deny/limit ipv6 when not enabled) 164: --dry-run deny proto tcp from 2001:db8::/32 to any port 25 165: --dry-run allow proto tcp from 2001:db8::/32 port 25 to any 166: --dry-run limit proto tcp from 2001:db8::/32 port 25 to any 167: --dry-run deny proto udp to 2001:db8::/32 from any port 25 168: --dry-run allow proto udp to 2001:db8::/32 port 25 from any 169: --dry-run limit proto udp to 2001:db8::/32 port 25 from any TESTING BAD SERVICES 170: --dry-run allow smtp/esp 171: --dry-run allow tftp/tcp 172: --dry-run allow to any port smtp from any port tftp 173: --dry-run allow to any port tftp from any port smtp 174: --dry-run allow to any port smtp from any port 23 proto esp 175: --dry-run allow to any port 23 from any port smtp proto esp 176: --dry-run allow to any port tftp from any port 23 proto tcp 177: --dry-run allow to any port 23 from any port tftp proto tcp 178: --dry-run allow to any port smtp from any port daytime proto esp 179: --dry-run allow to any port tftp from any port daytime proto tcp TESTING BAD MULTIPORTS 180: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 181: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 182: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 183: --dry-run allow from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 184: --dry-run allow from any port 20,21 185: --dry-run allow from any port 20,2L 186: --dry-run allow from any port 2o,21 187: --dry-run allow from any port 20, proto udp 188: --dry-run allow from any port ,20 proto tcp 189: --dry-run allow from any port ,20, proto udp 190: --dry-run allow from any port 20: proto tcp 191: --dry-run allow from any port :20 proto udp 192: --dry-run allow from any port :20: proto tcp 193: --dry-run allow from any port 20:65536 proto udp 194: --dry-run allow from any port 0:65 proto tcp 195: --dry-run allow from any port ,20:24 proto udp 196: --dry-run allow from any port 20:24, proto tcp 197: --dry-run allow from any port ,20:24, proto udp 198: --dry-run allow from any port 24:20 proto tcp 199: --dry-run allow from any port 2A:20 proto tcp 200: --dry-run allow from any port 24:2o proto tcp 201: --dry-run allow from any port daytime,smtp proto tcp 202: --dry-run allow from any port 13,smtp proto tcp 203: --dry-run allow from any port daytime,25 proto tcp 204: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 205: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 206: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 207: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 208: --dry-run allow to any port 20,21 209: --dry-run allow to any port 20,2L 210: --dry-run allow to any port 2o,21 211: --dry-run allow to any port 20, proto udp 212: --dry-run allow to any port ,20 proto tcp 213: --dry-run allow to any port ,20, proto udp 214: --dry-run allow to any port 20: proto tcp 215: --dry-run allow to any port :20 proto udp 216: --dry-run allow to any port :20: proto tcp 217: --dry-run allow to any port 20:65536 proto udp 218: --dry-run allow to any port 0:65 proto tcp 219: --dry-run allow to any port ,20:24 proto udp 220: --dry-run allow to any port 20:24, proto tcp 221: --dry-run allow to any port ,20:24, proto udp 222: --dry-run allow to any port 24:20 proto tcp 223: --dry-run allow to any port 2A:20 proto tcp 224: --dry-run allow to any port 24:2o proto tcp 225: --dry-run allow to any port daytime,smtp proto tcp 226: --dry-run allow to any port 13,smtp proto tcp 227: --dry-run allow to any port daytime,25 proto tcp 228: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 229: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 230: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 231: --dry-run allow to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 232: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 233: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 234: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 235: --dry-run deny from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 236: --dry-run deny from any port 20,21 237: --dry-run deny from any port 20,2L 238: --dry-run deny from any port 2o,21 239: --dry-run deny from any port 20, proto udp 240: --dry-run deny from any port ,20 proto tcp 241: --dry-run deny from any port ,20, proto udp 242: --dry-run deny from any port 20: proto tcp 243: --dry-run deny from any port :20 proto udp 244: --dry-run deny from any port :20: proto tcp 245: --dry-run deny from any port 20:65536 proto udp 246: --dry-run deny from any port 0:65 proto tcp 247: --dry-run deny from any port ,20:24 proto udp 248: --dry-run deny from any port 20:24, proto tcp 249: --dry-run deny from any port ,20:24, proto udp 250: --dry-run deny from any port 24:20 proto tcp 251: --dry-run deny from any port 2A:20 proto tcp 252: --dry-run deny from any port 24:2o proto tcp 253: --dry-run deny from any port daytime,smtp proto tcp 254: --dry-run deny from any port 13,smtp proto tcp 255: --dry-run deny from any port daytime,25 proto tcp 256: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 257: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 258: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 259: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 260: --dry-run deny to any port 20,21 261: --dry-run deny to any port 20,2L 262: --dry-run deny to any port 2o,21 263: --dry-run deny to any port 20, proto udp 264: --dry-run deny to any port ,20 proto tcp 265: --dry-run deny to any port ,20, proto udp 266: --dry-run deny to any port 20: proto tcp 267: --dry-run deny to any port :20 proto udp 268: --dry-run deny to any port :20: proto tcp 269: --dry-run deny to any port 20:65536 proto udp 270: --dry-run deny to any port 0:65 proto tcp 271: --dry-run deny to any port ,20:24 proto udp 272: --dry-run deny to any port 20:24, proto tcp 273: --dry-run deny to any port ,20:24, proto udp 274: --dry-run deny to any port 24:20 proto tcp 275: --dry-run deny to any port 2A:20 proto tcp 276: --dry-run deny to any port 24:2o proto tcp 277: --dry-run deny to any port daytime,smtp proto tcp 278: --dry-run deny to any port 13,smtp proto tcp 279: --dry-run deny to any port daytime,25 proto tcp 280: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 281: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 282: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 283: --dry-run deny to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 284: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 285: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 286: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 287: --dry-run limit from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 288: --dry-run limit from any port 20,21 289: --dry-run limit from any port 20,2L 290: --dry-run limit from any port 2o,21 291: --dry-run limit from any port 20, proto udp 292: --dry-run limit from any port ,20 proto tcp 293: --dry-run limit from any port ,20, proto udp 294: --dry-run limit from any port 20: proto tcp 295: --dry-run limit from any port :20 proto udp 296: --dry-run limit from any port :20: proto tcp 297: --dry-run limit from any port 20:65536 proto udp 298: --dry-run limit from any port 0:65 proto tcp 299: --dry-run limit from any port ,20:24 proto udp 300: --dry-run limit from any port 20:24, proto tcp 301: --dry-run limit from any port ,20:24, proto udp 302: --dry-run limit from any port 24:20 proto tcp 303: --dry-run limit from any port 2A:20 proto tcp 304: --dry-run limit from any port 24:2o proto tcp 305: --dry-run limit from any port daytime,smtp proto tcp 306: --dry-run limit from any port 13,smtp proto tcp 307: --dry-run limit from any port daytime,25 proto tcp 308: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 309: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 310: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto tcp 311: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:36 proto udp 312: --dry-run limit to any port 20,21 313: --dry-run limit to any port 20,2L 314: --dry-run limit to any port 2o,21 315: --dry-run limit to any port 20, proto udp 316: --dry-run limit to any port ,20 proto tcp 317: --dry-run limit to any port ,20, proto udp 318: --dry-run limit to any port 20: proto tcp 319: --dry-run limit to any port :20 proto udp 320: --dry-run limit to any port :20: proto tcp 321: --dry-run limit to any port 20:65536 proto udp 322: --dry-run limit to any port 0:65 proto tcp 323: --dry-run limit to any port ,20:24 proto udp 324: --dry-run limit to any port 20:24, proto tcp 325: --dry-run limit to any port ,20:24, proto udp 326: --dry-run limit to any port 24:20 proto tcp 327: --dry-run limit to any port 2A:20 proto tcp 328: --dry-run limit to any port 24:2o proto tcp 329: --dry-run limit to any port daytime,smtp proto tcp 330: --dry-run limit to any port 13,smtp proto tcp 331: --dry-run limit to any port daytime,25 proto tcp 332: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto tcp 333: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35 proto udp 334: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 335: --dry-run limit to any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 from any port 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34:39 proto tcp 336: --dry-run allow 34,35 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 337: --dry-run allow 34,35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 338: --dry-run allow 35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 339: --dry-run allow 23,21,15:19,22 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 340: --dry-run allow 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/tcp 341: --dry-run allow 20,2L/tcp 342: --dry-run allow 2o,21/tcp 343: --dry-run allow 20,/tcp 344: --dry-run allow ,20/tcp 345: --dry-run allow ,20,/tcp 346: --dry-run allow 20:/tcp 347: --dry-run allow :20/tcp 348: --dry-run allow :20:/tcp 349: --dry-run allow 20:65536/tcp 350: --dry-run allow 0:65/tcp 351: --dry-run allow ,20:24/tcp 352: --dry-run allow 20:24,/tcp 353: --dry-run allow ,20:24,/tcp 354: --dry-run allow 24:20/tcp 355: --dry-run allow 2A:20/tcp 356: --dry-run allow 24:2o/tcp 357: --dry-run allow daytime,smtp/tcp 358: --dry-run allow 13,smtp/tcp 359: --dry-run allow daytime,25/tcp 360: --dry-run allow 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/udp 361: --dry-run allow 20,2L/udp 362: --dry-run allow 2o,21/udp 363: --dry-run allow 20,/udp 364: --dry-run allow ,20/udp 365: --dry-run allow ,20,/udp 366: --dry-run allow 20:/udp 367: --dry-run allow :20/udp 368: --dry-run allow :20:/udp 369: --dry-run allow 20:65536/udp 370: --dry-run allow 0:65/udp 371: --dry-run allow ,20:24/udp 372: --dry-run allow 20:24,/udp 373: --dry-run allow ,20:24,/udp 374: --dry-run allow 24:20/udp 375: --dry-run allow 2A:20/udp 376: --dry-run allow 24:2o/udp 377: --dry-run allow daytime,smtp/tcp 378: --dry-run allow 13,smtp/tcp 379: --dry-run allow daytime,25/tcp 380: --dry-run deny 34,35 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 381: --dry-run deny 34,35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 382: --dry-run deny 35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 383: --dry-run deny 23,21,15:19,22 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 384: --dry-run deny 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/tcp 385: --dry-run deny 20,2L/tcp 386: --dry-run deny 2o,21/tcp 387: --dry-run deny 20,/tcp 388: --dry-run deny ,20/tcp 389: --dry-run deny ,20,/tcp 390: --dry-run deny 20:/tcp 391: --dry-run deny :20/tcp 392: --dry-run deny :20:/tcp 393: --dry-run deny 20:65536/tcp 394: --dry-run deny 0:65/tcp 395: --dry-run deny ,20:24/tcp 396: --dry-run deny 20:24,/tcp 397: --dry-run deny ,20:24,/tcp 398: --dry-run deny 24:20/tcp 399: --dry-run deny 2A:20/tcp 400: --dry-run deny 24:2o/tcp 401: --dry-run deny daytime,smtp/tcp 402: --dry-run deny 13,smtp/tcp 403: --dry-run deny daytime,25/tcp 404: --dry-run deny 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/udp 405: --dry-run deny 20,2L/udp 406: --dry-run deny 2o,21/udp 407: --dry-run deny 20,/udp 408: --dry-run deny ,20/udp 409: --dry-run deny ,20,/udp 410: --dry-run deny 20:/udp 411: --dry-run deny :20/udp 412: --dry-run deny :20:/udp 413: --dry-run deny 20:65536/udp 414: --dry-run deny 0:65/udp 415: --dry-run deny ,20:24/udp 416: --dry-run deny 20:24,/udp 417: --dry-run deny ,20:24,/udp 418: --dry-run deny 24:20/udp 419: --dry-run deny 2A:20/udp 420: --dry-run deny 24:2o/udp 421: --dry-run deny daytime,smtp/tcp 422: --dry-run deny 13,smtp/tcp 423: --dry-run deny daytime,25/tcp 424: --dry-run limit 34,35 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 425: --dry-run limit 34,35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 426: --dry-run limit 35:39 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 427: --dry-run limit 23,21,15:19,22 WARN: Checks disabled ERROR: Must specify 'tcp' or 'udp' with multiple ports 428: --dry-run limit 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/tcp 429: --dry-run limit 20,2L/tcp 430: --dry-run limit 2o,21/tcp 431: --dry-run limit 20,/tcp 432: --dry-run limit ,20/tcp 433: --dry-run limit ,20,/tcp 434: --dry-run limit 20:/tcp 435: --dry-run limit :20/tcp 436: --dry-run limit :20:/tcp 437: --dry-run limit 20:65536/tcp 438: --dry-run limit 0:65/tcp 439: --dry-run limit ,20:24/tcp 440: --dry-run limit 20:24,/tcp 441: --dry-run limit ,20:24,/tcp 442: --dry-run limit 24:20/tcp 443: --dry-run limit 2A:20/tcp 444: --dry-run limit 24:2o/tcp 445: --dry-run limit daytime,smtp/tcp 446: --dry-run limit 13,smtp/tcp 447: --dry-run limit daytime,25/tcp 448: --dry-run limit 20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35/udp 449: --dry-run limit 20,2L/udp 450: --dry-run limit 2o,21/udp 451: --dry-run limit 20,/udp 452: --dry-run limit ,20/udp 453: --dry-run limit ,20,/udp 454: --dry-run limit 20:/udp 455: --dry-run limit :20/udp 456: --dry-run limit :20:/udp 457: --dry-run limit 20:65536/udp 458: --dry-run limit 0:65/udp 459: --dry-run limit ,20:24/udp 460: --dry-run limit 20:24,/udp 461: --dry-run limit ,20:24,/udp 462: --dry-run limit 24:20/udp 463: --dry-run limit 2A:20/udp 464: --dry-run limit 24:2o/udp 465: --dry-run limit daytime,smtp/tcp 466: --dry-run limit 13,smtp/tcp 467: --dry-run limit daytime,25/tcp TESTING ARGS (app) 468: --dry-run app 469: --dry-run app lis 470: --dry-run app info 471: --dry-run app ino foo 472: --dry-run app default 473: --dry-run app defalt foo 474: --dry-run app update 475: --dry-run app rfresh foo 476: --dry-run app info foo% TESTING ARGS (logging) 477: --dry-run logging offf 478: --dry-run logging onn 479: --dry-run logging loww 480: --dry-run logging meduim 481: --dry-run logging hih 482: --dry-run logging ful1 483: --dry-run allow logg 13 484: --dry-run allow logall 13 485: --dry-run allow log-al1 13 TESTING ARGS (insert) 486: allow 13 487: allow 23 488: insert 0 allow 24 489: insert 3 allow 24 490: insert allow 24 491: allow insert 2 24 492: insert 1 allow 13 493: insert 1 allow log 13 494: delete allow 13 495: delete allow 23 TESTING ARGS (interfaces) 496: --dry-run allow in on eth0:1 497: --dry-run allow in on e?th0 498: --dry-run allow on eth0 499: --dry-run allow ina on eth0 500: --dry-run allow in ona eth0 501: --dry-run allow in eth0 502: --dry-run allow in on eth0 to 503: --dry-run allow in on eth0 from 504: --dry-run allow in on eth0 from any to 505: --dry-run allow in on eth0 any from 506: --dry-run allow in on eth0 any from to any proto 507: --dry-run allow log in on eth0 508: --dry-run allow log-all in on eth0 509: --dry-run deny in on eth0:1 510: --dry-run deny in on e?th0 511: --dry-run deny on eth0 512: --dry-run deny ina on eth0 513: --dry-run deny in ona eth0 514: --dry-run deny in eth0 515: --dry-run deny in on eth0 to 516: --dry-run deny in on eth0 from 517: --dry-run deny in on eth0 from any to 518: --dry-run deny in on eth0 any from 519: --dry-run deny in on eth0 any from to any proto 520: --dry-run deny log in on eth0 521: --dry-run deny log-all in on eth0 522: --dry-run limit in on eth0:1 523: --dry-run limit in on e?th0 524: --dry-run limit on eth0 525: --dry-run limit ina on eth0 526: --dry-run limit in ona eth0 527: --dry-run limit in eth0 528: --dry-run limit in on eth0 to 529: --dry-run limit in on eth0 from 530: --dry-run limit in on eth0 from any to 531: --dry-run limit in on eth0 any from 532: --dry-run limit in on eth0 any from to any proto 533: --dry-run limit log in on eth0 534: --dry-run limit log-all in on eth0 535: --dry-run allow out on eth0:1 536: --dry-run allow out on e?th0 537: --dry-run allow on eth0 538: --dry-run allow ina on eth0 539: --dry-run allow out ona eth0 540: --dry-run allow out eth0 541: --dry-run allow out on eth0 to 542: --dry-run allow out on eth0 from 543: --dry-run allow out on eth0 from any to 544: --dry-run allow out on eth0 any from 545: --dry-run allow out on eth0 any from to any proto 546: --dry-run allow log out on eth0 547: --dry-run allow log-all out on eth0 548: --dry-run deny out on eth0:1 549: --dry-run deny out on e?th0 550: --dry-run deny on eth0 551: --dry-run deny ina on eth0 552: --dry-run deny out ona eth0 553: --dry-run deny out eth0 554: --dry-run deny out on eth0 to 555: --dry-run deny out on eth0 from 556: --dry-run deny out on eth0 from any to 557: --dry-run deny out on eth0 any from 558: --dry-run deny out on eth0 any from to any proto 559: --dry-run deny log out on eth0 560: --dry-run deny log-all out on eth0 561: --dry-run limit out on eth0:1 562: --dry-run limit out on e?th0 563: --dry-run limit on eth0 564: --dry-run limit ina on eth0 565: --dry-run limit out ona eth0 566: --dry-run limit out eth0 567: --dry-run limit out on eth0 to 568: --dry-run limit out on eth0 from 569: --dry-run limit out on eth0 from any to 570: --dry-run limit out on eth0 any from 571: --dry-run limit out on eth0 any from to any proto 572: --dry-run limit log out on eth0 573: --dry-run limit log-all out on eth0 TESTING ARGS (status) 574: --dry-run status foo 575: --dry-run status numbere 576: --dry-run status erbose TESTING ARGS (show) 577: --dry-run show 578: --dry-run show ra ufw-0.36/tests/bad/policy/0000755000175000017500000000000013257500736014376 5ustar jamiejamieufw-0.36/tests/bad/policy/orig0000777000175000017500000000000013226727543017441 2../../defaultsustar jamiejamieufw-0.36/tests/bad/policy/runtest.sh0000755000175000017500000000231013257500736016435 0ustar jamiejamie#!/bin/bash # Copyright 2009-2012 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" echo "TESTING BAD DEFAULT POLICY" >> $TESTTMP/result for i in INPUT OUTPUT FORWARD; do for j in "" ACCEP DRP REJCT ALLOW DENY LIMIT; do echo "Setting DEFAULT_${i}_POLICY to $j" >> $TESTTMP/result sed -i "s/DEFAULT_${i}_POLICY=.*/DEFAULT_${i}_POLICY=$j/" $TESTPATH/etc/default/ufw #do_cmd "1" null --dry-run status do_cmd "1" --dry-run status # put it back to something valid sed -i "s/DEFAULT_${i}_POLICY=.*/DEFAULT_${i}_POLICY=DROP/" $TESTPATH/etc/default/ufw done done exit 0 ufw-0.36/tests/bad/policy/result0000644000175000017500000000510313257500736015636 0ustar jamiejamieTESTING BAD DEFAULT POLICY Setting DEFAULT_INPUT_POLICY to 0: --dry-run status WARN: Checks disabled ERROR: Missing policy for 'input' Setting DEFAULT_INPUT_POLICY to ACCEP 1: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'accep' for 'input' Setting DEFAULT_INPUT_POLICY to DRP 2: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'drp' for 'input' Setting DEFAULT_INPUT_POLICY to REJCT 3: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'rejct' for 'input' Setting DEFAULT_INPUT_POLICY to ALLOW 4: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'allow' for 'input' Setting DEFAULT_INPUT_POLICY to DENY 5: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'deny' for 'input' Setting DEFAULT_INPUT_POLICY to LIMIT 6: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'limit' for 'input' Setting DEFAULT_OUTPUT_POLICY to 7: --dry-run status WARN: Checks disabled ERROR: Missing policy for 'output' Setting DEFAULT_OUTPUT_POLICY to ACCEP 8: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'accep' for 'output' Setting DEFAULT_OUTPUT_POLICY to DRP 9: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'drp' for 'output' Setting DEFAULT_OUTPUT_POLICY to REJCT 10: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'rejct' for 'output' Setting DEFAULT_OUTPUT_POLICY to ALLOW 11: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'allow' for 'output' Setting DEFAULT_OUTPUT_POLICY to DENY 12: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'deny' for 'output' Setting DEFAULT_OUTPUT_POLICY to LIMIT 13: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'limit' for 'output' Setting DEFAULT_FORWARD_POLICY to 14: --dry-run status WARN: Checks disabled ERROR: Missing policy for 'forward' Setting DEFAULT_FORWARD_POLICY to ACCEP 15: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'accep' for 'forward' Setting DEFAULT_FORWARD_POLICY to DRP 16: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'drp' for 'forward' Setting DEFAULT_FORWARD_POLICY to REJCT 17: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'rejct' for 'forward' Setting DEFAULT_FORWARD_POLICY to ALLOW 18: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'allow' for 'forward' Setting DEFAULT_FORWARD_POLICY to DENY 19: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'deny' for 'forward' Setting DEFAULT_FORWARD_POLICY to LIMIT 20: --dry-run status WARN: Checks disabled ERROR: Invalid policy 'limit' for 'forward' ufw-0.36/tests/bad/netmasks/0000755000175000017500000000000013226727543014727 5ustar jamiejamieufw-0.36/tests/bad/netmasks/orig0000777000175000017500000000000013226727543017767 2../../defaultsustar jamiejamieufw-0.36/tests/bad/netmasks/runtest.sh0000755000175000017500000000632013226727543016773 0ustar jamiejamie#!/bin/bash # Copyright 2008 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #set -x source "$TESTPATH/../testlib.sh" echo "TESTING INVALID CIDR" >> $TESTTMP/result for i in 16a 33 -1; do do_cmd "1" null --dry-run allow to 10.0.0.1/$i do_cmd "1" null --dry-run allow from 10.0.0.1/$i done echo "TESTING INVALID DOTTED" >> $TESTTMP/result do_cmd "1" null --dry-run allow to 192.168.0.0/256.255.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.256.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.256.256.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.255.256 do_cmd "1" null --dry-run allow to 192.168.0.0/256.256.256.256 do_cmd "1" null --dry-run allow from 192.168.0.0/256.255.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.256.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.256.256.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.255.256 do_cmd "1" null --dry-run allow from 192.168.0.0/256.256.256.256 do_cmd "1" null --dry-run allow from 192.168.0.0/33 to 192.168.0.0/256.256.256.256 do_cmd "1" null --dry-run allow to 192.168.0.0/.255.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.255. do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/s55.255.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.2s5.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.25s.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.255.s55 do_cmd "1" null --dry-run allow to 192.168.0.0/s55.s55.s55.s55 do_cmd "1" null --dry-run allow to 192.168.0.0/-1.255.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.-1.255.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.-1.255 do_cmd "1" null --dry-run allow to 192.168.0.0/255.255.255.-1 do_cmd "1" null --dry-run allow to 192.168.0.0/-1.-1.-1.-1 do_cmd "1" null --dry-run allow from 192.168.0.0/.255.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.255. do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/s55.255.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.2s5.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.25s.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.255.s55 do_cmd "1" null --dry-run allow from 192.168.0.0/s55.s55.s55.s55 do_cmd "1" null --dry-run allow from 192.168.0.0/-1.255.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.-1.255.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.-1.255 do_cmd "1" null --dry-run allow from 192.168.0.0/255.255.255.-1 do_cmd "1" null --dry-run allow from 192.168.0.0/-1.-1.-1.-1 exit 0 ufw-0.36/tests/bad/netmasks/result0000644000175000017500000000430513226727543016172 0ustar jamiejamieTESTING INVALID CIDR 0: --dry-run allow to 10.0.0.1/16a 1: --dry-run allow from 10.0.0.1/16a 2: --dry-run allow to 10.0.0.1/33 3: --dry-run allow from 10.0.0.1/33 4: --dry-run allow to 10.0.0.1/-1 5: --dry-run allow from 10.0.0.1/-1 TESTING INVALID DOTTED 6: --dry-run allow to 192.168.0.0/256.255.255.255 7: --dry-run allow to 192.168.0.0/255.256.255.255 8: --dry-run allow to 192.168.0.0/255.256.256.255 9: --dry-run allow to 192.168.0.0/255.255.255.256 10: --dry-run allow to 192.168.0.0/256.256.256.256 11: --dry-run allow from 192.168.0.0/256.255.255.255 12: --dry-run allow from 192.168.0.0/255.256.255.255 13: --dry-run allow from 192.168.0.0/255.256.256.255 14: --dry-run allow from 192.168.0.0/255.255.255.256 15: --dry-run allow from 192.168.0.0/256.256.256.256 16: --dry-run allow from 192.168.0.0/33 to 192.168.0.0/256.256.256.256 17: --dry-run allow to 192.168.0.0/.255.255.255 18: --dry-run allow to 192.168.0.0/255.255.255. 19: --dry-run allow to 192.168.0.0/255.255.255 20: --dry-run allow to 192.168.0.0/s55.255.255.255 21: --dry-run allow to 192.168.0.0/255.2s5.255.255 22: --dry-run allow to 192.168.0.0/255.255.25s.255 23: --dry-run allow to 192.168.0.0/255.255.255.s55 24: --dry-run allow to 192.168.0.0/s55.s55.s55.s55 25: --dry-run allow to 192.168.0.0/-1.255.255.255 26: --dry-run allow to 192.168.0.0/255.-1.255.255 27: --dry-run allow to 192.168.0.0/255.255.-1.255 28: --dry-run allow to 192.168.0.0/255.255.255.-1 29: --dry-run allow to 192.168.0.0/-1.-1.-1.-1 30: --dry-run allow from 192.168.0.0/.255.255.255 31: --dry-run allow from 192.168.0.0/255.255.255. 32: --dry-run allow from 192.168.0.0/255.255.255 33: --dry-run allow from 192.168.0.0/s55.255.255.255 34: --dry-run allow from 192.168.0.0/255.2s5.255.255 35: --dry-run allow from 192.168.0.0/255.255.25s.255 36: --dry-run allow from 192.168.0.0/255.255.255.s55 37: --dry-run allow from 192.168.0.0/s55.s55.s55.s55 38: --dry-run allow from 192.168.0.0/-1.255.255.255 39: --dry-run allow from 192.168.0.0/255.-1.255.255 40: --dry-run allow from 192.168.0.0/255.255.-1.255 41: --dry-run allow from 192.168.0.0/255.255.255.-1 42: --dry-run allow from 192.168.0.0/-1.-1.-1.-1 ufw-0.36/tests/bad/apps/0000755000175000017500000000000013404772663014046 5ustar jamiejamieufw-0.36/tests/bad/apps/orig0000777000175000017500000000000013226727543017105 2../../defaultsustar jamiejamieufw-0.36/tests/bad/apps/runtest.sh0000755000175000017500000000633013404772663016113 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . source "$TESTPATH/../testlib.sh" cp $TESTPATH/../defaults/profiles.bad/* $TESTPATH/etc/ufw/applications.d echo "TESTING BAD PROFILE (command name)" >> $TESTTMP/result do_cmd "1" null app info foo do_cmd "1" null app info Custom Web App echo "TESTING BAD PROFILE (name)" >> $TESTTMP/result do_cmd "1" null app info bad-description1 do_cmd "1" null app info bad-description2 do_cmd "1" null app info bad-title1 do_cmd "1" null app info bad-title2 do_cmd "1" null app info bad-ports1 do_cmd "1" null app info bad-ports2 do_cmd "1" null app info bad-ports3 do_cmd "1" null app info bad-ports4 do_cmd "1" null app info bad-ports5 do_cmd "1" null app info bad-ports6 do_cmd "1" null app info ssh do_cmd "1" null app update --add-new all echo "TESTING APPLICATION INTEGRATION (bad simple rules)" >> $TESTTMP/result for target in allow deny limit ; do do_cmd "1" null $target NONEXISTENT do_cmd "1" null $target Apache/tcp done echo "TESTING APPLICATION INTEGRATION (bad extended rules)" >> $TESTTMP/result for target in allow deny limit ; do for i in to from ; do k="to" if [ "$i" = "to" ]; then k="from" fi for loc in 192.168.0.0/16 any ; do do_cmd "1" null --dry-run $target $i $loc app NONEXISTENT do_cmd "1" null --dry-run $target $i $loc app Apache proto tcp do_cmd "1" null --dry-run $target $i $loc app Apache proto udp do_cmd "1" null --dry-run $target $i $loc app 'No Protocol Multi' do_cmd "1" null http-or-www --dry-run $target $i $loc app Samba $k $loc port http do_cmd "1" null --dry-run $target $i $loc app Samba $k $loc port 13 proto tcp done done done echo "TESTING APPLICATION INTEGRATION (case sensitive)" >> $TESTTMP/result cat > $TESTPATH/etc/ufw/applications.d/Runtest << EOM [Runtest] title=runtest title description=runtest description ports=23/tcp EOM cat > $TESTPATH/etc/ufw/applications.d/RunTest << EOM [RunTest] title=runtest title description=runtest description ports=24/tcp EOM do_cmd "1" null --dry-run allow runtest rm -f $TESTPATH/etc/ufw/applications.d/Runtest $TESTPATH/etc/ufw/applications.d/RunTest echo "TESTING ARGS (interfaces)" >> $TESTTMP/result for j in "in" "out"; do for i in allow deny limit; do do_cmd "1" null --dry-run $i $j on eth0:1 to any app Bind9 do_cmd "1" null --dry-run $i on eth0 to any app Bind9 do_cmd "1" null --dry-run $i $j ina on eth0 to any app Bind9 do_cmd "1" null --dry-run $i $j ona eth0 to any app Bind9 do_cmd "1" null --dry-run $i $j eth0 to any app Bind9 done done exit 0 ufw-0.36/tests/bad/apps/result0000644000175000017500000001504613404772663015315 0ustar jamiejamieTESTING BAD PROFILE (command name) 0: app info foo 1: app info Custom Web App TESTING BAD PROFILE (name) 2: app info bad-description1 3: app info bad-description2 4: app info bad-title1 5: app info bad-title2 6: app info bad-ports1 7: app info bad-ports2 8: app info bad-ports3 9: app info bad-ports4 10: app info bad-ports5 11: app info bad-ports6 12: app info ssh 13: app update --add-new all TESTING APPLICATION INTEGRATION (bad simple rules) 14: allow NONEXISTENT 15: allow Apache/tcp 16: deny NONEXISTENT 17: deny Apache/tcp 18: limit NONEXISTENT 19: limit Apache/tcp TESTING APPLICATION INTEGRATION (bad extended rules) 20: --dry-run allow to 192.168.0.0/16 app NONEXISTENT 21: --dry-run allow to 192.168.0.0/16 app Apache proto tcp 22: --dry-run allow to 192.168.0.0/16 app Apache proto udp 23: --dry-run allow to 192.168.0.0/16 app No Protocol Multi 24: --dry-run allow to 192.168.0.0/16 app Samba from 192.168.0.0/16 port http 25: --dry-run allow to 192.168.0.0/16 app Samba from 192.168.0.0/16 port 13 proto tcp 26: --dry-run allow to any app NONEXISTENT 27: --dry-run allow to any app Apache proto tcp 28: --dry-run allow to any app Apache proto udp 29: --dry-run allow to any app No Protocol Multi 30: --dry-run allow to any app Samba from any port http 31: --dry-run allow to any app Samba from any port 13 proto tcp 32: --dry-run allow from 192.168.0.0/16 app NONEXISTENT 33: --dry-run allow from 192.168.0.0/16 app Apache proto tcp 34: --dry-run allow from 192.168.0.0/16 app Apache proto udp 35: --dry-run allow from 192.168.0.0/16 app No Protocol Multi 36: --dry-run allow from 192.168.0.0/16 app Samba to 192.168.0.0/16 port http 37: --dry-run allow from 192.168.0.0/16 app Samba to 192.168.0.0/16 port 13 proto tcp 38: --dry-run allow from any app NONEXISTENT 39: --dry-run allow from any app Apache proto tcp 40: --dry-run allow from any app Apache proto udp 41: --dry-run allow from any app No Protocol Multi 42: --dry-run allow from any app Samba to any port http 43: --dry-run allow from any app Samba to any port 13 proto tcp 44: --dry-run deny to 192.168.0.0/16 app NONEXISTENT 45: --dry-run deny to 192.168.0.0/16 app Apache proto tcp 46: --dry-run deny to 192.168.0.0/16 app Apache proto udp 47: --dry-run deny to 192.168.0.0/16 app No Protocol Multi 48: --dry-run deny to 192.168.0.0/16 app Samba from 192.168.0.0/16 port http 49: --dry-run deny to 192.168.0.0/16 app Samba from 192.168.0.0/16 port 13 proto tcp 50: --dry-run deny to any app NONEXISTENT 51: --dry-run deny to any app Apache proto tcp 52: --dry-run deny to any app Apache proto udp 53: --dry-run deny to any app No Protocol Multi 54: --dry-run deny to any app Samba from any port http 55: --dry-run deny to any app Samba from any port 13 proto tcp 56: --dry-run deny from 192.168.0.0/16 app NONEXISTENT 57: --dry-run deny from 192.168.0.0/16 app Apache proto tcp 58: --dry-run deny from 192.168.0.0/16 app Apache proto udp 59: --dry-run deny from 192.168.0.0/16 app No Protocol Multi 60: --dry-run deny from 192.168.0.0/16 app Samba to 192.168.0.0/16 port http 61: --dry-run deny from 192.168.0.0/16 app Samba to 192.168.0.0/16 port 13 proto tcp 62: --dry-run deny from any app NONEXISTENT 63: --dry-run deny from any app Apache proto tcp 64: --dry-run deny from any app Apache proto udp 65: --dry-run deny from any app No Protocol Multi 66: --dry-run deny from any app Samba to any port http 67: --dry-run deny from any app Samba to any port 13 proto tcp 68: --dry-run limit to 192.168.0.0/16 app NONEXISTENT 69: --dry-run limit to 192.168.0.0/16 app Apache proto tcp 70: --dry-run limit to 192.168.0.0/16 app Apache proto udp 71: --dry-run limit to 192.168.0.0/16 app No Protocol Multi 72: --dry-run limit to 192.168.0.0/16 app Samba from 192.168.0.0/16 port http 73: --dry-run limit to 192.168.0.0/16 app Samba from 192.168.0.0/16 port 13 proto tcp 74: --dry-run limit to any app NONEXISTENT 75: --dry-run limit to any app Apache proto tcp 76: --dry-run limit to any app Apache proto udp 77: --dry-run limit to any app No Protocol Multi 78: --dry-run limit to any app Samba from any port http 79: --dry-run limit to any app Samba from any port 13 proto tcp 80: --dry-run limit from 192.168.0.0/16 app NONEXISTENT 81: --dry-run limit from 192.168.0.0/16 app Apache proto tcp 82: --dry-run limit from 192.168.0.0/16 app Apache proto udp 83: --dry-run limit from 192.168.0.0/16 app No Protocol Multi 84: --dry-run limit from 192.168.0.0/16 app Samba to 192.168.0.0/16 port http 85: --dry-run limit from 192.168.0.0/16 app Samba to 192.168.0.0/16 port 13 proto tcp 86: --dry-run limit from any app NONEXISTENT 87: --dry-run limit from any app Apache proto tcp 88: --dry-run limit from any app Apache proto udp 89: --dry-run limit from any app No Protocol Multi 90: --dry-run limit from any app Samba to any port http 91: --dry-run limit from any app Samba to any port 13 proto tcp TESTING APPLICATION INTEGRATION (case sensitive) 92: --dry-run allow runtest TESTING ARGS (interfaces) 93: --dry-run allow in on eth0:1 to any app Bind9 94: --dry-run allow on eth0 to any app Bind9 95: --dry-run allow in ina on eth0 to any app Bind9 96: --dry-run allow in ona eth0 to any app Bind9 97: --dry-run allow in eth0 to any app Bind9 98: --dry-run deny in on eth0:1 to any app Bind9 99: --dry-run deny on eth0 to any app Bind9 100: --dry-run deny in ina on eth0 to any app Bind9 101: --dry-run deny in ona eth0 to any app Bind9 102: --dry-run deny in eth0 to any app Bind9 103: --dry-run limit in on eth0:1 to any app Bind9 104: --dry-run limit on eth0 to any app Bind9 105: --dry-run limit in ina on eth0 to any app Bind9 106: --dry-run limit in ona eth0 to any app Bind9 107: --dry-run limit in eth0 to any app Bind9 108: --dry-run allow out on eth0:1 to any app Bind9 109: --dry-run allow on eth0 to any app Bind9 110: --dry-run allow out ina on eth0 to any app Bind9 111: --dry-run allow out ona eth0 to any app Bind9 112: --dry-run allow out eth0 to any app Bind9 113: --dry-run deny out on eth0:1 to any app Bind9 114: --dry-run deny on eth0 to any app Bind9 115: --dry-run deny out ina on eth0 to any app Bind9 116: --dry-run deny out ona eth0 to any app Bind9 117: --dry-run deny out eth0 to any app Bind9 118: --dry-run limit out on eth0:1 to any app Bind9 119: --dry-run limit on eth0 to any app Bind9 120: --dry-run limit out ina on eth0 to any app Bind9 121: --dry-run limit out ona eth0 to any app Bind9 122: --dry-run limit out eth0 to any app Bind9 ufw-0.36/tests/runtest_ex.sh0000644000175000017500000000226313226727543015113 0ustar jamiejamie#!/bin/bash # Copyright 2008-2009 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . #set -x source "$TESTPATH/../testlib.sh" # example usage for successful run #do_cmd "0" --dry-run allow 53 # example usage for successful run, without putting the output into the # results file #do_cmd "0" null --dry-run allow 53 # example usage for failed run #do_cmd "1" --dry-run allow 53a # example usage for failed run, without putting the failure output into the # results file #do_cmd "1" null --dry-run allow 53a # remove this when implementing real test touch $TESTTMP/result || exit 1 # live tests should do this # cleanup exit 0 ufw-0.36/tests/test-srv-upgrades-data.tar.gz0000644000175000017500000005673313404772663020030 0ustar jamiejamie![=ksH_Qko K؞E`pO1au8&B*@cb$aq}2JBt;mGfVeU>ꑸ6>IT)oRV!_,*j%T*R~gxmd%"'\+|R)nS`UW|IUJJE)Xr.Rӿ#bA+žHq)>^$%RG9[ VA/\ _T!?_.D 7Q's Wi'ɒGR=\&ނ>s^5CCSvw{fwW)!%3"gڦ)VlW+KE:Yϴa0sHf$fп>EOY5HoJ`dJt(%G#Y}GW<, iHyxC#R6 R9\bfq)ɋai  N7NI QMyjl2yhaf0<Ɛ%WӲHҥ%1X~it?=tI|W[ݯ@uol# `hlq4ۛB?ۛ'hTn4ݯFcۺtǻ{R%}Q{hVI}׹>f/>pZ LrD CtjL4 r-fxolDF)M_C_$ǜ{HKA[LF׀ 7Io:ƉhM?'&L.^/PWyׯ84/[w*KP}?GbMc9>LB=~ 0}߁W?lJ= nH/\½AB\3t3W2mJ4A+` +CPD-M8٨5ޗ\x'vCԙ}r(76/89)a./.:sL-P~$%=#^B6k14@8F`W@WX{V熉dM('?HViwcu|Y`3Pr:uA V*ס+r Զ$9dJf{S?]lt>S};16&of αZ&2f`QdXd'uN  &u`ڃA`wm{&>Cu 6ZPIcQ7?Y0>r=fvb\ nA_ eG?'Ԇ~{,K)0 `E ,q .Esr C j jý  !0jCsb hM\V!>G䈨DxĪA;wjK7 *B $o e; R]^r]̠e&PJ%_XRt ~K;͊ųHT-ۛ8L&$["]꼀랒cD5ªA3|zw`QcTs B) |0r1i>H,^yePYSHl M,n@'7-w˗JW)]S@5Tw}@u'm^Doy;4n曜2BqڑFhXZ<mX&fP?ET5$[PJ^:PNI)W9tB҉xQsV'F:1홃CS_"+-Kf "^&0ư7ƒ2u)6?;OFk(ݦz콈N!: |)="( mAG&"h2\<+s0aG.rMuAV)b<: [y 1i\M7/YAz3`9&s ܺSb!De}]O[&Զu Mu v*+kHՀ,) ިSo6DNXH)S1l oSnSanSw;;ToiSQmMbz ^4w; ঺; ;ԕwP{uvH>%ꥪa8WΧ95)uǤ0\u [zGp^d˃26"X2қNSJ?v >/,C@^r4+"/vTd)ыazJV;Ef;? &J+Vk29S);F-7 xz!~C/Է|sf蚛 }TGq%wꞕәߊIE0^"qvLGcV`xp0é6'y]8m&UVvѫs1 J M>wtc0Q0|x6W플9x4??>uvj&cR*| }o0.!s̷ق 6,־%s=3/%I|!vY:>_GˁıfG ܜߨ#vMpxcF #]sG8`ӳ>F<苛 @H\LKu:!cCvW-*]˓'׽RYZO]i|Qmǜ=/3Q?$Dϯѽ%`:ȎLðϖĆG=g#lс#Czև`z2=Xh6v٨&TJ@⁍zl0qE4[E>Ó> OJ^ͯО8 STU%s|jz9M[h4͓G6V%Pw??擬[kJ|m̞MX!&6@Nut ' @;K%^‡gy"L'wjKH'pUTbϔ }qb]oE(N_Y>CX`!SS'9^Yvn N52A^ `O};Nbi^{\'*&zl+^)I;TT;拦OmR.'H'X󪐄7VcwQ-_"ev"~/ $ȇYii$njnTLCM}jlm؃LJ_H*\7j'I@ ˿oj`oPija?f&m;o śm6R`o#y+ps"O#eLDͿ+%.>N!c7̦bcwg5=%;Ub`7eG=_q<!7KrJF4-)<ܴ͛͐P9q境GVBҹI/!|sݞ4f1lvӼZc%05_0wBrmG܇܇܇.!CBbgO?cX4o~w }]Tm1RIzlS6hjNo{3=^<"23fLh 9fϝu4k❐օv1kf@%^=oy&([X>n;- |X/3q p1WvQa|aO$Z_/ EA| iƑcs{}߉;eB*VNsnRY#V2DF!#_pGJ\Fl6:12b3N3dS~o*r]ITA)]ynw_D }9˓x)wQ*wܮ1{*mi3=7r$=v.NbQ"!\@MujWSd,6-Qd-Y!#0̥Pp(Ak>CYT?i_M _(뿴w;Lvm_gvTWm._m#`||+?#M{̭bywdv1G72K+h]$[: :i?9i?w?SGZ`Uy/eNZ Hg2A12$,X)]_+s$cYxPAèT8$)cSIfH\(+Cr+,$ Ǽd^ӊ!R$=~&_h/b-4'A?uqqP?Gaors4 DTC쮖V\{Bi+.llyoŀ<] +u:ΧYl[mk(|Ljʖӯ]Xo^ϭ|ic'}.؀ƂUb-̝'s@Ff1q*7ngS,XB(.%WH'VV m7X,XB(﹨1N eC""؀ EDS4QDG'15JZ3 |DvR!g8 FlHn1cϹ6D<` Pmjq y7H03_rCXkՖtrς#X<2!˗9Pik571-/km"ˑ/cC.z)՞Y$H4fVڪzthv݀$aPJPy {}2zX-ѯ9{uN~Wդ|n/C<3|f1ȑyt}|e-"~b>OD:,"b>Z%Zt@)1ax#觘ck~$Zq+? >7H}KҢuC]mN_Xr<咴6/gj7 2̱eR/㍺@pV\Ӡ'ƮfSo]]5R`[i5TSh)pUQjʞHsn_/EhSCK䊪gh9S^Hy(da2uQ}FQSs셙Ƒ 瘺8ڛtgI{F_7^ 34C$IfbI  ERc^a[yxHx$0X]]]Gw p$ɉ#zWHAFKMK HoYCJR狔~!@SDxUۆ v–.]oFvÖܶJn+ )^n9޹=d6'?&+Fo!x:ah;~-J6D~bg!"nߙxj-q&c]VUEz>,Vh8UYSY1t0cMVyjAh]Y3^&F)*}Jy溊dž<Aࡃ2*({7tJќxM*=Mr)SMB=k8f@Bnj畦P[iJ…3 pL^RĪi"*1A]ށSHH.\h! /*xUAe4b$3N(#ؘ VW /)ǢkՇ 3?PF-\+I` fٞxvn3`ڍf*LLY˳4H^]hʳlp㮨eRGaJ6EM9 6*:}C_%;V ЈG L0F OBk-%P=B,?^ZZha#vOT5FSSC/O v\K\*Jr}CP *}%'iYfb { ԲzK\ \tUǪJn<5$AtV@(NXpL)i @}pʢN\2)׀!`u%>^bzkjYB Q(04tte mg)ہ ict&Z3)y_@rn*Wj{<^UA Za@pd%]/|-'eK\1a-BF'nPJ24R`^Н! V=&t6qJ}&TCFtmL,g ڸx[l{}ݠ9řSNiZ!|A=P) UǑ1V`* vZY6UnN#ޡN@M?^G׮MˍJLJj +w"slܙff?FXӦꯨ+)l#yԫ5s> ӝ3*\%eJ{̕~v%ۼo*Ж'z] r` LcۻnA%pezН̶jUE/ xQEADw|»4Qr5uLq|Z&k 3JeqsIl/+pxͪ(v4],Zmg LfxYRaPVf/ןCCS00f`Z(­0̅HW^[WpX fǤ䚐),>3ɗ] &aRT4H܌Z׉_gnf1b/q3ukMdHpA<[})+*aylM򂻌z'@cͷ%(DvrN.XZ|("?J jvGťVYS),"jYO|kVPqT([ƛ,]vlBÔҷS:zf%\w9^" PXD&@y:^K%s R7s 7E}aw:"(pa&:ҍ uc黬H;4cc@Yn^nWiGWL8KB66Li8RLAy`v'bXs\#R\Z(5lWۗ.l:TSm1X<{֑3#܉Fji3am;-I#PG"£ 0Ufuf_+h܅M pVFnUA;j"H0>a}@M[M{֨}3j-R0̸s2{b1A8#rdaM@!z~4?1 (,+H< (P=d+ٰDZ!=?C&INz̳05t\2靵ԩ*GhdJW0iDMX!m9TX,A:5N!tVSC:5N SC:@Щ!t֍!tj*Щ!tjZ SbBЩ!tjPC:5N S C:5N SC:5N S?^r faQ 9d]RhzjiegK⮍~!}o˱y"L9D$+p-49tFkTp}x$0CC{[~J(.{A:FrBXzؿtDZy hW~:{X\y!8PJ [/9ܸPBmy!gwėx]mZo2c6ķJ|rT ѵy F0u5|zx째G{/?A=6pS< ߢV橏?mձ뺩O?LM7y6zֿVz 'y4z0~іSgdӝaiB[3#stF$6+?<ə,/Rqi2OS?m3ҭgam ,O1׮W i^E* wcuF2As zF $x4At5q73EW2L[x%˛&(CM( a︁ m3߳3vC<~  Dd\C.9IofkÚT_Fq,X x 7eix^p}%C?~l &.C2z+VOݛWoᥓ^9~;zRÅt"\\>;ί/?\%:՜2]3Yk/#S"\RuJOsB_H_EK1'фZاI\X`9=Pu+ڠ9HiJyJQMZp2dlLHř0u].^"R^@.aaPY$E ͩSQQzܒz!3"a_G 4MZRҚ"(NCZ¥>R+T%&:ď)' J3 $X&'l`QZ&30*dq`| mY1[NLJ ;%Bf.ޜ\y% go߼ᘊ&MX:}ϓs~EʧBzz ֧ D+>X^X=`VcDt#yv㲡y K4Bjy<+1;"s7qmEA]A=py$b檓gfmN>pm. ۱ r&!Ǡ])mA!ßsR +J}g^a:ŒP&g~Nҷ%zw}~77ppoVqR gDh NLS3oA~D,O`UK&%k_ˆ)W3+̪ ,`"r$MF C-旡z]7x}?3JA:UYSs5%Ģr=c>lPOx'@:zmTi3}>33>䀘0NDAΦG}&[EZKB rR(xɿkXNf%h0/ݎGUlvFJ?'s{4*/i$Jiǿ6ҙpkr͟4~ACfޢ@ams Dە>kKD->8bX{bH`A_R`[O>q?K`>) _~< n}+ ۓ+T&g&Ց =645vD!NCU ]HrwEmCtTPGz;70jk僦ɤg[|ęM7C]iL7p-kC)Pp}&c|{(^B=S!=({lu`g_o5wTw/=tw/}w/sU{ wo} <m4xoKSuYܵ󹇫>>{(~R}S[bG- ,P/8^#..( 5= Ih1;zc)`}=Ap'PcY{6+vC$N1 QIɬ*I9VP䷟]HIq%6pv1"J[?LR6mېܳ5Ԡt GoO\>ˮOAƿ]}TǠIy{ڞ@H}#رiK< SPW~hjVRRZHfˈE]ҸŀPk%Pw >iZ}SRUy@s~z*bށwJ2Lg3.{vi@,ʬuFu}Nu:pJ"UkSq6R/A*Կ%yzӡ#q{a#Ʒm_k_[Oeے5Ksh.ќ3/do˧w?cy<}~LɛߥMDNaE _ ,~ߴ x?)h5FoZcV{fQ@k0)Q4C >-|oҧ?R7W_5_O$ ;ӟcfKT?qNq<Pqv pp2^tIG,z,2#͎=42U]e޳Wg(FFy,rq*!봢/% PW)(*g]7N?_-׺< v.`K]RDG? ̓Lq~:/nt?.<;?RţV{'ʋtY7be+, _;"!Mlng! Y>C˒0M2ٳ\BRP?qs6Bi =|Oex:1m`Yvd UP/JPb[Մj $  jtm ,̡p+Ifű B?{WTS"JIP5'y?Ǹ&EMa!{ QQh/}L[aԾk*u ˱s?Ќy_1`DX<8+0^D{_#}Kqt7<4<leS4y1aFסwZqT=qF {c{۟4/z"puz;$BQ.C 8IokfzbVUƊZX,`5%(p#UR =xRM2RQ~|k`/x:_7:iq̳jKh $WRQ#Ns(Gz~ggɿ.j'Oܜ|'$~>WCPn ^\ 2g/]*~~vѭ8}mGU?]u'ynxKLzszRx֢&inA&wa c7&6ZV({C (Wv}Sra b@zME8j8=.4.ݨ+K<0qi /pNvώ7v?.ϓ<7>|7iZ+?x^pNBoYֽWv {P=POl箑cXzX#=;[ WO\{AaOpQBъķ_ǿ/+bFϦwK|=O2ώoښ';ݕQ\Q.k` քGdR RXf71áT>Z;UAf3[XYB,Gu3,s}(Z0N]z A;o}_$uztM?6Pb C7k?{Se?ǿogmS/˕_^_71%l{'C,GV<ahKJݽ@%0 ^I9;X`wgvzC p$ɍ#“?d(SR@D͈g)IIe Y.x xmEԲ;/Z˨m %B x;Aj!9vg3Ӝ!,2l\M2Y@AA'b0 b"@n#K+WH(+Z]b&ߑh2 bEۑi&0h`#]Teh*Еa㻊n dJN*] H@` |1\F=Ő5 7#ED3Ϛ%ҥnUbx `!cc*ܷ{D`| /slMPվvc ݔu^98I21ʢ+lLq]Czu 1zTI̷y(e~G`4M5oөTOrY$# xъɧ%πm+d׻o{4 λ6=pLeՎ9~:KŶVѬ)H{4>h|W ˙*t,:| =2 ^7 /ۆ@ۆy8o;o˦rbxPU$ TC@thJz?z NISj6K锱 |syb eܫ6?P*0hl̰TXΖY2<0#Y n6͡bԫ8q ̪^NaG(.R]0-X4r]Q@X&PfG)FX&'E?Auu;fŘ)Ʒ8m{-ySzBDpa5g0J,UJ -Hhk! 7P6F*seL ^8F\nhwe.lY2/NϽH{+IzI!$ޞgqFYTQ<VG54!d+`|[>L]<۲A2kAhd#im$2fAO+N&wbz6 4KF73sVq^-mUdQ@iI}&0ʍ]#S;9 ڎGaX)>`aTRD ܏VdРvDFMEKSPLcE+b%яG;"RRaWK.jHYM'z)\"O9n2ЗE ) 9`(Mc]~Q\Cpf E j`^ЊYEATP#>E9:U9s|X䓵lrNBcp;IE`u+hUqEYv'ti_}<3]og qꯂ%uOo\bΝ6ShAFQ6G""CXNjs,[z}%̬Y%ׅNa3SǕYX4#), s6xKfM( ׊X'(>OnTsg Uֽ:CRĽ1oU܇Q|Xr?Z,_2jPMSK->ޗz}yMd;;u DgB݇!m0_=RzMe ?8@NpAd;f=jV PsTG({]xl3E SeNd#+;%wd *#%\<;c:K2Zwol+M yQ-"!4[%ΐ/n͵N4n6tȟzEܼT¥X, ذd<\ŖbOGf;`1r2P1K1n3A8#w*glF]A!=@'x#e8 T$kXVǐD񂝯ۻN ]|G x=5@v.64, ~n = [u~|Huj<%NuG8;:ETwt;:NuGS ;:5;:*Sѩ ѩTwt;:"Twt;:jNuGSѩTwt;:ǢEcQ;s7\mލ<\h4kśsWa<,w8n:,|bɒh9\bx$1^D]b Q*e%ugMY~ί蓬͕03!sG*2Ѐ7`I9Vusq^pMڿ/ßtO:^bg,y_w'T!)';<;_Gf1C9x#f`W.S \?eV=Eۂ)[2`;äD횻[3ˎP{Ӎ۱;'g9v\ n22 3)Oj5ިF^US}en6%7Ŷ2dEYj|i㉅ERS4]SBe y=tnN02v>AU :Tq30RZB7п:ZrHІ`dBL?>G@ܝEHKP */_H1Á(@ 0'ձ$+H"-`Y迌sU%\A[K`ƶ}j+R}x{_Wʁᆌ CѬ%ԓøk<>Am}Ezv%HtfU} LJ}#l<9F +^CΠmS]rwEf&ox{{ˍEN7ƠB30 M&iI!& s\P a믐M'ɥX Χ}8ej set`_S>M!:4g!ȿYM!L8E9QPS aOa)1Ysqr'}N1SMAF tyXR"5hV}fvA,Pc ׌x&@⺮Z 'OfV3Ct6TClI^GnCG׌X0T0# T TVD*/MD S:YU ٷ:7)fYrNʌ8:I6;#QhU{zхuAԨһ;$y }Nߪfi>6RcSXMɌzz Njo@6EXf :2J/D}Hy2WPNҿ"#ټs䄧UP0pEd_w;fzdB^!yC' Qݹ"hfiȗ9\a _6μu_Ѓxmt B $+ E9RS2Z S I(8`3KTVAo C3UgNdobUt_]VU .h4ԍzIJZkV%yLq#[CR(rPYrWX.ǎ9+ ,2|'})r7tO9zݰXlrb=}!Z zO*_'Ct"|P5J=?^[6M·Oy2Bq͈#i}]V+=/"4`U,Chԏ&k#*-63c4(Uv_bW!tBBx7S-/h}ur"jgJAҹ¦dƩ` EhaÄbVbCldX\U]_t„E>9'0Mf(Mbܵ #@Mp 0Z___HLm TZ))B:\A*vk.~0b8ƝUy ~dW΁r"HDP11`ر&1d@; [-S6^v{ܱqݱPݱ0ޱWw,]w= XT{ౘv#Ë9) }u88[xRK8PwB(^avB>3JcKMs>(t}^P[}`Ǡ#/A\nv<_tГ %=t=l/\_{9M,=,D8/.AM,,eh|W@y(| .R9$;YTMWͥL|1#e1E2`yKaE+&P5pCBj! V鰾+ÁbCOp*0o.́5͡_4?K)?D㴑:^|O M% * HgJI;Ud6Q嚡)a5r| a"DLJgl2gqy84;nsl_pE9oK =afsP3|dj0YG ̖4_K߳`7-_ vvo:[{5 ?hB^j&HFyP!π*01ؽ98w*2962 ;p诎=n\7iU{,G [(<[֗9D{4bj JݯmX(/*2*p邭|OS;yU6l#l_E!\.|ys1-XH=KMbۓL7`>J>yH<>e bh2VE<'0r?mN ^`jT SŘ#džYVɬͿ!FΫbu4"8l[E1p;M>}RCRu2C97Wed+=Q8<[t6ǜ70)Q tws#̿DZ 7J;bn3FQn0EpmS#o?=~BZMu_;9oXըi}joB\,6@=@9zP~]@96n,Fe+[Xmn_qµ#6YϗBmWeA t;]6̖|[ldAgE qީqF;npqK}aG:2"11&(dxBӣFzjo4 { SL:H%$iy+^19VI3flec ֘o f +R=ܷ`j05]LDjg?sƉn~srRN"$[t CbY578HrD;L \*r\|o!qm3\6D*c %)yˆ+NH8Ak nE/Ä>x1i?lt )6:FDBf0C_լwϧ ᩹-榽=xFf0UH"n:u |]:W_ {PJSC7zYYqeY3'Gu8S0 &DB@,]Zn EZ$p'8mUa1i _;dVZq;WVBnL g,< nm9iHhb9HxL~qF{ٚAY(0X4}($0ݼ_$lxה$bP=ѐy;B?Ǫ^_PCj俜9No龜$_~r6BWVѢlAF3+ZO?'ޱ~_)/$? ONѹLkL]e &`^`82I58+Pyҝ<`by Y `ZbYxbE6X‰ń5d[I^ݕIez16RO/H"D?D G/ eez0$`N17p>H*3M'3h&5+OIA:<ϱy!څ҄Sv˚PrZ읞m L<)Ũ3ƭ~)/(Xf7fMitţoQ/:p X[0|ȭ-[I|^~ opiWcv% |Sva?tgPV93|ܷ7Lj8Z099r*B)M8@2wHA|tv$#͎ +f cC5_rAh6?`uPtjyvY5nK0M9K_ &0!T &,D9a01eB(MsRSjBNjz|Q *w%_TyaMe scktB.A!c#+{7ǿtsګ/f2a sD ?CMue#5}6g[+knm?n31oX|kSa8Zt@)0y#mxC}VAc4kRYۜH꫺פM}ʬ۞#"J!\NaF|E[|EC c@@jXPϕHʊ鹿h$pw_Gq7ǩ"AxUBeI.eXe2]"`3qlR? w‘/RR=Q*K?H.C`/_OCҐ4! ixAufw-0.36/tests/test-srv-upgrades.sh.expected0000644000175000017500000000220013404772663020102 0ustar jamiejamie== Clean out everything == Run srv on 23 for the first time == Convert 23 back to rules.orig == Simulate upgrade from 23 to 85 == Run srv on 85 './var/snap/ufw/85/etc/ufw/sysctl.conf' not updated for snap revision 85 (changes cannot be merged). For details, see: $ diff -Nau './snap/ufw/85/etc/ufw/sysctl.conf' './var/snap/ufw/85/etc/ufw/sysctl.conf' './var/snap/ufw/85/etc/ufw/applications.d/ufw-bittorent' not updated for snap revision 85 (changes cannot be merged). For details, see: $ diff -Nau './snap/ufw/85/etc/ufw/applications.d/ufw-bittorent' './var/snap/ufw/85/etc/ufw/applications.d/ufw-bittorent' == Simulate the user merged everything from 85 == Simulate user change to after.rules == Simulate upgrade from 85 to 86 == Run srv on 86 './var/snap/ufw/86/etc/ufw/before.rules' updated to contain version from snap revision 86 './var/snap/ufw/86/etc/ufw/after.rules' not updated for snap revision 86 (changes cannot be merged). For details, see: $ diff -Nau './snap/ufw/86/etc/ufw/after.rules' './var/snap/ufw/86/etc/ufw/after.rules' './var/snap/ufw/86/etc/ufw/applications.d/ufw-chat' updated to contain version from snap revision 86 ufw-0.36/setup.cfg0000644000175000017500000000013013404772663013026 0ustar jamiejamie[pycodestyle] ignore = E121,E124,E126,E127,E128,E201,E202,E226,E241,E261,E265,E501,E502 ufw-0.36/src/0000755000175000017500000000000013404772663012002 5ustar jamiejamieufw-0.36/src/ufw-init-functions0000755000175000017500000004202113343551547015475 0ustar jamiejamie#!/bin/sh # # ufw-init-functions: functions used by ufw-init and distribution initscripts # # Copyright 2008-2015 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e PATH="/sbin:/bin:/usr/sbin:/usr/bin" for s in "${DATA_DIR}#CONFIG_PREFIX#/default/ufw" "${DATA_DIR}#CONFIG_PREFIX#/ufw/ufw.conf" ; do if [ -s "$s" ]; then . "$s" else echo "Could not find $s (aborting)" exit 1 fi done RULES_PATH="${DATA_DIR}#CONFIG_PREFIX#/ufw" USER_PATH="${DATA_DIR}#CONFIG_PREFIX#/ufw" flush_builtins() { error="" execs="iptables" if ip6tables -L INPUT -n >/dev/null 2>&1; then execs="$execs ip6tables" fi for exe in $execs do $exe -F || error="yes" $exe -X || error="yes" $exe -P INPUT ACCEPT || error="yes" $exe -P OUTPUT ACCEPT || error="yes" $exe -P FORWARD ACCEPT || error="yes" # now handle the mangle table if $exe -t mangle -L -n >/dev/null 2>&1; then for i in INPUT OUTPUT FORWARD PREROUTING POSTROUTING ; do $exe -t mangle -F $i || error="yes" $exe -t mangle -P $i ACCEPT || error="yes" done fi done # now handle the nat table if iptables -t nat -L -n >/dev/null 2>&1; then for i in OUTPUT PREROUTING POSTROUTING ; do iptables -t nat -F $i || error="yes" iptables -t nat -P $i ACCEPT || error="yes" done fi if [ "$error" = "yes" ]; then return 1 fi } chains_command() { flag="$1" type="" exe="iptables" if [ "$2" = "6" ]; then type="$2" exe="ip6tables" fi for c in ufw$type-logging-deny ufw$type-logging-allow ufw$type-not-local ufw$type-user-logging-input ufw$type-user-limit-accept ufw$type-user-limit ufw$type-skip-to-policy-input ufw$type-reject-input ufw$type-after-logging-input ufw$type-after-input ufw$type-user-input ufw$type-before-input ufw$type-before-logging-input ufw$type-skip-to-policy-forward ufw$type-reject-forward ufw$type-after-logging-forward ufw$type-after-forward ufw$type-user-logging-forward ufw$type-user-forward ufw$type-before-forward ufw$type-before-logging-forward ufw$type-track-forward ufw$type-track-output ufw$type-track-input ufw$type-skip-to-policy-output ufw$type-reject-output ufw$type-after-logging-output ufw$type-after-output ufw$type-user-logging-output ufw$type-user-output ufw$type-before-output ufw$type-before-logging-output; do if [ "$UFW_INIT_DEBUG" = "yes" ]; then echo "$exe $flag $c" >&2 $exe $flag $c || true else $exe $flag $c 2>/dev/null || true fi done } delete_chains() { chains_command -F $1 chains_command -Z $1 # Delete the secondary chains to reduce clutter, but keep the primary ones # so that the primary chains don't leave the built-in chains just to come # back later in a different place. This means that some (empty) chains will # linger until the next boot after disabling ufw. for c in ufw$type-logging-deny ufw$type-logging-allow ufw$type-not-local ufw$type-user-logging-input ufw$type-user-logging-output ufw$type-user-logging-forward ufw$type-user-limit-accept ufw$type-user-limit ufw$type-user-input ufw$type-user-forward ufw$type-user-output ufw$type-skip-to-policy-input ufw$type-skip-to-policy-output ufw$type-skip-to-policy-forward ; do if [ "$UFW_INIT_DEBUG" = "yes" ]; then echo "$exe $flag $c" >&2 $exe -X $c || true else $exe -X $c 2>/dev/null || true fi done } ufw_start() { out="" if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then if iptables -L ufw-user-input -n >/dev/null 2>&1 ; then echo "Firewall already started, use 'force-reload'" return 0 fi for m in $IPT_MODULES do modprobe $m || true done if [ "$MANAGE_BUILTINS" = "yes" ]; then flush_builtins fi if [ -x "$RULES_PATH/before.init" ]; then if ! "$RULES_PATH/before.init" start ; then error="yes" out="${out}\n'$RULES_PATH/before.init start' exited with error" fi fi execs="iptables" # IPv6 setup if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then if ip6tables -L INPUT -n >/dev/null 2>&1; then execs="$execs ip6tables" else out="${out}\nProblem loading ipv6 (skipping)" fi else if ip6tables -L INPUT -n >/dev/null 2>&1; then # IPv6 support disabled but available in the kernel, so # default DROP and accept all on loopback delete_chains 6 || error="yes" printf "*filter\n"\ ":INPUT DROP [0:0]\n"\ ":FORWARD DROP [0:0]\n"\ ":OUTPUT DROP [0:0]\n"\ "-A INPUT -i lo -j ACCEPT\n"\ "-A OUTPUT -o lo -j ACCEPT\n"\ "COMMIT\n" | ip6tables-restore || error="yes" if [ "$error" = "yes" ]; then out="${out}\nProblem loading ipv6 (skipping)" fi fi fi for exe in $execs do type="" if [ "$exe" = "ip6tables" ]; then type="6" fi BEFORE_RULES="$RULES_PATH/before${type}.rules" AFTER_RULES="$RULES_PATH/after${type}.rules" USER_RULES="$USER_PATH/user${type}.rules" # set the default policy input_pol="$DEFAULT_INPUT_POLICY" if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then input_pol="DROP" fi output_pol="$DEFAULT_OUTPUT_POLICY" if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then output_pol="DROP" fi forward_pol="$DEFAULT_FORWARD_POLICY" if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then forward_pol="DROP" fi printf "*filter\n"\ "# builtin chains\n"\ ":INPUT %s [0:0]\n"\ ":FORWARD %s [0:0]\n"\ ":OUTPUT %s [0:0]\n"\ "COMMIT\n" $input_pol $forward_pol $output_pol | $exe-restore -n || error="yes" # flush the chains (if they exist) if $exe -L ufw${type}-before-logging-input -n >/dev/null 2>&1 ; then delete_chains $type || error="yes" else # setup all the primary chains printf "*filter\n"\ "# primary chains\n"\ ":ufw${type}-before-logging-input - [0:0]\n"\ ":ufw${type}-before-logging-output - [0:0]\n"\ ":ufw${type}-before-logging-forward - [0:0]\n"\ ":ufw${type}-before-input - [0:0]\n"\ ":ufw${type}-before-output - [0:0]\n"\ ":ufw${type}-before-forward - [0:0]\n"\ ":ufw${type}-after-input - [0:0]\n"\ ":ufw${type}-after-output - [0:0]\n"\ ":ufw${type}-after-forward - [0:0]\n"\ ":ufw${type}-after-logging-input - [0:0]\n"\ ":ufw${type}-after-logging-output - [0:0]\n"\ ":ufw${type}-after-logging-forward - [0:0]\n"\ ":ufw${type}-reject-input - [0:0]\n"\ ":ufw${type}-reject-output - [0:0]\n"\ ":ufw${type}-reject-forward - [0:0]\n"\ ":ufw${type}-track-input - [0:0]\n"\ ":ufw${type}-track-output - [0:0]\n"\ ":ufw${type}-track-forward - [0:0]\n"\ "\n"\ "-A INPUT -j ufw${type}-before-logging-input\n"\ "-A INPUT -j ufw${type}-before-input\n"\ "-A INPUT -j ufw${type}-after-input\n"\ "-A INPUT -j ufw${type}-after-logging-input\n"\ "-A INPUT -j ufw${type}-reject-input\n"\ "-A INPUT -j ufw${type}-track-input\n"\ "\n"\ "-A OUTPUT -j ufw${type}-before-logging-output\n"\ "-A OUTPUT -j ufw${type}-before-output\n"\ "-A OUTPUT -j ufw${type}-after-output\n"\ "-A OUTPUT -j ufw${type}-after-logging-output\n"\ "-A OUTPUT -j ufw${type}-reject-output\n"\ "-A OUTPUT -j ufw${type}-track-output\n"\ "\n"\ "-A FORWARD -j ufw${type}-before-logging-forward\n"\ "-A FORWARD -j ufw${type}-before-forward\n"\ "-A FORWARD -j ufw${type}-after-forward\n"\ "-A FORWARD -j ufw${type}-after-logging-forward\n"\ "-A FORWARD -j ufw${type}-reject-forward\n"\ "-A FORWARD -j ufw${type}-track-forward\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi # add reject policy if [ "$DEFAULT_INPUT_POLICY" = "REJECT" ]; then printf "*filter\n"\ "-A ufw${type}-reject-input -j REJECT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi if [ "$DEFAULT_OUTPUT_POLICY" = "REJECT" ]; then printf "*filter\n"\ "-A ufw${type}-reject-output -j REJECT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi if [ "$DEFAULT_FORWARD_POLICY" = "REJECT" ]; then printf "*filter\n"\ "-A ufw${type}-reject-forward -j REJECT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi # add tracking policy if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then printf "*filter\n"\ "-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ "-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then printf "*filter\n"\ "-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ "-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi if [ "$DEFAULT_FORWARD_POLICY" = "ACCEPT" ]; then printf "*filter\n"\ "-A ufw${type}-track-forward -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\ "-A ufw${type}-track-forward -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi # now setup the secondary 'logging-deny' chains if ! $exe -L ufw${type}-logging-deny -n >/dev/null 2>&1 ; then printf "*filter\n"\ ":ufw${type}-logging-deny - [0:0]\n"\ ":ufw${type}-logging-allow - [0:0]\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi # now setup the secondary 'skip to policy' chains if ! $exe -L ufw${type}-skip-to-policy-input -n >/dev/null 2>&1 ; then printf "*filter\n"\ ":ufw${type}-skip-to-policy-input - [0:0]\n"\ ":ufw${type}-skip-to-policy-output - [0:0]\n"\ ":ufw${type}-skip-to-policy-forward - [0:0]\n"\ "-A ufw${type}-skip-to-policy-input -j %s\n"\ "-A ufw${type}-skip-to-policy-output -j %s\n"\ "-A ufw${type}-skip-to-policy-forward -j %s\n"\ "COMMIT\n" $DEFAULT_INPUT_POLICY $DEFAULT_OUTPUT_POLICY $DEFAULT_FORWARD_POLICY | $exe-restore -n || error="yes" fi # now ip[6]tables-restore before*.rules. This resets the following # chains: # ufw-before-input # ufw-before-output # ufw-before-forward # # and sets the following: # ufw-not-local if [ -s "$BEFORE_RULES" ]; then if ! $exe-restore -n < "$BEFORE_RULES" ; then out="${out}\nProblem running '$BEFORE_RULES'" error="yes" fi else out="${out}\nCouldn't find '$BEFORE_RULES'" error="yes" fi # now ip[6]tables-restore after*.rules. This resets the following # chains: # ufw-after-input # ufw-after-output # ufw-after-forward if [ -s "$AFTER_RULES" ]; then if ! $exe-restore -n < "$AFTER_RULES" ; then out="${out}\nProblem running '$AFTER_RULES'" error="yes" fi else out="${out}\nCouldn't find '$AFTER_RULES'" error="yes" fi # user chains if [ -s "$USER_RULES" ]; then # setup the secondary 'user' chains if ! $exe -L ufw${type}-user-input -n >/dev/null 2>&1 ; then printf "*filter\n"\ ":ufw${type}-user-input - [0:0]\n"\ ":ufw${type}-user-output - [0:0]\n"\ ":ufw${type}-user-forward - [0:0]\n"\ ":ufw${type}-user-logging-input - [0:0]\n"\ ":ufw${type}-user-logging-output - [0:0]\n"\ ":ufw${type}-user-logging-forward - [0:0]\n"\ ":ufw${type}-user-limit - [0:0]\n"\ ":ufw${type}-user-limit-accept - [0:0]\n"\ "COMMIT\n" | $exe-restore -n || error="yes" fi # now ip[6]tables-restore user*.rules. This resets the following # chains: # ufw-before-logging-input # ufw-before-logging-output # ufw-before-logging-forward # ufw-after-logging-input # ufw-after-logging-output # ufw-after-logging-forward # ufw-logging-deny # ufw-logging-allow # ufw-after-input # ufw-after-output # ufw-after-forward # ufw-user-limit # ufw-user-limit-accept if ! $exe-restore -n < "$USER_RULES" ; then out="${out}\nProblem running '$USER_RULES'" error="yes" fi # now hooks these into the primary chains printf "*filter\n"\ "-A ufw${type}-before-input -j ufw${type}-user-input\n"\ "-A ufw${type}-before-output -j ufw${type}-user-output\n"\ "-A ufw${type}-before-forward -j ufw${type}-user-forward\n"\ "COMMIT\n" | $exe-restore -n || error="yes" else out="${out}\nCouldn't find '$USER_RULES'" error="yes" fi done if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then sysctl -e -q -p $IPT_SYSCTL || true fi if [ -x "$RULES_PATH/after.init" ]; then if ! "$RULES_PATH/after.init" start ; then error="yes" out="${out}\n'$RULES_PATH/after.init start' exited with error" fi fi if [ "$error" = "yes" ]; then /bin/echo -e "$out" return 1 fi else out="Skip starting firewall: ufw (not enabled)" fi if [ ! -z "$out" ]; then /bin/echo -e "$out" fi } ufw_stop() { if [ "$1" != "--force" ] && [ "$ENABLED" != "yes" ] && [ "$ENABLED" != "YES" ]; then echo "Skip stopping firewall: ufw (not enabled)" return 0 fi error="" if [ -x "$RULES_PATH/before.init" ]; then if ! "$RULES_PATH/before.init" stop ; then error="yes" out="${out}\n'$RULES_PATH/before.init stop' exited with error" fi fi # If we manage the builtins, just return if [ "$MANAGE_BUILTINS" = "yes" ]; then flush_builtins || error="yes" if [ -x "$RULES_PATH/after.init" ]; then "$RULES_PATH/after.init" stop || error="yes" fi if [ "$error" = "yes" ]; then return 1 fi return 0 fi execs="iptables" if ip6tables -L INPUT -n >/dev/null 2>&1; then execs="$execs ip6tables" fi for exe in $execs do type="" if [ "$exe" = "ip6tables" ]; then type="6" fi delete_chains $type || error="yes" $exe -P INPUT ACCEPT || error="yes" $exe -P OUTPUT ACCEPT || error="yes" $exe -P FORWARD ACCEPT || error="yes" done if [ -x "$RULES_PATH/after.init" ]; then if ! "$RULES_PATH/after.init" stop ; then error="yes" fi fi if [ "$error" = "yes" ]; then return 1 fi return 0 } ufw_reload() { if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then if [ -x "$RULES_PATH/before.init" ]; then "$RULES_PATH/before.init" stop || return 1 fi ufw_stop || return "$?" if [ -x "$RULES_PATH/after.init" ]; then "$RULES_PATH/after.init" stop || return 1 fi if [ -x "$RULES_PATH/before.init" ]; then "$RULES_PATH/before.init" start || return 1 fi ufw_start || return "$?" if [ -x "$RULES_PATH/after.init" ]; then "$RULES_PATH/after.init" start || return 1 fi else echo "Skipping $1 (not enabled)" fi return 0 } ufw_status() { err="" iptables -L ufw-user-input -n >/dev/null 2>&1 || { echo "Firewall is not running" return 3 } if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then ip6tables -L ufw6-user-input -n >/dev/null 2>&1 || { # unknown state: ipv4 ok, but ipv6 isn't echo "Firewall in inconsistent state (IPv6 enabled but not running)" return 4 } fi echo "Firewall is running" return 0 } ufw-0.36/src/ufw0000755000175000017500000001152013404772663012530 0ustar jamiejamie#! /usr/bin/env python # # ufw: front-end for Linux firewalling (cli) # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function import os import sys import warnings import ufw.frontend from ufw.common import UFWError from ufw.util import error, warn, msg, _findpath, create_lock, release_lock import gettext kwargs = {} if sys.version_info[0] < 3: # In Python 2, ensure that the _() that gets installed into built-ins # always returns unicodes. This matches the default behavior under Python # 3, although that keyword argument is not present in the Python 3 API. kwargs['unicode'] = True gettext.install(ufw.common.programName, **kwargs) version = "#VERSION#" # relocate root and data directories if specified args = [] rootdir = None datadir = None for i in sys.argv: if i.startswith('--rootdir='): if len(i.split('=')) == 2: rootdir = i.split('=')[1] else: error('--rootdir is empty') elif i.startswith('--datadir='): if len(i.split('=')) == 2: datadir = i.split('=')[1] else: error('--datadir is empty') else: args.append(i) # Internationalization gettext.bindtextdomain(ufw.common.programName, \ os.path.join(_findpath(ufw.common.trans_dir, rootdir), 'messages')) gettext.textdomain(ufw.common.programName) try: # BAW: I'm not sure why both this and the .install() above is here, but # let's roll with it for now. This is the Python 2 version, which ensures # we get unicodes. _ = gettext.ugettext except AttributeError: # Python 3 always returns unicodes. _ = gettext.gettext if sys.version_info[0] < 2 or \ (sys.version_info[0] == 2 and sys.version_info[1] < 6): msg(ufw.common.programName + _(": Need at least python 2.6)\n"), \ sys.stderr) sys.exit(1) def clean_warning(message, category, filename, lineno, file=None, line=""): warn(message) if __name__ == "__main__": warnings.showwarning = clean_warning app_action = False pr = None # Remember, will have to take --force into account if we use it with 'app' idx = 1 if len(args) > 1 and args[1].lower() == "--dry-run": idx += 1 if len(args) > idx and args[idx].lower() == "app": app_action = True try: pr = ufw.frontend.parse_command(args) except ValueError: msg(ufw.frontend.get_command_help()) sys.exit(1) except UFWError as e: error(e.value) except Exception: raise if pr.action == "help" or pr.action == "--help": msg(ufw.frontend.get_command_help()) sys.exit(0) elif pr.action == "version" or pr.action == "--version": msg(ufw.common.programName + " " + version) msg("Copyright 2008-2015 Canonical Ltd.") sys.exit(0) try: ui = ufw.frontend.UFWFrontend(pr.dryrun, rootdir=rootdir, datadir=datadir) except UFWError as e: error(e.value) except Exception: raise if datadir is None: lockfile = '/run/ufw.lock' if os.getuid() != 0 or 'TESTSTATE' in os.environ: lockfile = os.path.join(ufw.common.state_dir, 'ufw.lock') else: lockfile = os.path.join(_findpath(ufw.common.state_dir, datadir), 'ufw.lock') lock = create_lock(lockfile=lockfile, dryrun=pr.dryrun) res = "" try: if app_action and 'type' in pr.data and pr.data['type'] == 'app': res = ui.do_application_action(pr.action, pr.data['name']) else: bailout = False if pr.action == "enable" and not pr.force and \ not ui.continue_under_ssh(): res = _("Aborted") bailout = True if not bailout: if 'rule' in pr.data: res = ui.do_action(pr.action, pr.data['rule'], \ pr.data['iptype'], pr.force) else: res = ui.do_action(pr.action, "", "", pr.force) if res != "": msg(res) except UFWError as e: error(e.value) except Exception: raise finally: release_lock(lock) sys.exit(0) ufw-0.36/src/util.py0000644000175000017500000007571213404772663013345 0ustar jamiejamie'''util.py: utility functions for ufw''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # from __future__ import print_function import binascii import codecs import errno import fcntl import io import inspect import os import re import shutil import socket import struct import subprocess import sys from functools import reduce from tempfile import mkstemp, mktemp DEBUGGING = False msg_output = None # for redirecting stdout in msg() and write_to_file() # We support different protocols these days and only come combinations are # valid supported_protocols = [ 'tcp', 'udp', 'ipv6', 'esp', 'ah', 'igmp', 'gre' ] portless_protocols = [ 'ipv6', 'esp', 'ah', 'igmp', 'gre' ] ipv4_only_protocols = [ 'ipv6', 'igmp' ] def get_services_proto(port): '''Get the protocol for a specified port from /etc/services''' proto = "" try: socket.getservbyname(port) except Exception: raise try: socket.getservbyname(port, "tcp") proto = "tcp" except Exception: pass try: socket.getservbyname(port, "udp") if proto == "tcp": proto = "any" else: proto = "udp" except Exception: pass return proto def parse_port_proto(p_str): '''Parse port or port and protocol''' port = "" proto = "" tmp = p_str.split('/') if len(tmp) == 1: port = tmp[0] proto = "any" elif len(tmp) == 2: port = tmp[0] proto = tmp[1] if proto in portless_protocols: err_msg = _("Invalid port with protocol '%s'" % proto) raise ValueError(err_msg) else: err_msg = _("Bad port") raise ValueError(err_msg) return (port, proto) def valid_address6(addr): '''Verifies if valid IPv6 address''' if not socket.has_ipv6: warn("python does not have IPv6 support.") return False # quick and dirty test if len(addr) > 43 or not re.match(r'^[a-fA-F0-9:\./]+$', addr): return False net = addr.split('/') try: socket.inet_pton(socket.AF_INET6, net[0]) except Exception: return False if len(net) > 2: return False elif len(net) == 2: # Check netmask specified via '/' if not _valid_cidr_netmask(net[1], True): return False return True def valid_address4(addr): '''Verifies if valid IPv4 address''' # quick and dirty test if len(addr) > 31 or not re.match(r'^[0-9\./]+$', addr): return False net = addr.split('/') try: socket.inet_pton(socket.AF_INET, net[0]) # socket.inet_pton() should raise an exception, but let's be sure if not _valid_dotted_quads(net[0], False): # pragma: no cover return False except Exception: return False if len(net) > 2: return False elif len(net) == 2: # Check netmask specified via '/' if not valid_netmask(net[1], False): return False return True def valid_netmask(nm, v6): '''Verifies if valid cidr or dotted netmask''' return _valid_cidr_netmask(nm, v6) or _valid_dotted_quads(nm, v6) # # valid_address() # version="6" tests if a valid IPv6 address # version="4" tests if a valid IPv4 address # version="any" tests if a valid IP address (IPv4 or IPv6) # def valid_address(addr, version="any"): '''Validate IP addresses''' if version == "6": return valid_address6(addr) elif version == "4": return valid_address4(addr) elif version == "any": return valid_address4(addr) or valid_address6(addr) raise ValueError def normalize_address(orig, v6): '''Convert address to standard form. Use no netmask for IP addresses. If netmask is specified and not all 1's, for IPv4 use cidr if possible, otherwise dotted netmask and for IPv6, use cidr. ''' net = [] changed = False version = "4" s_type = socket.AF_INET if v6: version = "6" s_type = socket.AF_INET6 if '/' in orig: net = orig.split('/') # Remove host netmasks if v6 and net[1] == "128": del net[1] elif not v6 and (net[1] == "32" or net[1] == "255.255.255.255"): del net[1] else: net.append(orig) if not v6 and len(net) == 2 and _valid_dotted_quads(net[1], v6): try: net[1] = _dotted_netmask_to_cidr(net[1], v6) except Exception: # Not valid cidr, so just use the dotted quads pass addr = net[0] # Convert to packed binary, then convert back addr = socket.inet_ntop(s_type, socket.inet_pton(s_type, addr)) if addr != net[0]: changed = True if len(net) == 2: addr += "/" + net[1] if not v6: network = _address4_to_network(addr) if network != addr: dbg_msg = "Using '%s' for address '%s'" % (network, addr) debug(dbg_msg) addr = network changed = True if not valid_address(addr, version): dbg_msg = "Invalid address '%s'" % (addr) debug(dbg_msg) raise ValueError return (addr, changed) def open_file_read(fn): '''Opens the specified file read-only''' try: orig = open(fn, 'r') except Exception: raise return orig def open_files(fn): '''Opens the specified file read-only and a tempfile read-write.''' try: orig = open_file_read(fn) except Exception: raise try: (tmp, tmpname) = mkstemp() except Exception: # pragma: no cover orig.close() raise return { "orig": orig, "origname": fn, "tmp": tmp, "tmpname": tmpname } def write_to_file(fd, out): '''Write to the file descriptor and error out of 0 bytes written. Intended to be used with open_files() and close_files().''' if out == "": return if not fd: raise OSError(errno.ENOENT, "Not a valid file descriptor") # Redirect our writes to stdout to msg_output, if it is set if msg_output and fd == sys.stdout.fileno(): msg_output.write(out) return rc = -1 # cover not in python3, so can't test for this if sys.version_info[0] >= 3: # pragma: no cover rc = os.write(fd, bytes(out, 'ascii')) else: rc = os.write(fd, out) if rc <= 0: # pragma: no cover raise OSError(errno.EIO, "Could not write to file descriptor") def close_files(fns, update=True): '''Closes the specified files (as returned by open_files), and update original file with the temporary file. ''' fns['orig'].close() os.close(fns['tmp']) if update: try: shutil.copystat(fns['origname'], fns['tmpname']) shutil.copy(fns['tmpname'], fns['origname']) except Exception: raise try: os.unlink(fns['tmpname']) except OSError: raise def cmd(command): '''Try to execute the given command.''' debug(command) try: sp = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True) except OSError as ex: return [127, str(ex)] out = sp.communicate()[0] return [sp.returncode, str(out)] def cmd_pipe(command1, command2): '''Try to pipe command1 into command2.''' try: sp1 = subprocess.Popen(command1, stdout=subprocess.PIPE) sp2 = subprocess.Popen(command2, stdin=sp1.stdout) except OSError as ex: return [127, str(ex)] out = sp2.communicate()[0] return [sp2.returncode, str(out)] # TODO: this is pretty horrible. We should be using only unicode strings # internally and decode() when printing rather than doing this. def _print(output, s): '''Implement our own print statement that will output utf-8 when appropriate.''' try: # python3 writer = output.buffer except Exception: writer = output try: out = s.encode('utf-8', 'ignore') # Depends on python version except Exception: # pragma: no cover out = s if msg_output and inspect.isclass(io.StringIO): writer.write(s) else: writer.write(bytes(out)) output.flush() def error(out, do_exit=True): '''Print error message and exit''' try: _print(sys.stderr, 'ERROR: %s\n' % out) except IOError: # pragma: no cover pass if do_exit: # pragma: no cover sys.exit(1) def warn(out): '''Print warning message''' try: _print(sys.stderr, 'WARN: %s\n' % out) except IOError: # pragma: no cover pass def msg(out, output=sys.stdout, newline=True): '''Print message''' if msg_output and output == sys.stdout: output = msg_output try: if newline: _print(output, '%s\n' % out) else: _print(output, '%s' % out) except IOError: # pragma: no cover pass def debug(out): '''Print debug message''' if DEBUGGING: try: _print(sys.stderr, 'DEBUG: %s\n' % out) except IOError: # pragma: no cover pass def word_wrap(text, width): ''' A word-wrap function that preserves existing line breaks and most spaces in the text. Expects that existing line breaks are posix newlines (\n). ''' return reduce(lambda line, word, width=width: '%s%s%s' % (line, ' \n'[(len(line)-line.rfind('\n') - 1 + len(word.split('\n', 1)[0]) >= width)], word), text.split(' ') ) def wrap_text(text): '''Word wrap to a specific width''' return word_wrap(text, 75) def human_sort(lst): '''Sorts list of strings into numeric order, with text case-insensitive. Modifies list in place. Eg: [ '80', 'a222', 'a32', 'a2', 'b1', '443', 'telnet', '3', 'http', 'ZZZ'] sorts to: ['3', '80', '443', 'a2', 'a32', 'a222', 'b1', 'http', 'telnet', 'ZZZ'] ''' norm = lambda t: int(t) if t.isdigit() else t.lower() lst.sort(key=lambda k: [ norm(c) for c in re.split('([0-9]+)', k)]) def get_ppid(mypid=os.getpid()): '''Finds parent process id for pid based on /proc//stat. See 'man 5 proc' for details. ''' try: pid = int(mypid) except Exception: raise ValueError("pid must be an integer") name = os.path.join("/proc", str(pid), "stat") if not os.path.isfile(name): raise IOError("Couldn't find '%s'" % (name)) try: # LP: #1101304 # 9983 (cmd) S 923 ... # 9983 (cmd with spaces) S 923 ... ppid = open(name).readlines()[0].split(')')[1].split()[1] except Exception: # pragma: no cover raise return int(ppid) def under_ssh(pid=os.getpid()): '''Determine if current process is running under ssh''' try: ppid = get_ppid(pid) except IOError: warn_msg = _("Couldn't find pid (is /proc mounted?)") warn(warn_msg) return False except Exception: err_msg = _("Couldn't find parent pid for '%s'") % (str(pid)) raise ValueError(err_msg) # pid '1' is 'init' and '0' is the kernel. This should still work when # pid randomization is in use, but needs to be checked. if pid == 1 or ppid <= 1: return False path = os.path.join("/proc", str(ppid), "stat") if not os.path.isfile(path): # pragma: no cover err_msg = _("Couldn't find '%s'") % (path) raise ValueError(err_msg) try: exe = open(path).readlines()[0].split()[1] except Exception: # pragma: no cover err_msg = _("Could not find executable for '%s'") % (path) raise ValueError(err_msg) debug("under_ssh: exe is '%s'" % (exe)) # unit tests might be run remotely, so can't test for either if exe == "(sshd)": # pragma: no cover return True else: # pragma: no cover return under_ssh(ppid) # # Internal helper functions # def _valid_cidr_netmask(nm, v6): '''Verifies cidr netmasks''' num = 32 if v6: num = 128 if not re.match(r'^[0-9]+$', nm) or int(nm) < 0 or int(nm) > num: return False return True def _valid_dotted_quads(nm, v6): '''Verifies dotted quad ip addresses and netmasks''' if v6: return False else: if re.match(r'^[0-9]+\.[0-9\.]+$', nm): quads = re.split('\.', nm) if len(quads) != 4: return False for q in quads: if not q or int(q) < 0 or int(q) > 255: return False else: return False return True # # _dotted_netmask_to_cidr() # Returns: # cidr integer (0-32 for ipv4 and 0-128 for ipv6) # # Raises exception if cidr cannot be found # def _dotted_netmask_to_cidr(nm, v6): '''Convert netmask to cidr. IPv6 dotted netmasks are not supported.''' cidr = "" if v6: raise ValueError else: if not _valid_dotted_quads(nm, v6): raise ValueError mbits = 0 # python3 doesn't have long(). We could technically use int() here # since python2 guarantees at least 32 bits for int(), but this helps # future-proof. try: # pragma: no cover bits = long(struct.unpack('>L', socket.inet_aton(nm))[0]) except NameError: # pragma: no cover bits = int(struct.unpack('>L', socket.inet_aton(nm))[0]) found_one = False for n in range(32): if (bits >> n) & 1 == 1: found_one = True else: if found_one: mbits = -1 break else: mbits += 1 if mbits >= 0 and mbits <= 32: cidr = str(32 - mbits) if not _valid_cidr_netmask(cidr, v6): raise ValueError return cidr # # _cidr_to_dotted_netmask() # Returns: # dotted netmask string # # Raises exception if dotted netmask cannot be found # def _cidr_to_dotted_netmask(cidr, v6): '''Convert cidr to netmask. IPv6 dotted netmasks not supported.''' nm = "" if v6: raise ValueError else: if not _valid_cidr_netmask(cidr, v6): raise ValueError # python3 doesn't have long(). We could technically use int() here # since python2 guarantees at least 32 bits for int(), but this helps # future-proof. try: # pragma: no cover bits = long(0) except NameError: # pragma: no cover bits = 0 for n in range(32): if n < int(cidr): bits |= 1 << 31 - n nm = socket.inet_ntoa(struct.pack('>L', bits)) # The above socket.inet_ntoa() should raise an error, but let's be sure if not _valid_dotted_quads(nm, v6): # pragma: no cover raise ValueError return nm def _address4_to_network(addr): '''Convert an IPv4 address and netmask to a network address''' if '/' not in addr: debug("_address4_to_network: skipping address without a netmask") return addr tmp = addr.split('/') if len(tmp) != 2 or not _valid_dotted_quads(tmp[0], False): raise ValueError host = tmp[0] orig_nm = tmp[1] nm = orig_nm if _valid_cidr_netmask(nm, False): nm = _cidr_to_dotted_netmask(nm, False) # Now have dotted quad host and nm, find the network # python3 doesn't have long(). We could technically use int() here # since python2 guarantees at least 32 bits for int(), but this helps # future-proof. try: # pragma: no cover host_bits = long(struct.unpack('>L', socket.inet_aton(host))[0]) nm_bits = long(struct.unpack('>L', socket.inet_aton(nm))[0]) except NameError: # pragma: no cover host_bits = int(struct.unpack('>L', socket.inet_aton(host))[0]) nm_bits = int(struct.unpack('>L', socket.inet_aton(nm))[0]) network_bits = host_bits & nm_bits network = socket.inet_ntoa(struct.pack('>L', network_bits)) return "%s/%s" % (network, orig_nm) def _address6_to_network(addr): '''Convert an IPv6 address and netmask to a network address''' def dec2bin(num, count): '''Decimal to binary''' return "".join([str((num >> y) & 1) for y in range(count-1, -1, -1)]) if '/' not in addr: debug("_address6_to_network: skipping address without a netmask") return addr tmp = addr.split('/') if len(tmp) != 2 or not valid_netmask(tmp[1], True): raise ValueError orig_host = tmp[0] netmask = tmp[1] unpacked = struct.unpack('>8H', socket.inet_pton(socket.AF_INET6, \ orig_host)) # Get the host bits try: # python3 doesn't have long() host_bits = long(0) except NameError: # pragma: no cover host_bits = 0 for i in range(8): n = dec2bin(unpacked[i], 16) for j in range(16): host_bits |= (1 & int(n[j])) << (127-j-i*16) # Create netmask bits try: # python3 doesn't have long() nm_bits = long(0) except NameError: # pragma: no cover nm_bits = 0 for i in range(128): if i < int(netmask): nm_bits |= 1 << (128 - 1) - i # Apply the netmask to the host to determine the network net = host_bits & nm_bits # Break the network into chunks suitable for repacking lst = [] for i in range(8): lst.append(int(dec2bin(net, 128)[i*16:i*16+16], 2)) # Create the network string network = socket.inet_ntop(socket.AF_INET6, \ struct.pack('>8H', lst[0], lst[1], \ lst[2], lst[3], lst[4], \ lst[5], lst[6], lst[7])) return "%s/%s" % (network, netmask) def in_network(tested_add, tested_net, v6): '''Determine if address x is in network y''' tmp = tested_net.split('/') if len(tmp) != 2 or not valid_netmask(tmp[1], v6): raise ValueError orig_host = tmp[0] netmask = tmp[1] if orig_host == "0.0.0.0" or orig_host == "::": return True address = tested_add if '/' in address: tmp = address.split('/') if len(tmp) != 2 or not valid_netmask(tmp[1], v6): raise ValueError address = tmp[0] if address == "0.0.0.0" or address == "::": return True if v6: if not valid_address6(address) or not valid_address6(orig_host): raise ValueError else: if not valid_address4(address) or not valid_address4(orig_host): raise ValueError if _valid_cidr_netmask(netmask, v6) and not v6: netmask = _cidr_to_dotted_netmask(netmask, v6) # Now apply the network's netmask to the address if v6: orig_network = _address6_to_network("%s/%s" % \ (orig_host, netmask)).split('/')[0] network = _address6_to_network("%s/%s" % \ (address, netmask)).split('/')[0] else: orig_network = _address4_to_network("%s/%s" % \ (orig_host, netmask)).split('/')[0] network = _address4_to_network("%s/%s" % \ (address, netmask)).split('/')[0] return network == orig_network def get_iptables_version(exe="/sbin/iptables"): '''Return iptables version''' (rc, out) = cmd([exe, '-V']) if rc != 0: raise OSError(errno.ENOENT, "Error running '%s'" % (exe)) tmp = re.split('\s', out) return re.sub('^v', '', tmp[1]) # must be root, so don't report coverage in unit tests def get_netfilter_capabilities(exe="/sbin/iptables", do_checks=True): '''Return capabilities set for netfilter to support new features. Callers must be root.''' def test_cap(exe, chain, rule): args = [exe, '-A', chain] (rc, out) = cmd(args + rule) if rc == 0: return True return False # pragma: no cover if do_checks and os.getuid() != 0: raise OSError(errno.EPERM, "Must be root") caps = [] chain = "ufw-caps-test" if exe.endswith("ip6tables"): chain = "ufw6-caps-test" # Use a unique chain name (with our locking code, this shouldn't be # needed, but this is a cheap safeguard in case the chain happens to # still be lying around. We do this to avoid a separate call to # iptables to check for existence) chain += mktemp(prefix='', dir='') # First install a test chain (rc, out) = cmd([exe, '-N', chain]) if rc != 0: raise OSError(errno.ENOENT, out) # pragma: no cover # Now test for various capabilities. We won't test for everything, just # the stuff we know isn't supported everywhere but we want to support. # recent-set if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \ '-m', 'recent', '--set']): caps.append('recent-set') # recent-update if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \ '-m', 'recent', '--update', \ '--seconds', '30', \ '--hitcount', '6']): caps.append('recent-update') # Cleanup cmd([exe, '-F', chain]) (rc, out) = cmd([exe, '-X', chain]) if rc != 0: raise OSError(errno.ENOENT, out) # pragma: no cover return caps def parse_netstat_output(v6): '''Get and parse netstat the output from get_netstat_output()''' # d[proto][port] -> list of dicts: # d[proto][port][0][laddr|raddr|uid|pid|exe] netstat_output = get_netstat_output(v6) d = dict() for line in netstat_output.splitlines(): if not line.startswith('tcp') and not line.startswith('udp'): # pragma: no cover continue tmp = line.split() proto = tmp[0] port = tmp[1].split(':')[-1] item = dict() item['laddr'] = ':'.join(tmp[1].split(':')[:-1]) item['uid'] = tmp[3] item['pid'] = tmp[5].split('/')[0] if item['pid'] == '-': item['exe'] = item['pid'] else: # pragma: no cover item['exe'] = tmp[5].split('/')[1] if proto not in d: d[proto] = dict() d[proto][port] = [] else: if port not in d[proto]: d[proto][port] = [] d[proto][port].append(item) return d def get_ip_from_if(ifname, v6=False): '''Get IP address for interface''' addr = "" # we may not have an IPv6 address, so no coverage if v6: # pragma: no cover proc = '/proc/net/if_inet6' if not os.path.exists(proc): raise OSError(errno.ENOENT, "'%s' does not exist" % proc) for line in open(proc).readlines(): tmp = line.split() if ifname == tmp[5]: addr = ":".join( \ [tmp[0][i:i+4] for i in range(0, len(tmp[0]), 4)]) if tmp[2].lower() != "80": addr = "%s/%s" % (addr, int(tmp[2].lower(), 16)) if addr == "": raise IOError(errno.ENODEV, "No such device") else: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) try: addr = socket.inet_ntoa(fcntl.ioctl(s.fileno(), 0x8915, \ struct.pack('256s', ifname[:15]))[20:24]) except Exception: raise IOError(errno.ENODEV, "No such device") return normalize_address(addr, v6)[0] def get_if_from_ip(addr): '''Get interface for IP address''' v6 = False proc = '/proc/net/dev' if valid_address6(addr): v6 = True proc = '/proc/net/if_inet6' elif not valid_address4(addr): raise IOError(errno.ENODEV, "No such device") if not os.path.exists(proc): # pragma: no cover raise OSError(errno.ENOENT, "'%s' does not exist" % proc) matched = "" # we may not have an IPv6 address, so no coverage if v6: # pragma: no cover for line in open(proc).readlines(): tmp = line.split() ifname = tmp[5].strip() tmp_addr = ":".join( \ [tmp[0][i:i+4] for i in range(0, len(tmp[0]), 4)]) if tmp[2].lower() != "80": tmp_addr = "%s/%s" % (tmp_addr, int(tmp[2].lower(), 16)) if addr == tmp_addr or \ ('/' in tmp_addr and in_network(addr, tmp_addr, True)): matched = ifname break else: for line in open(proc).readlines(): if ':' not in line: continue ifname = line.split(':')[0].strip() # this can fail for certain devices, so just skip them try: ip = get_ip_from_if(ifname, False) except IOError: # pragma: no cover continue if ip == addr: matched = ifname break return matched def _get_proc_inodes(): '''Get inodes of files in /proc''' proc_files = os.listdir("/proc") proc_files.sort() pat = re.compile(r'^[0-9]+$') inodes = dict() for i in proc_files: if not pat.match(i): continue fd_path = os.path.join("/proc", i, "fd") # skip stuff we can't read or that goes away if not os.access(fd_path, os.F_OK | os.R_OK): continue exe_path = "-" try: exe_path = os.readlink(os.path.join("/proc", i, "exe")) except Exception: # pragma: no cover pass try: dirs = os.listdir(fd_path) except Exception: # pragma: no cover continue for j in dirs: try: inode = os.stat(os.path.join(fd_path, j))[1] except Exception: # pragma: no cover continue inodes[inode] = "%s/%s" % (i, os.path.basename(exe_path)) return inodes def _read_proc_net_protocol(protocol): '''Read /proc/net/(tcp|udp)[6] file and return a list of tuples ''' tcp_states = { 1: "ESTABLISHED", 2: "SYN_SENT", 3: "SYN_RECV", 4: "FIN_WAIT1", 5: "FIN_WAIT2", 6: "TIME_WAIT", 7: "CLOSE", 8: "CLOSE_WAIT", 9: "LAST_ACK", 10: "LISTEN", 11: "CLOSING" } proc_net_fields = { 'local_addr': 1, 'state': 3, 'uid': 7, 'inode': 9 } fn = os.path.join("/proc/net", protocol) # can't test for this if not os.access(fn, os.F_OK | os.R_OK): # pragma: no cover raise ValueError lst = [] skipped_first = False lines = open(fn).readlines() for line in lines: fields = line.split() if not skipped_first: skipped_first = True continue state = tcp_states[int(fields[proc_net_fields['state']], 16)] if protocol.startswith("udp"): state = "NA" elif protocol.startswith("tcp") and state != "LISTEN": continue laddr, port = fields[proc_net_fields['local_addr']].split(':') uid = fields[proc_net_fields['uid']] inode = fields[proc_net_fields['inode']] lst.append((laddr, int(port, 16), uid, inode, state)) return lst def convert_proc_address(paddr): '''Convert an address from /proc/net/(tcp|udp)* to a normalized address''' converted = "" if len(paddr) > 8: tmp = "" for i in range(0, 32, 8): tmp += "".join([ paddr[j-2:j] for j in range(i+8, i, -2) ]) converted = normalize_address(":".join( \ [tmp[j:j+4].lower() for j in range(0, len(tmp), 4)]), \ True)[0] else: tmp = [] for i in [ paddr[j-2:j] for j in range(8, 0, -2) ]: tmp.append(str(int(i, 16))) converted = normalize_address(".".join(tmp), False)[0] return converted def get_netstat_output(v6): '''netstat-style output, without IPv6 address truncation''' proc_net_data = dict() proto = ['tcp', 'udp'] if v6: proto += ['tcp6', 'udp6'] for p in proto: try: proc_net_data[p] = _read_proc_net_protocol(p) except Exception: # pragma: no cover warn_msg = _("Could not get statistics for '%s'" % (p)) warn(warn_msg) continue inodes = _get_proc_inodes() protocols = list(proc_net_data.keys()) protocols.sort() s = "" for p in protocols: for (laddr, port, uid, inode, state) in proc_net_data[p]: addr = convert_proc_address(laddr) exe = "-" if int(inode) in inodes: # need root for this, so turn off in unit tests exe = inodes[int(inode)] # pragma: no cover s += "%-5s %-46s %-11s %-5s %-11s %s\n" % (p, "%s:%s" % (addr, port), state, uid, inode, exe) return s def _findpath(dir, prefix): '''Add prefix to dir''' if prefix is None: return dir if dir.startswith('/'): if len(dir) < 2: # / newdir = prefix else: newdir = os.path.join(prefix, dir[1:]) else: newdir = os.path.join(prefix, dir) return newdir def hex_encode(s): '''Take a string and convert it to a hex string''' if sys.version_info[0] < 3: return codecs.encode(s, 'hex') # hexlify returns a bytes string (eg, b'ab12cd') so decode that to ascii # to have identical output as python2 return binascii.hexlify(s.encode('utf-8', errors='ignore')).decode('ascii') def hex_decode(h): '''Take a hex string and convert it to a string''' if sys.version_info[0] < 3: return h.decode(encoding='hex').decode('utf-8') return binascii.unhexlify(h).decode('utf-8') def create_lock(lockfile='/run/ufw.lock', dryrun=False): '''Create a blocking lockfile''' lock = None if not dryrun: lock = open(lockfile, 'w') fcntl.lockf(lock, fcntl.LOCK_EX) return lock def release_lock(lock): '''Free lockfile created with create_lock()''' if lock is None: return try: # pragma: no cover fcntl.lockf(lock, fcntl.LOCK_UN) lock.close() except ValueError: # pragma: nocover # If the lock is already closed, ignore the exception. This should # never happen but let's guard against it in case something changes pass ufw-0.36/src/after.init0000644000175000017500000000214613257507473013774 0ustar jamiejamie#!/bin/sh # # after.init: if executable, called by ufw-init. See 'man ufw-framework' for # details. Note that output from these scripts is not seen via the # the ufw command, but instead via ufw-init. # # Copyright 2013 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e case "$1" in start) # typically required ;; stop) # typically required ;; status) # optional ;; flush-all) # optional ;; *) echo "'$1' not supported" echo "Usage: after.init {start|stop|flush-all|status}" ;; esac ufw-0.36/src/backend.py0000644000175000017500000006506713404772663013761 0ustar jamiejamie'''backend.py: interface for ufw backends''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import errno import os import pwd import re import stat import sys import ufw.util from ufw.util import error, warn, debug, _findpath from ufw.common import UFWError, UFWRule import ufw.applications class UFWBackend: '''Interface for backends''' def __init__(self, name, dryrun, extra_files=None, rootdir=None, datadir=None): self.defaults = None self.name = name self.dryrun = dryrun self.rules = [] self.rules6 = [] p = _findpath(ufw.common.config_dir, datadir) self.files = {'defaults': os.path.join(p, 'default/ufw'), 'conf': os.path.join(p, 'ufw/ufw.conf'), 'apps': os.path.join(p, 'ufw/applications.d') } if extra_files is not None: self.files.update(extra_files) self.loglevels = {'off': 0, 'low': 100, 'medium': 200, 'high': 300, 'full': 400 } self.do_checks = ufw.common.do_checks self._do_checks() self._get_defaults() self._read_rules() self.profiles = ufw.applications.get_profiles(self.files['apps']) self.iptables = os.path.join(ufw.common.iptables_dir, "iptables") self.iptables_restore = os.path.join(ufw.common.iptables_dir, \ "iptables-restore") self.ip6tables = os.path.join(ufw.common.iptables_dir, "ip6tables") self.ip6tables_restore = os.path.join(ufw.common.iptables_dir, \ "ip6tables-restore") try: self.iptables_version = ufw.util.get_iptables_version(self.iptables) except OSError: # pragma: no coverage err_msg = _("Couldn't determine iptables version") raise UFWError(err_msg) # Initialize via initcaps only when we need it (LP: #1044361) self.caps = None def initcaps(self): '''Initialize the capabilities database. This needs to be called before accessing the database.''' # Only initialize if not initialized already if self.caps is not None: return self.caps = {} self.caps['limit'] = {} # Set defaults for dryrun, non-root, etc self.caps['limit']['4'] = True self.caps['limit']['6'] = False # historical default for the testsuite # Try to get capabilities from the running system if root if self.do_checks and os.getuid() == 0 and not self.dryrun: # pragma: no coverage # v4 try: nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) except OSError as e: msg = "initcaps\n%s" % e if self.is_enabled(): error(msg) warn(msg) return if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['4'] = True else: self.caps['limit']['4'] = False # v6 (skip capabilities check for ipv6 if ipv6 is disabled in ufw # because the system may not have ipv6 support (LP: #1039729) if self.use_ipv6(): try: nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) except OSError as e: error("initcaps\n%s" % e) if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['6'] = True else: self.caps['limit']['6'] = False def is_enabled(self): '''Is firewall configured as enabled''' if 'enabled' in self.defaults and \ self.defaults['enabled'] == 'yes': return True return False def use_ipv6(self): '''Is firewall configured to use IPv6''' if 'ipv6' in self.defaults and \ self.defaults['ipv6'] == 'yes' and \ os.path.exists("/proc/sys/net/ipv6"): return True return False def _get_default_policy(self, primary="input", check_forward=False): '''Get default policy for specified primary chain''' policy = "default_" + primary + "_policy" rstr = "" if self.defaults[policy] == "accept": rstr = "allow" elif self.defaults[policy] == "reject": rstr = "reject" else: rstr = "deny" if check_forward and primary == "forward": enabled = False err_msg = _("problem running sysctl") (rc, out) = ufw.util.cmd(['sysctl', 'net.ipv4.ip_forward']) if rc != 0: # pragma: no cover raise UFWError(err_msg) if '1' in out: enabled = True # IPv6 may be disabled, so ignore sysctl output if self.use_ipv6(): (rc, out) = ufw.util.cmd(['sysctl', 'net.ipv6.conf.default.forwarding']) if rc == 0 and '1' in out: enabled = True (rc, out) = ufw.util.cmd(['sysctl', 'net.ipv6.conf.all.forwarding']) if rc == 0 and '1' in out: enabled = True if not enabled: rstr = "disabled" return rstr # Don't do coverage on this cause we don't run the unit tests as root def _do_checks(self): # pragma: no coverage '''Perform basic security checks: is setuid or setgid (for non-Linux systems) checks that script is owned by root checks that every component in absolute path are owned by root warn if script is group writable warn if part of script path is group writable Doing this at the beginning causes a race condition with later operations that don't do these checks. However, if the user running this script is root, then need to be root to exploit the race condition (and you are hosed anyway...) ''' if not self.do_checks: err_msg = _("Checks disabled") warn(err_msg) return True # Not needed on Linux, but who knows the places we will go... if os.getuid() != os.geteuid(): err_msg = _("ERROR: this script should not be SUID") raise UFWError(err_msg) if os.getgid() != os.getegid(): err_msg = _("ERROR: this script should not be SGID") raise UFWError(err_msg) uid = os.getuid() if uid != 0: err_msg = _("You need to be root to run this script") raise UFWError(err_msg) # Use these so we only warn once warned_world_write = {} warned_group_write = {} warned_owner = {} profiles = [] if not os.path.isdir(self.files['apps']): warn_msg = _("'%s' does not exist") % (self.files['apps']) warn(warn_msg) else: pat = re.compile(r'^\.') for profile in os.listdir(self.files['apps']): if not pat.search(profile): profiles.append(os.path.join(self.files['apps'], profile)) for path in list(self.files.values()) + \ [ os.path.abspath(sys.argv[0]) ] + \ profiles: if not path.startswith('/'): path = "%s/%s" % (os.getcwd(), path) while True: debug("Checking " + path) if path == self.files['apps'] and \ not os.path.isdir(self.files['apps']): break try: statinfo = os.stat(path) mode = statinfo[stat.ST_MODE] except OSError: err_msg = _("Couldn't stat '%s'") % (path) raise UFWError(err_msg) except Exception: raise # snaps and clicks unpack to this, so handle it click_user = 'clickpkg' snap_user = 'snappypkg' is_unpack_user = False try: if pwd.getpwuid(statinfo.st_uid)[0] == click_user or \ pwd.getpwuid(statinfo.st_uid)[0] == snap_user: is_unpack_user = True except KeyError: pass if statinfo.st_uid != 0 and not is_unpack_user and \ path not in warned_owner: warn_msg = _("uid is %(uid)s but '%(path)s' is owned by " \ "%(st_uid)s") % ({'uid': str(uid), \ 'path': path, \ 'st_uid': str(statinfo.st_uid)}) warn(warn_msg) warned_owner[path] = True if mode & stat.S_IWOTH and path not in warned_world_write: warn_msg = _("%s is world writable!") % (path) warn(warn_msg) warned_world_write[path] = True if mode & stat.S_IWGRP and path not in warned_group_write and \ statinfo.st_gid != 0: warn_msg = _("%s is group writable!") % (path) warn(warn_msg) warned_group_write[path] = True if path == "/": break last_path = path path = os.path.dirname(path) if not path: raise OSError(errno.ENOENT, \ "Could not find parent for '%s'" % \ (last_path)) for f in self.files: if f != 'apps' and not os.path.isfile(self.files[f]): err_msg = _("'%(f)s' file '%(name)s' does not exist") % \ ({'f': f, 'name': self.files[f]}) raise UFWError(err_msg) def _get_defaults(self): '''Get all settings from defaults file''' self.defaults = {} for f in [self.files['defaults'], self.files['conf']]: try: orig = ufw.util.open_file_read(f) except Exception: # pragma: no coverage err_msg = _("Couldn't open '%s' for reading") % (f) raise UFWError(err_msg) pat = re.compile(r'^\w+="?\w+"?') for line in orig: if pat.search(line): tmp = re.split(r'=', line.strip()) self.defaults[tmp[0].lower()] = tmp[1].lower().strip('"\'') orig.close() # do some default policy sanity checking policies = ['accept', 'drop', 'reject'] for c in [ 'input', 'output', 'forward' ]: if 'default_%s_policy' % (c) not in self.defaults: err_msg = _("Missing policy for '%s'" % (c)) raise UFWError(err_msg) p = self.defaults['default_%s_policy' % (c)] if p not in policies: err_msg = _("Invalid policy '%(policy)s' for '%(chain)s'" % \ ({'policy': p, 'chain': c})) raise UFWError(err_msg) def set_default(self, fn, opt, value): '''Sets option in defaults file''' if not re.match(r'^[\w_]+$', opt): err_msg = _("Invalid option") raise UFWError(err_msg) # Perform this here so we can present a nice error to the user rather # than a traceback if not os.access(fn, os.W_OK): err_msg = _("'%s' is not writable" % (fn)) raise UFWError(err_msg) fns = ufw.util.open_files(fn) fd = fns['tmp'] found = False pat = re.compile(r'^' + opt + '=') for line in fns['orig']: if pat.search(line): ufw.util.write_to_file(fd, opt + "=" + value + "\n") found = True else: ufw.util.write_to_file(fd, line) # Add the entry if not found if not found: ufw.util.write_to_file(fd, opt + "=" + value + "\n") try: ufw.util.close_files(fns) except Exception: # pragma: no coverage raise # Now that the files are written out, update value in memory self.defaults[opt.lower()] = value.lower().strip('"\'') def set_default_application_policy(self, policy): '''Sets default application policy of firewall''' if not self.dryrun: if policy == "allow": self.set_default(self.files['defaults'], \ "DEFAULT_APPLICATION_POLICY", \ "\"ACCEPT\"") elif policy == "deny": self.set_default(self.files['defaults'], \ "DEFAULT_APPLICATION_POLICY", \ "\"DROP\"") elif policy == "reject": self.set_default(self.files['defaults'], \ "DEFAULT_APPLICATION_POLICY", \ "\"REJECT\"") elif policy == "skip": self.set_default(self.files['defaults'], \ "DEFAULT_APPLICATION_POLICY", \ "\"SKIP\"") else: err_msg = _("Unsupported policy '%s'") % (policy) raise UFWError(err_msg) rstr = _("Default application policy changed to '%s'") % (policy) return rstr def get_app_rules_from_template(self, template): '''Return a list of UFWRules based on the template rule''' rules = [] profile_names = list(self.profiles.keys()) if template.dport in profile_names and template.sport in profile_names: dports = ufw.applications.get_ports(self.profiles[template.dport]) sports = ufw.applications.get_ports(self.profiles[template.sport]) for i in dports: tmp = template.dup_rule() tmp.dapp = "" tmp.set_port("any", "src") (port, proto) = ufw.util.parse_port_proto(i) tmp.set_protocol(proto) tmp.set_port(port, "dst") tmp.dapp = template.dapp if template.dport == template.sport: # Just use the same ports as dst for src when they are the # same to avoid duplicate rules tmp.sapp = "" (port, proto) = ufw.util.parse_port_proto(i) tmp.set_protocol(proto) tmp.set_port(port, "src") tmp.sapp = template.sapp rules.append(tmp) else: for j in sports: rule = tmp.dup_rule() rule.sapp = "" (port, proto) = ufw.util.parse_port_proto(j) rule.set_protocol(proto) rule.set_port(port, "src") if rule.protocol == "any": rule.set_protocol(tmp.protocol) rule.sapp = template.sapp rules.append(rule) elif template.sport in profile_names: for p in ufw.applications.get_ports(self.profiles[template.sport]): rule = template.dup_rule() rule.sapp = "" (port, proto) = ufw.util.parse_port_proto(p) rule.set_protocol(proto) rule.set_port(port, "src") rule.sapp = template.sapp rules.append(rule) elif template.dport in profile_names: for p in ufw.applications.get_ports(self.profiles[template.dport]): rule = template.dup_rule() rule.dapp = "" (port, proto) = ufw.util.parse_port_proto(p) rule.set_protocol(proto) rule.set_port(port, "dst") rule.dapp = template.dapp rules.append(rule) if len(rules) < 1: err_msg = _("No rules found for application profile") raise UFWError(err_msg) return rules def update_app_rule(self, profile): '''Update rule for profile in place. Returns result string and bool on whether or not the profile is used in the current ruleset. ''' updated_rules = [] updated_rules6 = [] last_tuple = "" rstr = "" updated_profile = False # Remember, self.rules is from user[6].rules, and not the running # firewall. for r in self.rules + self.rules6: if r.dapp == profile or r.sapp == profile: # We assume that the rules are in app rule order. Specifically, # if app rule has multiple rules, they are one after the other. # If the rule ordering changes, the below will have to change. tupl = r.get_app_tuple() if tupl == last_tuple: # Skip the rule if seen this tuple already (ie, it is part # of a known tuple). continue else: # Have a new tuple, so find and insert new app rules here template = r.dup_rule() template.set_protocol("any") if template.dapp != "": template.set_port(template.dapp, "dst") if template.sapp != "": template.set_port(template.sapp, "src") new_app_rules = self.get_app_rules_from_template(\ template) for new_r in new_app_rules: new_r.normalize() if new_r.v6: updated_rules6.append(new_r) else: updated_rules.append(new_r) last_tuple = tupl updated_profile = True else: if r.v6: updated_rules6.append(r) else: updated_rules.append(r) if updated_profile: self.rules = updated_rules self.rules6 = updated_rules6 rstr += _("Rules updated for profile '%s'") % (profile) try: self._write_rules(False) # ipv4 self._write_rules(True) # ipv6 except Exception: # pragma: no coverage err_msg = _("Couldn't update application rules") raise UFWError(err_msg) return (rstr, updated_profile) def find_application_name(self, profile_name): '''Find the application profile name for profile_name''' if profile_name in self.profiles: return profile_name match = "" matches = 0 for n in list(self.profiles.keys()): if n.lower() == profile_name.lower(): match = n matches += 1 debug_msg = "'%d' matches for '%s'" % (matches, profile_name) debug(debug_msg) if matches == 1: return match elif matches > 1: err_msg = _("Found multiple matches for '%s'. Please use exact profile name") % \ (profile_name) else: err_msg = _("Could not find a profile matching '%s'") % \ (profile_name) raise UFWError(err_msg) def find_other_position(self, position, v6): '''Return the absolute position in the other list of the rule with the user position of the given list. For example, find_other_position(4, True) will return the absolute position of the rule in the ipv4 list matching the user specified '4' rule in the ipv6 list. ''' # Invalid search (v6 rule with too low position) if v6 and position > len(self.rules6): raise ValueError() # Invalid search (v4 rule with too high position) if not v6 and position > len(self.rules): raise ValueError() if position < 1: raise ValueError() rules = [] if v6: rules = self.rules6 else: rules = self.rules # self.rules[6] is a list of tuples. Some application rules have # multiple tuples but the user specifies by ufw rule, not application # tuple, so we need to find how many tuples there are leading up to # the specified position, which we can then use as an offset for # getting the proper match_rule. app_rules = {} tuple_offset = 0 for i, r in enumerate(rules): if i >= position: break tupl = "" if r.dapp != "" or r.sapp != "": tupl = r.get_app_tuple() if tupl in app_rules: tuple_offset += 1 else: app_rules[tupl] = True rules = [] if v6: rules = self.rules match_rule = self.rules6[position - 1 + tuple_offset].dup_rule() match_rule.set_v6(False) else: rules = self.rules6 match_rule = self.rules[position - 1 + tuple_offset].dup_rule() match_rule.set_v6(True) count = 1 for r in rules: if UFWRule.match(r, match_rule) == 0: return count count += 1 return 0 def get_loglevel(self): '''Gets current log level of firewall''' level = 0 rstr = _("Logging: ") if 'loglevel' not in self.defaults or \ self.defaults['loglevel'] not in list(self.loglevels.keys()): level = -1 rstr += _("unknown") else: level = self.loglevels[self.defaults['loglevel']] if level == 0: rstr += "off" else: rstr += "on (%s)" % (self.defaults['loglevel']) return (level, rstr) def set_loglevel(self, level): '''Sets log level of firewall''' if level not in list(self.loglevels.keys()) + ['on']: err_msg = _("Invalid log level '%s'") % (level) raise UFWError(err_msg) new_level = level if level == "on": if 'loglevel' not in self.defaults or \ self.defaults['loglevel'] == "off": new_level = "low" else: new_level = self.defaults['loglevel'] self.set_default(self.files['conf'], "LOGLEVEL", new_level) self.update_logging(new_level) if new_level == "off": return _("Logging disabled") else: return _("Logging enabled") def get_rules(self): '''Return list of all rules''' return self.rules + self.rules6 def get_rules_count(self, v6): '''Return number of ufw rules (not iptables rules)''' rules = [] if v6: rules = self.rules6 else: rules = self.rules count = 0 app_rules = {} for r in rules: tupl = "" if r.dapp != "" or r.sapp != "": tupl = r.get_app_tuple() if tupl in app_rules: debug("Skipping found tuple '%s'" % (tupl)) continue else: app_rules[tupl] = True count += 1 return count def get_rule_by_number(self, num): '''Return rule specified by number seen via "status numbered"''' rules = self.get_rules() count = 1 app_rules = {} for r in rules: tupl = "" if r.dapp != "" or r.sapp != "": tupl = r.get_app_tuple() if tupl in app_rules: debug("Skipping found tuple '%s'" % (tupl)) continue else: app_rules[tupl] = True if count == int(num): return r count += 1 return None def get_matching(self, rule): '''See if there is a matching rule in the existing ruleset. Note this does not group rules by tuples.''' matched = [] count = 0 for r in self.get_rules(): count += 1 ret = rule.fuzzy_dst_match(r) if ret < 1: matched.append(count) return matched # API overrides def set_default_policy(self, policy, direction): # pragma: no coverage '''Set default policy for specified direction''' raise UFWError("UFWBackend.set_default_policy: need to override") def get_running_raw(self, rules_type): # pragma: no coverage '''Get status of running firewall''' raise UFWError("UFWBackend.get_running_raw: need to override") def get_status(self, verbose, show_count): # pragma: no coverage '''Get managed rules''' raise UFWError("UFWBackend.get_status: need to override") def set_rule(self, rule, allow_reload): # pragma: no coverage '''Update firewall with rule''' raise UFWError("UFWBackend.set_rule: need to override") def start_firewall(self): # pragma: no coverage '''Start the firewall''' raise UFWError("UFWBackend.start_firewall: need to override") def stop_firewall(self): # pragma: no coverage '''Stop the firewall''' raise UFWError("UFWBackend.stop_firewall: need to override") def get_app_rules_from_system(self, template, v6): # pragma: no coverage '''Get a list if rules based on template''' raise UFWError("UFWBackend.get_app_rules_from_system: need to " + \ "override") def update_logging(self, level): # pragma: no coverage '''Update loglevel of running firewall''' raise UFWError("UFWBackend.update_logging: need to override") def reset(self): # pragma: no coverage '''Reset the firewall''' raise UFWError("UFWBackend.reset: need to override") ufw-0.36/src/applications.py0000644000175000017500000001527613404772663015055 0ustar jamiejamie'''applications.py: common classes for ufw''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os import re import stat import ufw.util from ufw.util import debug, warn from ufw.common import UFWError import sys if sys.version_info[0] < 3: # pragma: no cover import ConfigParser else: # pragma: no cover import configparser def get_profiles(profiles_dir): '''Get profiles found in profiles database. Returns dictionary with profile name as key and tuples for fields ''' if not os.path.isdir(profiles_dir): err_msg = _("Profiles directory does not exist") raise UFWError(err_msg) max_size = 10 * 1024 * 1024 # 10MB profiles = {} files = os.listdir(profiles_dir) files.sort() total_size = 0 pat = re.compile(r'^\.') for f in files: abs_path = profiles_dir + "/" + f if not os.path.isfile(abs_path): continue if pat.search(f): debug("Skipping '%s': hidden file" % (f)) continue if f.endswith('.dpkg-new') or f.endswith('.dpkg-old') or \ f.endswith('.dpkg-dist') or f.endswith('.rpmnew') or \ f.endswith('.rpmsave') or f.endswith('~'): debug("Skipping '%s'" % (f)) continue # Try to gracefully handle huge files for the user (no security # benefit, just usability) size = 0 try: size = os.stat(abs_path)[stat.ST_SIZE] except Exception: warn_msg = _("Skipping '%s': couldn't stat") % (f) warn(warn_msg) continue if size > max_size: warn_msg = _("Skipping '%s': too big") % (f) warn(warn_msg) continue if total_size + size > max_size: warn_msg = _("Skipping '%s': too many files read already") % (f) warn(warn_msg) continue total_size += size if sys.version_info[0] < 3: # pragma: no cover cdict = ConfigParser.RawConfigParser() else: # pragma: no cover cdict = configparser.RawConfigParser() try: cdict.read(abs_path) except Exception: warn_msg = _("Skipping '%s': couldn't process") % (f) warn(warn_msg) continue # If multiple occurences of profile name, use the last one for p in cdict.sections(): if len(p) > 64: warn_msg = _("Skipping '%s': name too long") % (p) warn(warn_msg) continue if not valid_profile_name(p): warn_msg = _("Skipping '%s': invalid name") % (p) warn(warn_msg) continue try: ufw.util.get_services_proto(p) warn_msg = _("Skipping '%s': also in /etc/services") % (p) warn(warn_msg) continue except Exception: pass skip = False for key, value in cdict.items(p): if len(key) > 64: warn_msg = _("Skipping '%s': field too long") % (p) warn(warn_msg) skip = True break if len(value) > 1024: warn_msg = _("Skipping '%(value)s': value too long for " \ "'%(field)s'") % \ ({'value': p, 'field': key}) warn(warn_msg) skip = True break if skip: continue if p in profiles: warn_msg = _("Duplicate profile '%s', using last found") % (p) warn(warn_msg) pdict = {} for key, value in cdict.items(p): #debug("add '%s' = '%s' to '%s'" % (key, value, p)) pdict[key] = value try: verify_profile(p, pdict) profiles[p] = pdict except UFWError as e: warn(e) return profiles def valid_profile_name(name): '''Only accept a limited set of characters for name''' # Reserved profile name if name == "all": return False # Don't allow integers (ports) try: int(name) return False except Exception: pass # Require first character be alpha, so we can avoid collisions with port # numbers. if re.match(r'^[a-zA-Z0-9][a-zA-Z0-9 _\-\.+]*$', name): return True return False def verify_profile(name, profile): '''Make sure profile has everything needed''' app_fields = ['title', 'description', 'ports'] for f in app_fields: if f not in profile: err_msg = _("Profile '%(fn)s' missing required field '%(f)s'") % \ ({'fn': name, 'f': f}) raise UFWError(err_msg) elif not profile[f]: err_msg = _("Profile '%(fn)s' has empty required field '%(f)s'") \ % ({'fn': name, 'f': f}) raise UFWError(err_msg) ports = profile['ports'].split('|') try: for p in ports: (port, proto) = ufw.util.parse_port_proto(p) # quick checks if error in profile if proto == "any" and (':' in port or ',' in port): raise UFWError(err_msg) rule = ufw.common.UFWRule("ACCEPT", proto, port) debug(rule) except Exception as e: debug(e) err_msg = _("Invalid ports in profile '%s'") % (name) raise UFWError(err_msg) return True def get_title(profile): '''Retrieve the title from the profile''' s = "" field = 'title' if field in profile and profile[field]: s = profile[field] return s def get_description(profile): '''Retrieve the description from the profile''' s = "" field = 'description' if field in profile and profile[field]: s = profile[field] return s def get_ports(profile): '''Retrieve a list of ports from a profile''' ports = [] field = 'ports' if field in profile and profile[field]: ports = profile[field].split('|') return ports ufw-0.36/src/backend_iptables.py0000644000175000017500000016137513404772663015643 0ustar jamiejamie'''backend_iptables.py: iptables backend for ufw''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os import re import shutil import stat import sys import time from ufw.common import UFWError, UFWRule from ufw.util import warn, debug, msg, cmd, cmd_pipe, _findpath import ufw.backend class UFWBackendIptables(ufw.backend.UFWBackend): '''Instance class for UFWBackend''' def __init__(self, dryrun, rootdir=None, datadir=None): '''UFWBackendIptables initialization''' self.comment_str = "# " + ufw.common.programName + "_comment #" self.rootdir = rootdir self.datadir = datadir files = {} config_dir = _findpath(ufw.common.config_dir, datadir) state_dir = _findpath(ufw.common.state_dir, datadir) files['rules'] = os.path.join(config_dir, 'ufw/user.rules') files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules') files['after_rules'] = os.path.join(config_dir, 'ufw/after.rules') files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules') files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules') files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules') files['init'] = os.path.join(state_dir, 'ufw-init') ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files, rootdir=rootdir, datadir=datadir) self.chains = {'before': [], 'user': [], 'after': [], 'misc': []} for ver in ['4', '6']: chain_prefix = "ufw" if ver == "6": if self.use_ipv6(): chain_prefix += ver elif ver == "6": continue for loc in ['before', 'user', 'after']: for target in ['input', 'output', 'forward']: chain = "%s-%s-logging-%s" % (chain_prefix, loc, target) self.chains[loc].append(chain) self.chains['misc'].append(chain_prefix + "-logging-deny") self.chains['misc'].append(chain_prefix + "-logging-allow") # The default log rate limiting rule ('ufw[6]-user-limit chain should # be prepended before use) self.ufw_user_limit_log = ['-m', 'limit', \ '--limit', '3/minute', '-j', 'LOG', \ '--log-prefix'] self.ufw_user_limit_log_text = "[UFW LIMIT BLOCK]" def get_default_application_policy(self): '''Get current policy''' rstr = _("New profiles:") if self.defaults['default_application_policy'] == "accept": rstr += " allow" elif self.defaults['default_application_policy'] == "drop": rstr += " deny" elif self.defaults['default_application_policy'] == "reject": rstr += " reject" else: rstr += " skip" return rstr def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' if not self.dryrun: if policy != "allow" and policy != "deny" and policy != "reject": err_msg = _("Unsupported policy '%s'") % (policy) raise UFWError(err_msg) if direction != "incoming" and direction != "outgoing" and \ direction != "routed": err_msg = _("Unsupported policy for direction '%s'") % \ (direction) raise UFWError(err_msg) chain = "INPUT" if direction == "outgoing": chain = "OUTPUT" elif direction == "routed": chain = "FORWARD" old_log_str = '' new_log_str = '' if policy == "allow": try: self.set_default(self.files['defaults'], \ "DEFAULT_%s_POLICY" % (chain), \ "\"ACCEPT\"") except Exception: raise old_log_str = 'UFW BLOCK' new_log_str = 'UFW ALLOW' elif policy == "reject": try: self.set_default(self.files['defaults'], \ "DEFAULT_%s_POLICY" % (chain), \ "\"REJECT\"") except Exception: raise old_log_str = 'UFW ALLOW' new_log_str = 'UFW BLOCK' else: try: self.set_default(self.files['defaults'], \ "DEFAULT_%s_POLICY" % (chain), \ "\"DROP\"") except Exception: raise old_log_str = 'UFW ALLOW' new_log_str = 'UFW BLOCK' # Switch logging message in catch-all rules pat = re.compile(r'' + old_log_str) for f in [self.files['after_rules'], self.files['after6_rules']]: try: fns = ufw.util.open_files(f) except Exception: raise fd = fns['tmp'] for line in fns['orig']: if pat.search(line): ufw.util.write_to_file(fd, pat.sub(new_log_str, line)) else: ufw.util.write_to_file(fd, line) try: ufw.util.close_files(fns) except Exception: raise rstr = _("Default %(direction)s policy changed to '%(policy)s'\n") % \ ({'direction': direction, 'policy': policy}) rstr += _("(be sure to update your rules accordingly)") return rstr def get_running_raw(self, rules_type): '''Show current running status of firewall''' if self.dryrun: out = "> " + _("Checking raw iptables\n") out += "> " + _("Checking raw ip6tables\n") return out # Initialize the capabilities database self.initcaps() args = ['-n', '-v', '-x', '-L'] items = [] items6 = [] if rules_type == "raw": args.append('-t') items = ['filter', 'nat', 'mangle', 'raw'] items6 = ['filter', 'mangle', 'raw'] elif rules_type == "builtins": for c in ['INPUT', 'FORWARD', 'OUTPUT']: items.append('filter:%s' % c) items6.append('filter:%s' % c) for c in ['PREROUTING', 'INPUT', 'FORWARD', 'OUTPUT', \ 'POSTROUTING']: items.append('mangle:%s' % c) items6.append('mangle:%s' % c) for c in ['PREROUTING', 'OUTPUT']: items.append('raw:%s' % c) items6.append('raw:%s' % c) for c in ['PREROUTING', 'POSTROUTING', 'OUTPUT']: items.append('nat:%s' % c) elif rules_type == "before": for b in ['input', 'forward', 'output']: items.append('ufw-before-%s' % b) items6.append('ufw6-before-%s' % b) elif rules_type == "user": for b in ['input', 'forward', 'output']: items.append('ufw-user-%s' % b) items6.append('ufw6-user-%s' % b) if self.caps['limit']['4']: items.append('ufw-user-limit-accept') items.append('ufw-user-limit') if self.caps['limit']['6']: items6.append('ufw6-user-limit-accept') items6.append('ufw6-user-limit') elif rules_type == "after": for b in ['input', 'forward', 'output']: items.append('ufw-after-%s' % b) items6.append('ufw6-after-%s' % b) elif rules_type == "logging": for b in ['input', 'forward', 'output']: items.append('ufw-before-logging-%s' % b) items6.append('ufw6-before-logging-%s' % b) items.append('ufw-user-logging-%s' % b) items6.append('ufw6-user-logging-%s' % b) items.append('ufw-after-logging-%s' % b) items6.append('ufw6-after-logging-%s' % b) items.append('ufw-logging-allow') items.append('ufw-logging-deny') items6.append('ufw6-logging-allow') items6.append('ufw6-logging-deny') out = "IPV4 (%s):\n" % (rules_type) for i in items: if ':' in i: (t, c) = i.split(':') out += "(%s) " % (t) (rc, tmp) = cmd([self.iptables] + args + [c, '-t', t]) else: (rc, tmp) = cmd([self.iptables] + args + [i]) out += tmp if rules_type != "raw": out += "\n" if rc != 0: raise UFWError(out) if rules_type == "raw" or self.use_ipv6(): out += "\n\nIPV6:\n" for i in items6: if ':' in i: (t, c) = i.split(':') out += "(%s) " % (t) (rc, tmp) = cmd([self.iptables] + args + [c, '-t', t]) else: (rc, tmp) = cmd([self.ip6tables] + args + [i]) out += tmp if rules_type != "raw": out += "\n" if rc != 0: raise UFWError(out) return out def get_status(self, verbose=False, show_count=False): '''Show ufw managed rules''' out = "" if self.dryrun: out = "> " + _("Checking iptables\n") if self.use_ipv6(): out += "> " + _("Checking ip6tables\n") return out err_msg = _("problem running") for direction in ["input", "output", "forward"]: # Is the firewall loaded at all? (rc, out) = cmd([self.iptables, '-L', \ 'ufw-user-%s' % (direction), '-n']) if rc == 1: return _("Status: inactive") elif rc != 0: raise UFWError(err_msg + " iptables: %s\n" % (out)) if self.use_ipv6(): (rc, out6) = cmd([self.ip6tables, '-L', \ 'ufw6-user-%s' % (direction), '-n']) if rc != 0: raise UFWError(err_msg + " ip6tables") s = "" str_out = "" str_rte = "" rules = self.rules + self.rules6 count = 1 app_rules = {} for r in rules: tmp_str = "" location = {} tupl = "" show_proto = True if not verbose and (r.dapp != "" or r.sapp != ""): show_proto = False tupl = r.get_app_tuple() if tupl in app_rules: debug("Skipping found tuple '%s'" % (tupl)) continue else: app_rules[tupl] = True for loc in [ 'dst', 'src' ]: location[loc] = "" port = "" tmp = "" if loc == "dst": tmp = r.dst if not verbose and r.dapp != "": port = r.dapp if r.v6 and tmp == "::/0": port += " (v6)" else: port = r.dport else: tmp = r.src if not verbose and r.sapp != "": port = r.sapp if r.v6 and tmp == "::/0": port += " (v6)" else: port = r.sport if tmp != "0.0.0.0/0" and tmp != "::/0": location[loc] = tmp if port != "any": if location[loc] == "": location[loc] = port else: location[loc] += " " + port if show_proto and r.protocol != "any": location[loc] += "/" + r.protocol if verbose: if loc == "dst" and r.dapp != "": location[loc] += " (%s" % (r.dapp) if r.v6 and tmp == "::/0": location[loc] += " (v6)" location[loc] += ")" if loc == "src" and r.sapp != "": location[loc] += " (%s" % (r.sapp) if r.v6 and tmp == "::/0": location[loc] += " (v6)" location[loc] += ")" if port == "any": if tmp == "0.0.0.0/0" or tmp == "::/0": location[loc] = "Anywhere" # Show the protocol if Anywhere to Anwhere, have # protocol and source and dest ports are any if show_proto and r.protocol != "any" and \ r.dst == r.src and r.dport == r.sport: location[loc] += "/" + r.protocol if tmp == "::/0": location[loc] += " (v6)" else: # Show the protocol if have protocol, and source # and dest ports are any if show_proto and r.protocol != "any" and \ r.dport == r.sport: location[loc] += "/" + r.protocol elif r.v6 and r.src == "::/0" and r.dst == "::/0" \ and ' (v6)' not in location[loc]: # Add v6 if have port but no addresses so it doesn't look # a duplicate of the v4 rule location[loc] += " (v6)" # Reporting the interfaces is different in route rules and # non-route rules. With route rules, the reporting should be # relative to how packets flow through the firewall, with # other rules the reporting should be relative to the firewall # system as endpoint. As such, for route rules, report the # incoming interface under 'From' and the outgoing interface # under 'To', and for non-route rules, report the incoming # interface under 'To', and the outgoing interface under # 'From'. if r.forward: if loc == 'src' and r.interface_in != "": location[loc] += " on %s" % (r.interface_in) if loc == 'dst' and r.interface_out != "": location[loc] += " on %s" % (r.interface_out) else: if loc == 'dst' and r.interface_in != "": location[loc] += " on %s" % (r.interface_in) if loc == 'src' and r.interface_out != "": location[loc] += " on %s" % (r.interface_out) attribs = [] attrib_str = "" if r.logtype or r.direction.lower() == "out": if r.logtype: attribs.append(r.logtype.lower()) # why is the direction added to attribs if shown in action? if show_count and r.direction == "out": attribs.append(r.direction) if len(attribs) > 0: attrib_str = " (%s)" % (', '.join(attribs)) # now construct the rule output string if show_count: tmp_str += "[%2d] " % (count) dir_str = r.direction.upper() if r.forward: dir_str = "FWD" if r.direction == "in" and not r.forward and \ not verbose and not show_count: dir_str = "" comment_str = "" if r.comment != "": comment_str = " # %s" % r.get_comment() tmp_str += "%-26s %-12s%-26s%s%s\n" % (location['dst'], \ " ".join([r.action.upper(), \ dir_str]), \ location['src'], attrib_str, comment_str) # Show the list in the order given if a numbered list, otherwise # split incoming and outgoing rules if show_count: s += tmp_str else: if r.forward: str_rte += tmp_str elif r.direction == "out": str_out += tmp_str else: s += tmp_str count += 1 if s != "" or str_out != "" or str_rte != "": full_str = "\n\n" if show_count: full_str += " " str_to = _("To") str_from = _("From") str_action = _("Action") rules_header_fmt = "%-26s %-12s%s\n" rules_header = rules_header_fmt % (str_to, str_action, str_from) if show_count: rules_header += " " rules_header += rules_header_fmt % \ ("-" * len(str_to), \ "-" * len(str_action), \ "-" * len(str_from)) full_str += rules_header if s != "": full_str += s if s != "" and str_out != "": full_str += _("\n") if str_out != "": full_str += str_out if s != "" and str_rte != "": full_str += _("\n") if str_rte != "": full_str += str_rte s = full_str if verbose: (level, logging_str) = self.get_loglevel() policy_str = _("Default: %(in)s (incoming), " + "%(out)s (outgoing), " + "%(routed)s (routed)") \ % ({'in': self._get_default_policy(), \ 'out': self._get_default_policy("output"), \ 'routed': self._get_default_policy("forward", \ True)}) app_policy_str = self.get_default_application_policy() return _("Status: active\n%(log)s\n%(pol)s\n%(app)s%(status)s") % \ ({'log': logging_str, 'pol': policy_str, \ 'app': app_policy_str, 'status': s}) else: return _("Status: active%s") % (s) def stop_firewall(self): '''Stop the firewall''' if self.dryrun: msg("> " + _("running ufw-init")) else: args = [] args.append(self.files['init']) if self.rootdir is not None and self.datadir is not None: args.append('--rootdir') args.append(self.rootdir) args.append('--datadir') args.append(self.datadir) args.append('force-stop') (rc, out) = cmd(args) if rc != 0: err_msg = _("problem running ufw-init\n%s" % out) raise UFWError(err_msg) def start_firewall(self): '''Start the firewall''' if self.dryrun: msg("> " + _("running ufw-init")) else: args = [] args.append(self.files['init']) if self.rootdir is not None and self.datadir is not None: args.append('--rootdir') args.append(self.rootdir) args.append('--datadir') args.append(self.datadir) args.append('start') (rc, out) = cmd(args) if rc != 0: err_msg = _("problem running ufw-init\n%s" % out) raise UFWError(err_msg) if 'loglevel' not in self.defaults or \ self.defaults['loglevel'] not in list(self.loglevels.keys()): # Add the loglevel if not valid try: self.set_loglevel("low") except Exception: err_msg = _("Could not set LOGLEVEL") raise UFWError(err_msg) else: try: self.update_logging(self.defaults['loglevel']) except Exception: err_msg = _("Could not load logging rules") raise UFWError(err_msg) def _need_reload(self, v6): '''Check if all chains exist''' if self.dryrun: return False # Initialize the capabilities database self.initcaps() prefix = "ufw" exe = self.iptables if v6: prefix = "ufw6" exe = self.ip6tables for chain in [ 'input', 'output', 'forward', 'limit', 'limit-accept' ]: if chain == "limit" or chain == "limit-accept": if v6 and not self.caps['limit']['6']: continue elif not v6 and not self.caps['limit']['4']: continue (rc, out) = cmd([exe, '-n', '-L', prefix + "-user-" + chain]) if rc != 0: debug("_need_reload: forcing reload") return True return False def _reload_user_rules(self): '''Reload firewall rules file''' err_msg = _("problem running") if self.dryrun: msg("> | iptables-restore") if self.use_ipv6(): msg("> | ip6tables-restore") elif self.is_enabled(): # first flush the user logging chains try: for c in self.chains['user']: self._chain_cmd(c, ['-F', c]) self._chain_cmd(c, ['-Z', c]) except Exception: # pragma: no coverage raise UFWError(err_msg) # then restore the system rules (rc, out) = cmd_pipe(['cat', self.files['rules']], \ [self.iptables_restore, '-n']) if rc != 0: raise UFWError(err_msg + " iptables") if self.use_ipv6(): (rc, out) = cmd_pipe(['cat', self.files['rules6']], \ [self.ip6tables_restore, '-n']) if rc != 0: raise UFWError(err_msg + " ip6tables") def _get_rules_from_formatted(self, frule, prefix, suffix): '''Return list of iptables rules appropriate for sending''' snippets = [] # adjust reject and protocol 'all' pat_proto = re.compile(r'-p all ') pat_port = re.compile(r'port ') pat_reject = re.compile(r'-j (REJECT(_log(-all)?)?)') if pat_proto.search(frule): if pat_port.search(frule): if pat_reject.search(frule): snippets.append(pat_proto.sub('-p tcp ', \ pat_reject.sub(r'-j \1 --reject-with tcp-reset', \ frule))) else: snippets.append(pat_proto.sub('-p tcp ', frule)) snippets.append(pat_proto.sub('-p udp ', frule)) else: snippets.append(pat_proto.sub('', frule)) else: snippets.append(frule) # adjust for logging rules pat_log = re.compile(r'(.*)-j ([A-Z]+)_log(-all)?(.*)') pat_logall = re.compile(r'-j [A-Z]+_log-all') pat_chain = re.compile(r'(-A|-D) ([a-zA-Z0-9\-]+)') limit_args = '-m limit --limit 3/min --limit-burst 10' for i, s in enumerate(snippets): if pat_log.search(s): policy = pat_log.sub(r'\2', s).strip() if policy.lower() == "accept": policy = "ALLOW" elif policy.lower() == "limit": policy = "LIMIT" else: policy = "BLOCK" lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \ policy) if not pat_logall.search(s): lstr = '-m conntrack --ctstate NEW ' + lstr snippets[i] = pat_log.sub(r'\1-j \2\4', s) snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \ '-user-logging-' + suffix, s)) snippets.insert(i, pat_chain.sub(r'\1 ' + prefix + \ '-user-logging-' + suffix, pat_log.sub(r'\1-j RETURN', \ s))) snippets.insert(i, pat_chain.sub(r'\1 ' + prefix + \ '-user-logging-' + suffix, pat_log.sub(r'\1' + lstr, s))) # adjust for limit pat_limit = re.compile(r' -j LIMIT') for i, s in enumerate(snippets): if pat_limit.search(s): tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \ s) tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \ ' --update --seconds 30 --hitcount 6' + \ ' -j ' + prefix + '-user-limit', s) tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s) snippets[i] = tmp3 snippets.insert(i, tmp2) snippets.insert(i, tmp1) return snippets def _get_lists_from_formatted(self, frule, prefix, suffix): '''Return list of iptables rules appropriate for sending as arguments to cmd() ''' snippets = [] str_snippets = self._get_rules_from_formatted(frule, prefix, suffix) # split the string such that the log prefix can contain spaces pat = re.compile(r'(.*) --log-prefix (".* ")(.*)') for i, s in enumerate(str_snippets): snippets.append(pat.sub(r'\1', s).split()) if pat.match(s): snippets[i].append("--log-prefix") snippets[i].append(pat.sub(r'\2', s).replace('"', '')) snippets[i] += pat.sub(r'\3', s).split() return snippets def _read_rules(self): '''Read in rules that were added by ufw''' rfns = [self.files['rules']] if self.use_ipv6(): rfns.append(self.files['rules6']) for f in rfns: try: orig = ufw.util.open_file_read(f) except Exception: err_msg = _("Couldn't open '%s' for reading") % (f) raise UFWError(err_msg) pat_tuple = re.compile(r'^### tuple ###\s*') pat_iface_in = re.compile(r'in_\w+') pat_iface_out = re.compile(r'out_\w+') for orig_line in orig: line = orig_line comment = "" # comment= should always be last, so just strip it out if ' comment=' in orig_line: line, hex = orig_line.split(r' comment=') comment = hex.strip() if pat_tuple.match(line): tupl = pat_tuple.sub('', line) tmp = re.split(r'\s+', tupl.strip()) if len(tmp) < 6 or len(tmp) > 9: wmsg = _("Skipping malformed tuple (bad length): %s") \ % (tupl) warn(wmsg) continue else: # set direction to "in" to support upgrades # from old format, which only had 6 or 8 fields. dtype = "in" interface_in = "" interface_out = "" if len(tmp) == 7 or len(tmp) == 9: wmsg = _("Skipping malformed tuple (iface): %s") \ % (tupl) dtype = tmp[-1].split('_')[0] if '_' in tmp[-1]: if '!' in tmp[-1] and \ pat_iface_in.search(tmp[-1]) and \ pat_iface_out.search(tmp[-1]): # in_eth0!out_eth1 interface_in = \ tmp[-1].split('!')[0].partition('_')[2] interface_out = \ tmp[-1].split('!')[1].partition('_')[2] elif tmp[-1].startswith("in_"): # in_eth0 interface_in = tmp[-1].partition('_')[2] elif tmp[-1].startswith("out_"): # out_eth0 interface_out = tmp[-1].partition('_')[2] else: warn(wmsg) continue try: action = tmp[0] forward = False # route rules use 'route: ...' if ':' in action: forward = True action = action.split(':')[1] if len(tmp) < 8: rule = UFWRule(action, tmp[1], tmp[2], tmp[3], tmp[4], tmp[5], dtype, forward, comment) else: rule = UFWRule(action, tmp[1], tmp[2], tmp[3], tmp[4], tmp[5], dtype, forward, comment) # Removed leading [sd]app_ and unescape spaces pat_space = re.compile('%20') if tmp[6] != "-": rule.dapp = pat_space.sub(' ', tmp[6]) if tmp[7] != "-": rule.sapp = pat_space.sub(' ', tmp[7]) if interface_in != "": rule.set_interface("in", interface_in) if interface_out != "": rule.set_interface("out", interface_out) except UFWError: warn_msg = _("Skipping malformed tuple: %s") % \ (tupl) warn(warn_msg) continue if f == self.files['rules6']: rule.set_v6(True) self.rules6.append(rule) else: rule.set_v6(False) self.rules.append(rule) orig.close() def _write_rules(self, v6=False): '''Write out new rules to file to user chain file''' rules_file = self.files['rules'] if v6: rules_file = self.files['rules6'] # Perform this here so we can present a nice error to the user rather # than a traceback if not os.access(rules_file, os.W_OK): err_msg = _("'%s' is not writable" % (rules_file)) raise UFWError(err_msg) try: fns = ufw.util.open_files(rules_file) except Exception: raise # Initialize the capabilities database self.initcaps() chain_prefix = "ufw" rules = self.rules if v6: chain_prefix = "ufw6" rules = self.rules6 if self.dryrun: fd = sys.stdout.fileno() else: fd = fns['tmp'] # Write header ufw.util.write_to_file(fd, "*filter\n") ufw.util.write_to_file(fd, ":" + chain_prefix + "-user-input - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-output - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-forward - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-before-logging-input - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-before-logging-output - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-before-logging-forward - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-logging-input - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-logging-output - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-logging-forward - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-after-logging-input - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-after-logging-output - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-after-logging-forward - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-logging-deny - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-logging-allow - [0:0]\n") # Rate limiting is runtime supported if (chain_prefix == "ufw" and self.caps['limit']['4']) or \ (chain_prefix == "ufw6" and self.caps['limit']['6']): ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-limit - [0:0]\n") ufw.util.write_to_file(fd, ":" + chain_prefix + \ "-user-limit-accept - [0:0]\n") ufw.util.write_to_file(fd, "### RULES ###\n") # Write rules for r in rules: action = r.action # route rules use 'route: ...' if r.forward: action = "route:" + r.action if r.logtype != "": action += "_" + r.logtype ifaces = "" if r.interface_in == "" and r.interface_out == "": ifaces = r.direction elif r.interface_in != "" and r.interface_out != "": ifaces = "in_%s!out_%s" % (r.interface_in, r.interface_out) else: if r.interface_in != "": ifaces += "%s_%s" % (r.direction, r.interface_in) else: ifaces += "%s_%s" % (r.direction, r.interface_out) if r.dapp == "" and r.sapp == "": tstr = "\n### tuple ### %s %s %s %s %s %s %s" % \ (action, r.protocol, r.dport, r.dst, r.sport, r.src, ifaces) if r.comment != '': tstr += " comment=%s" % r.comment ufw.util.write_to_file(fd, tstr + "\n") else: pat_space = re.compile(' ') dapp = "-" if r.dapp: dapp = pat_space.sub('%20', r.dapp) sapp = "-" if r.sapp: sapp = pat_space.sub('%20', r.sapp) tstr = "\n### tuple ### %s %s %s %s %s %s %s %s %s" % \ (action, r.protocol, r.dport, r.dst, r.sport, r.src, \ dapp, sapp, ifaces) if r.comment != '': tstr += " comment=%s" % r.comment ufw.util.write_to_file(fd, tstr + "\n") chain_suffix = "input" if r.forward: chain_suffix = "forward" elif r.direction == "out": chain_suffix = "output" chain = "%s-user-%s" % (chain_prefix, chain_suffix) rule_str = "-A %s %s\n" % (chain, r.format_rule()) for s in self._get_rules_from_formatted(rule_str, chain_prefix, \ chain_suffix): ufw.util.write_to_file(fd, s) # Write footer ufw.util.write_to_file(fd, "\n### END RULES ###\n") # Add logging rules, skipping any delete ('-D') rules ufw.util.write_to_file(fd, "\n### LOGGING ###\n") try: lrules_t = self._get_logging_rules(self.defaults['loglevel']) except Exception: raise for c, r, q in lrules_t: if len(r) > 0 and r[0] == '-D': continue if c.startswith(chain_prefix + "-"): ufw.util.write_to_file(fd, " ".join(r).replace('[', '"[').replace('] ', '] "') + \ "\n") ufw.util.write_to_file(fd, "### END LOGGING ###\n") # Rate limiting is runtime supported if (chain_prefix == "ufw" and self.caps['limit']['4']) or \ (chain_prefix == "ufw6" and self.caps['limit']['6']): ufw.util.write_to_file(fd, "\n### RATE LIMITING ###\n") if self.defaults['loglevel'] != "off": ufw.util.write_to_file(fd, "-A " + \ chain_prefix + "-user-limit " + \ " ".join(self.ufw_user_limit_log) + \ " \"" + self.ufw_user_limit_log_text + " \"\n") ufw.util.write_to_file(fd, "-A " + chain_prefix + \ "-user-limit -j REJECT\n") ufw.util.write_to_file(fd, "-A " + chain_prefix + \ "-user-limit-accept -j ACCEPT\n") ufw.util.write_to_file(fd, "### END RATE LIMITING ###\n") ufw.util.write_to_file(fd, "COMMIT\n") try: if self.dryrun: ufw.util.close_files(fns, False) else: ufw.util.close_files(fns) except Exception: raise def set_rule(self, rule, allow_reload=True): '''Updates firewall with rule by: * appending the rule to the chain if new rule and firewall enabled * deleting the rule from the chain if found and firewall enabled * inserting the rule if possible and firewall enabled * updating user rules file * reloading the user rules file if rule is modified ''' # Initialize the capabilities database self.initcaps() rstr = "" if rule.v6: if not self.use_ipv6(): err_msg = _("Adding IPv6 rule failed: IPv6 not enabled") raise UFWError(err_msg) if rule.action == 'limit' and not self.caps['limit']['6']: # Rate limiting is runtime supported return _("Skipping unsupported IPv6 '%s' rule") % (rule.action) else: if rule.action == 'limit' and not self.caps['limit']['4']: # Rate limiting is runtime supported return _("Skipping unsupported IPv4 '%s' rule") % (rule.action) if rule.multi and rule.protocol != "udp" and rule.protocol != "tcp": err_msg = _("Must specify 'tcp' or 'udp' with multiple ports") raise UFWError(err_msg) newrules = [] found = False modified = False rules = self.rules position = rule.position if rule.v6: if self.iptables_version < "1.4" and (rule.dapp != "" or \ rule.sapp != ""): return _("Skipping IPv6 application rule. Need at least iptables 1.4") rules = self.rules6 # bail if we have a bad position if position < 0 or position > len(rules): err_msg = _("Invalid position '%d'") % (position) raise UFWError(err_msg) if position > 0 and rule.remove: err_msg = _("Cannot specify insert and delete") raise UFWError(err_msg) if position > len(rules): err_msg = _("Cannot insert rule at position '%d'") % position raise UFWError(err_msg) # First construct the new rules list try: rule.normalize() except Exception: raise count = 1 inserted = False matches = 0 last = ('', '', '', '') for r in rules: try: r.normalize() except Exception: raise current = (r.dst, r.src, r.dapp, r.sapp) if count == position: # insert the rule if: # 1. the last rule was not an application rule # 2. the current rule is not an application rule # 3. the last application rule is different than the current # while the new rule is different than the current one if (last[2] == '' and last[3] == '' and count > 1) or \ (current[2] == '' and current[3] == '') or \ last != current: inserted = True newrules.append(rule.dup_rule()) last = ('', '', '', '') else: position += 1 last = current count += 1 ret = UFWRule.match(r, rule) if ret < 1: matches += 1 if ret == 0 and not found and not inserted: # If find the rule, add it if it's not to be removed, otherwise # skip it. found = True if not rule.remove: newrules.append(rule.dup_rule()) elif ret == -2 and rule.remove and rule.comment == '': # Allow removing a rule if the comment is empty found = True elif ret < 0 and not rule.remove and not inserted: # If only the action is different, replace the rule if it's not # to be removed. found = True modified = True newrules.append(rule.dup_rule()) else: newrules.append(r) if inserted: if matches > 0: rstr = _("Skipping inserting existing rule") if rule.v6: rstr += " (v6)" return rstr else: # Add rule to the end if it was not already added. if not found and not rule.remove: newrules.append(rule.dup_rule()) # Don't process non-existing or unchanged pre-exisiting rules if not found and rule.remove and not self.dryrun: rstr = _("Could not delete non-existent rule") if rule.v6: rstr += " (v6)" return rstr elif found and not rule.remove and not modified: rstr = _("Skipping adding existing rule") if rule.v6: rstr += " (v6)" return rstr if rule.v6: self.rules6 = newrules else: self.rules = newrules # Update the user rules file try: self._write_rules(rule.v6) except UFWError: raise except Exception: err_msg = _("Couldn't update rules file") UFWError(err_msg) # We wrote out the rules, so set reasonable string. We will change # this below when operating on the live firewall. rstr = _("Rules updated") if rule.v6: rstr = _("Rules updated (v6)") # Operate on the chains if self.is_enabled() and not self.dryrun: flag = "" if modified or self._need_reload(rule.v6) or inserted: rstr = "" if inserted: rstr += _("Rule inserted") else: rstr += _("Rule updated") if rule.v6: rstr += " (v6)" if allow_reload: # Reload the chain try: self._reload_user_rules() except Exception: raise else: rstr += _(" (skipped reloading firewall)") elif found and rule.remove: flag = '-D' rstr = _("Rule deleted") elif not found and not modified and not rule.remove: flag = '-A' rstr = _("Rule added") if flag != "": exe = self.iptables chain_prefix = "ufw" if rule.v6: exe = self.ip6tables chain_prefix = "ufw6" rstr += " (v6)" chain_suffix = "input" if rule.forward: chain_suffix = "forward" elif rule.direction == "out": chain_suffix = "output" chain = "%s-user-%s" % (chain_prefix, chain_suffix) # Is the firewall running? err_msg = _("Could not update running firewall") (rc, out) = cmd([exe, '-L', chain, '-n']) if rc != 0: raise UFWError(err_msg) rule_str = "%s %s %s" % (flag, chain, rule.format_rule()) pat_log = re.compile(r'(-A +)(ufw6?-user-[a-z\-]+)(.*)') for s in self._get_lists_from_formatted(rule_str, \ chain_prefix, \ chain_suffix): (rc, out) = cmd([exe] + s) if rc != 0: msg(out, sys.stderr) UFWError(err_msg) # delete any lingering RETURN rules (needed for upgrades) if flag == "-A" and pat_log.search(" ".join(s)): c = pat_log.sub(r'\2', " ".join(s)) (rc, out) = cmd([exe, '-D', c, '-j', 'RETURN']) if rc != 0: debug("FAILOK: -D %s -j RETURN" % (c)) return rstr def get_app_rules_from_system(self, template, v6): '''Return a list of UFWRules from the system based on template rule''' rules = [] app_rules = [] if v6: rules = self.rules6 else: rules = self.rules norm = template.dup_rule() norm.set_v6(v6) norm.normalize() tupl = norm.get_app_tuple() for r in rules: tmp = r.dup_rule() tmp.normalize() tmp_tuple = tmp.get_app_tuple() if tmp_tuple == tupl: app_rules.append(tmp) return app_rules def _chain_cmd(self, chain, args, fail_ok=False): '''Perform command on chain''' exe = self.iptables if chain.startswith("ufw6"): exe = self.ip6tables (rc, out) = cmd([exe] + args) if rc != 0: err_msg = _("Could not perform '%s'" % (args)) if fail_ok: debug("FAILOK: " + err_msg) else: raise UFWError(err_msg) def update_logging(self, level): '''Update loglevel of running firewall''' if self.dryrun: return # Initialize the capabilities database self.initcaps() rules_t = [] try: rules_t = self._get_logging_rules(level) except Exception: raise # Update the user rules file try: self._write_rules(v6=False) self._write_rules(v6=True) except UFWError: raise except Exception: err_msg = _("Couldn't update rules file for logging") UFWError(err_msg) # Don't update the running firewall if not enabled if not self.is_enabled(): return # make sure all the chains are here, it's redundant but helps make # sure the chains are in a consistent state err_msg = _("Could not update running firewall") for c in self.chains['before'] + self.chains['user'] + \ self.chains['after'] + self.chains['misc']: try: self._chain_cmd(c, ['-L', c, '-n']) except Exception: raise UFWError(err_msg) # Flush all the logging chains except 'user' try: for c in self.chains['before'] + self.chains['after'] + \ self.chains['misc']: self._chain_cmd(c, ['-F', c]) self._chain_cmd(c, ['-Z', c]) except Exception: raise UFWError(err_msg) # Add logging rules to running firewall for c, r, q in rules_t: fail_ok = False if len(r) > 0 and r[0] == '-D': fail_ok = True try: if q == 'delete_first' and len(r) > 1: self._chain_cmd(c, ['-D'] + r[1:], fail_ok=True) self._chain_cmd(c, r, fail_ok) except Exception: raise UFWError(err_msg) # Rate limiting is runtime supported # Always delete these and re-add them so that we don't have extras for chain in ['ufw-user-limit', 'ufw6-user-limit']: if (self.caps['limit']['4'] and chain == 'ufw-user-limit') or \ (self.caps['limit']['6'] and chain == 'ufw6-user-limit'): self._chain_cmd(chain, ['-D', chain] + \ self.ufw_user_limit_log + \ [self.ufw_user_limit_log_text + " "], \ fail_ok=True) if self.defaults["loglevel"] != "off": self._chain_cmd(chain, ['-I', chain] + \ self.ufw_user_limit_log + \ [self.ufw_user_limit_log_text + " "], \ fail_ok=True) def _get_logging_rules(self, level): '''Get rules for specified logging level''' rules_t = [] if level not in list(self.loglevels.keys()): err_msg = _("Invalid log level '%s'") % (level) raise UFWError(err_msg) if level == "off": # when off, insert a RETURN rule at the top of user rules, thus # preserving the rules for c in self.chains['user']: rules_t.append([c, ['-I', c, '-j', 'RETURN'], 'delete_first']) return rules_t else: # when on, remove the RETURN rule at the top of user rules, thus # honoring the log rules for c in self.chains['user']: rules_t.append([c, ['-D', c, '-j', 'RETURN'], '']) limit_args = ['-m', 'limit', '--limit', '3/min', '--limit-burst', '10'] # log levels of low and higher log blocked packets if self.loglevels[level] >= self.loglevels["low"]: # Setup the policy violation logging chains largs = [] # log levels under high use limit if self.loglevels[level] < self.loglevels["high"]: largs = limit_args for c in self.chains['after']: for t in ['input', 'output', 'forward']: if c.endswith(t): if self._get_default_policy(t) == "reject" or \ self._get_default_policy(t) == "deny": prefix = "[UFW BLOCK] " rules_t.append([c, ['-A', c, '-j', 'LOG', \ '--log-prefix', prefix] + largs, '']) elif self.loglevels[level] >= self.loglevels["medium"]: prefix = "[UFW ALLOW] " rules_t.append([c, ['-A', c, '-j', 'LOG', \ '--log-prefix', prefix] + \ largs, '']) # Setup the miscellaneous logging chains largs = [] # log levels under high use limit if self.loglevels[level] < self.loglevels["high"]: largs = limit_args for c in self.chains['misc']: if c.endswith("allow"): prefix = "[UFW ALLOW] " elif c.endswith("deny"): prefix = "[UFW BLOCK] " if self.loglevels[level] < self.loglevels["medium"]: # only log INVALID in medium and higher rules_t.append([c, ['-I', c, '-m', 'conntrack', \ '--ctstate', 'INVALID', \ '-j', 'RETURN'] + largs, '']) else: rules_t.append([c, ['-A', c, '-m', 'conntrack', \ '--ctstate', 'INVALID', \ '-j', 'LOG', \ '--log-prefix', \ "[UFW AUDIT INVALID] "] + \ largs, '']) rules_t.append([c, ['-A', c, '-j', 'LOG', \ '--log-prefix', prefix] + largs, '']) # Setup the audit logging chains if self.loglevels[level] >= self.loglevels["medium"]: # loglevel full logs all packets without limit largs = [] # loglevel high logs all packets with limit if self.loglevels[level] < self.loglevels["full"]: largs = limit_args # loglevel medium logs all new packets with limit if self.loglevels[level] < self.loglevels["high"]: largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args prefix = "[UFW AUDIT] " for c in self.chains['before']: rules_t.append([c, ['-I', c, '-j', 'LOG', \ '--log-prefix', prefix] + largs, '']) return rules_t def reset(self): '''Reset the firewall''' res = "" share_dir = _findpath(ufw.common.share_dir, self.rootdir) # First make sure we have all the original files allfiles = [] for i in self.files: if not self.files[i].endswith('.rules'): continue allfiles.append(self.files[i]) fn = os.path.join(share_dir, "iptables", \ os.path.basename(self.files[i])) if not os.path.isfile(fn): err_msg = _("Could not find '%s'. Aborting") % (fn) raise UFWError(err_msg) ext = time.strftime("%Y%m%d_%H%M%S") # This implementation will intentionally traceback if someone tries to # do something to take advantage of the race conditions here. # Don't do anything if the files already exist for i in allfiles: fn = "%s.%s" % (i, ext) if os.path.exists(fn): err_msg = _("'%s' already exists. Aborting") % (fn) raise UFWError(err_msg) # Move the old to the new for i in allfiles: fn = "%s.%s" % (i, ext) res += _("Backing up '%(old)s' to '%(new)s'\n") % (\ {'old': os.path.basename(i), 'new': fn}) os.rename(i, fn) # Copy files into place for i in allfiles: old = "%s.%s" % (i, ext) shutil.copy(os.path.join(share_dir, "iptables", \ os.path.basename(i)), \ os.path.dirname(i)) shutil.copymode(old, i) try: statinfo = os.stat(i) mode = statinfo[stat.ST_MODE] except Exception: warn_msg = _("Couldn't stat '%s'") % (i) warn(warn_msg) continue if mode & stat.S_IWOTH: res += _("WARN: '%s' is world writable") % (i) elif mode & stat.S_IROTH: res += _("WARN: '%s' is world readable") % (i) return res ufw-0.36/src/ufw-init0000755000175000017500000000506013257511760013466 0ustar jamiejamie#!/bin/sh # # ufw-init: helper script to be used by ufw itself # # Copyright 2008-2015 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e # FIXME: this shouldn't be ordered rootdir= if [ "$1" = "--rootdir" ] && [ -s "$2" ]; then rootdir="$2/" # ensure trailing slash shift 2 fi datadir= if [ "$1" = "--datadir" ] && [ -s "$2" ]; then datadir="$2/" # ensure trailing slash shift 2 fi export DATA_DIR="$datadir" if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then . "${rootdir}#STATE_PREFIX#/ufw-init-functions" else echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)" exit 1 fi case "$1" in start) # process multiple error strings ret=0 output=`ufw_start` || ret="$?" test -n "$output" && echo "$output" | while read line ; do if [ "$2" = "quiet" ] || [ "$QUIET" = "yes" ]; then echo "$line" | grep -q "Skip starting" && continue fi echo "$line" done exit "$ret" ;; stop) ufw_stop || exit "$?" ;; force-stop) ufw_stop --force || exit "$?" ;; restart|force-reload) ufw_reload || exit "$?" ;; status) ufw_status || exit "$?" # If before.init and after.init support 'status', just display them after # ufw_status() so it is prettier if [ -x "$RULES_PATH/before.init" ]; then "$RULES_PATH/before.init" status || exit "$?" fi if [ -x "$RULES_PATH/after.init" ]; then "$RULES_PATH/after.init" status || exit "$?" fi ;; flush-all) # Use sparingly. It flushes the built-in chains, deletes all non-builtin # chains and resets the policy to ACCEPT if [ -x "$RULES_PATH/before.init" ]; then "$RULES_PATH/before.init" flush-all || exit "$?" fi flush_builtins || exit "$?" if [ -x "$RULES_PATH/after.init" ]; then "$RULES_PATH/after.init" flush-all || exit "$?" fi ;; *) echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}" exit 1 ;; esac ufw-0.36/src/parser.py0000644000175000017500000007635213404772663013665 0ustar jamiejamie# # parser.py: parser class for ufw # # Copyright 2009-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # # Adding New Commands # # 1. Create a new UFWCommandFoo object that implements UFWCommand # 2. Create UFWCommandFoo.parse() to return a UFWParserResponse object # 3. Create UFWCommandFoo.help() to display help for this command # 4. Register this command with the parser using: # parser.register_command(UFWCommandFoo('foo')) # # # Extending Existing Commands # # 1. Register the new command with an existing UFWCommand via # register_command(). Eg # parser.register_command(UFWCommandNewcommand('new_command')) # 2. Update UFWCommandExisting.parse() for new_command # 3. Update UFWCommandExisting.help() for new_command # import re import ufw.util import ufw.applications from ufw.common import UFWError from ufw.util import debug class UFWCommand: '''Generic class for parser commands.''' def __init__(self, type, command): self.command = command self.types = [] if type not in self.types: self.types.append(type) self.type = type def parse(self, argv): if len(argv) < 1: raise ValueError() r = UFWParserResponse(argv[0].lower()) return r def help(self, args): raise UFWError("UFWCommand.help: need to override") class UFWCommandRule(UFWCommand): '''Class for parsing ufw rule commands''' def __init__(self, command): type = 'rule' UFWCommand.__init__(self, type, command) def parse(self, argv): action = "" rule = "" type = "" from_type = "any" to_type = "any" from_service = "" to_service = "" insert_pos = "" logtype = "" remove = False if len(argv) > 0 and argv[0].lower() == "rule": argv.remove(argv[0]) # TODO: break this out if len(argv) > 0: if argv[0].lower() == "delete" and len(argv) > 1: remove = True argv.remove(argv[0]) rule_num = None try: rule_num = int(argv[0]) except Exception: action = argv[0] # return quickly if deleting by rule number if rule_num is not None: r = UFWParserResponse('delete-%d' % rule_num) return r elif argv[0].lower() == "insert": if len(argv) < 4: raise ValueError() insert_pos = argv[1] # Using position '0' appends the rule while '-1' prepends, # which is potentially confusing for the end user if insert_pos == "0" or insert_pos == "-1": err_msg = _("Cannot insert rule at position '%s'") % \ (insert_pos) raise UFWError(err_msg) # strip out 'insert NUM' and parse as normal del argv[1] del argv[0] elif argv[0].lower() == "prepend": insert_pos = -1 del argv[0] action = argv[0] if action != "allow" and action != "deny" and action != "reject" and \ action != "limit": raise ValueError() nargs = len(argv) if nargs < 2: raise ValueError() # set/strip rule_direction = "in" if nargs > 1 and (argv[1].lower() == "in" or \ argv[1].lower() == "out"): rule_direction = argv[1].lower() # strip out direction if not an interface rule if nargs > 2 and argv[2] != "on" and (argv[1].lower() == "in" or \ argv[1].lower() == "out"): rule_direction = argv[1].lower() del argv[1] nargs = len(argv) # strip out 'on' as in 'allow in on eth0 ...' has_interface = False if nargs > 1 and (argv.count('in') > 0 or argv.count('out') > 0): err_msg = _("Invalid interface clause") if argv[1].lower() != "in" and argv[1].lower() != "out": raise UFWError(err_msg) if nargs < 3 or argv[2].lower() != "on": raise UFWError(err_msg) del argv[2] nargs = len(argv) has_interface = True log_idx = 0 if has_interface and nargs > 3 and (argv[3].lower() == "log" or \ argv[3].lower() == 'log-all'): log_idx = 3 elif nargs > 2 and (argv[1].lower() == "log" or \ argv[1].lower() == 'log-all'): log_idx = 1 if log_idx > 0: logtype = argv[log_idx].lower() # strip out 'log' or 'log-all' and parse as normal del argv[log_idx] nargs = len(argv) if "log" in argv: err_msg = _("Option 'log' not allowed here") raise UFWError(err_msg) if "log-all" in argv: err_msg = _("Option 'log-all' not allowed here") raise UFWError(err_msg) comment = "" if 'comment' in argv: comment_idx = argv.index("comment") if comment_idx == len(argv) - 1: err_msg = _("Option 'comment' missing required argument") raise UFWError(err_msg) comment = argv[comment_idx+1] # TODO: properly support "'" in the comment string. See r949 for # details if "'" in comment: err_msg = _("Comment may not contain \"'\"") raise ValueError(err_msg) del argv[comment_idx+1] del argv[comment_idx] nargs = len(argv) if nargs < 2 or nargs > 13: raise ValueError() rule_action = action if logtype != "": rule_action += "_" + logtype rule = ufw.common.UFWRule(rule_action, "any", "any", \ direction=rule_direction, comment=ufw.util.hex_encode(comment)) if remove: rule.remove = remove elif insert_pos != "": try: rule.set_position(insert_pos) except Exception: raise if nargs == 2: # Short form where only app or port/proto is given if ufw.applications.valid_profile_name(argv[1]): # Check if name collision with /etc/services. If so, use # /etc/services instead of application profile try: ufw.util.get_services_proto(argv[1]) except Exception: type = "both" rule.dapp = argv[1] rule.set_port(argv[1], "dst") if rule.dapp == "": try: (port, proto) = ufw.util.parse_port_proto(argv[1]) except ValueError as e: raise UFWError(e) if not re.match('^\d([0-9,:]*\d+)*$', port): if ',' in port or ':' in port: err_msg = _("Port ranges must be numeric") raise UFWError(err_msg) to_service = port try: rule.set_protocol(proto) rule.set_port(port, "dst") type = "both" except UFWError: err_msg = _("Bad port") raise UFWError(err_msg) elif (nargs + 1) % 2 != 0: err_msg = _("Wrong number of arguments") raise UFWError(err_msg) elif 'from' not in argv and 'to' not in argv and 'in' not in argv and \ 'out' not in argv: err_msg = _("Need 'to' or 'from' clause") raise UFWError(err_msg) else: # Full form with PF-style syntax keys = [ 'proto', 'from', 'to', 'port', 'app', 'in', 'out' ] # quick check if argv.count("to") > 1 or \ argv.count("from") > 1 or \ argv.count("proto") > 1 or \ argv.count("port") > 2 or \ argv.count("in") > 1 or \ argv.count("out") > 1 or \ argv.count("app") > 2 or \ argv.count("app") > 0 and argv.count("proto") > 0: err_msg = _("Improper rule syntax") raise UFWError(err_msg) i = 0 loc = "" for arg in argv: if i % 2 != 0 and argv[i] not in keys: err_msg = _("Invalid token '%s'") % (argv[i]) raise UFWError(err_msg) if arg == "proto": if i+1 < nargs: try: rule.set_protocol(argv[i+1]) except Exception: raise else: # pragma: no cover # This can't normally be reached because of nargs # checks above, but leave it here in case our parsing # changes err_msg = _("Invalid 'proto' clause") raise UFWError(err_msg) elif arg == "in" or arg == "out": if i+1 < nargs: try: if arg == "in": rule.set_interface("in", argv[i+1]) elif arg == "out": rule.set_interface("out", argv[i+1]) except Exception: raise else: # pragma: no cover # This can't normally be reached because of nargs # checks above, but leave it here in case our parsing # changes err_msg = _("Invalid '%s' clause") % (arg) raise UFWError(err_msg) elif arg == "from": if i+1 < nargs: try: faddr = argv[i+1].lower() if faddr == "any": faddr = "0.0.0.0/0" from_type = "any" else: if ufw.util.valid_address(faddr, "6"): from_type = "v6" else: from_type = "v4" rule.set_src(faddr) except Exception: raise loc = "src" else: # pragma: no cover # This can't normally be reached because of nargs # checks above, but leave it here in case our parsing # changes err_msg = _("Invalid 'from' clause") raise UFWError(err_msg) elif arg == "to": if i+1 < nargs: try: saddr = argv[i+1].lower() if saddr == "any": saddr = "0.0.0.0/0" to_type = "any" else: if ufw.util.valid_address(saddr, "6"): to_type = "v6" else: to_type = "v4" rule.set_dst(saddr) except Exception: raise loc = "dst" else: # pragma: no cover # This can't normally be reached because of nargs # checks above, but leave it here in case our parsing # changes err_msg = _("Invalid 'to' clause") raise UFWError(err_msg) elif arg == "port" or arg == "app": if i+1 < nargs: if loc == "": err_msg = _("Need 'from' or 'to' with '%s'") % \ (arg) raise UFWError(err_msg) tmp = argv[i+1] if arg == "app": if loc == "src": rule.sapp = tmp else: rule.dapp = tmp elif not re.match('^\d([0-9,:]*\d+)*$', tmp): if ',' in tmp or ':' in tmp: err_msg = _("Port ranges must be numeric") raise UFWError(err_msg) if loc == "src": from_service = tmp else: to_service = tmp try: rule.set_port(tmp, loc) except Exception: raise else: # pragma: no cover # This can't normally be reached because of nargs # checks above, but leave it here in case our parsing # changes err_msg = _("Invalid 'port' clause") raise UFWError(err_msg) i += 1 # Figure out the type of rule (IPv4, IPv6, or both) this is if from_type == "any" and to_type == "any": type = "both" elif from_type != "any" and to_type != "any" and \ from_type != to_type: err_msg = _("Mixed IP versions for 'from' and 'to'") raise UFWError(err_msg) elif from_type != "any": type = from_type elif to_type != "any": type = to_type # Adjust protocol if to_service != "" or from_service != "": proto = "" if to_service != "": try: proto = ufw.util.get_services_proto(to_service) except Exception: # pragma: no cover # This can't normally be reached because of set_port() # checks above, but leave it here in case our parsing # changes err_msg = _("Could not find protocol") raise UFWError(err_msg) if from_service != "": if proto == "any" or proto == "": try: proto = ufw.util.get_services_proto(from_service) except Exception: # pragma: no cover # This can't normally be reached because of set_port() # checks above, but leave it here in case our parsing # changes err_msg = _("Could not find protocol") raise UFWError(err_msg) else: try: tmp = ufw.util.get_services_proto(from_service) except Exception: # pragma: no cover # This can't normally be reached because of set_port() # checks above, but leave it here in case our parsing # changes err_msg = _("Could not find protocol") raise UFWError(err_msg) if proto == "any" or proto == tmp: proto = tmp elif tmp == "any": pass else: err_msg = _("Protocol mismatch (from/to)") raise UFWError(err_msg) # Verify found proto with specified proto if rule.protocol == "any": rule.set_protocol(proto) elif proto != "any" and rule.protocol != proto: err_msg = _("Protocol mismatch with specified protocol %s") % \ (rule.protocol) raise UFWError(err_msg) # adjust type as needed if rule: if rule.protocol in ufw.util.ipv4_only_protocols and \ type == "both": debug("Adjusting iptype to 'v4' for protocol '%s'" % \ (rule.protocol)) type = "v4" # Now verify the rule rule.verify(type) r = UFWParserResponse(action) r.data['type'] = self.type r.data['rule'] = rule r.data['iptype'] = type return r def get_command(r): '''Get command string for rule''' res = r.action if (r.dst == "0.0.0.0/0" or r.dst == "::/0") and \ (r.src == "0.0.0.0/0" or r.src == "::/0") and \ r.sport == "any" and \ r.sapp == "" and \ r.interface_in == "" and \ r.interface_out == "" and \ r.dport != "any": # Short syntax if r.direction == "out": res += " %s" % r.direction if r.logtype != "": res += " %s" % r.logtype if r.dapp != "": if " " in r.dapp: res += " '%s'" % r.dapp else: res += " %s" % r.dapp else: res += " %s" % r.dport if r.protocol != "any": res += "/%s" % r.protocol if r.comment != "": res += " comment '%s'" % r.get_comment() else: # Full syntax if r.interface_in != "": res += " in on %s" % r.interface_in if r.interface_out != "": res += " out on %s" % r.interface_out elif r.direction == "out": res += " %s" % r.direction if r.logtype != "": res += " %s" % r.logtype for i in ['src', 'dst']: if i == 'src': loc = r.src port = r.sport app = r.sapp dir = "from" else: loc = r.dst port = r.dport app = r.dapp dir = "to" if loc == "0.0.0.0/0" or loc == "::/0": loc = "any" if loc != "any" or port != "any" or app != "": res += " %s %s" % (dir, loc) if app != "": if " " in app: res += " app '%s'" % app else: res += " app %s" % app elif port != "any": res += " port %s" % port # If still haven't added more than action, direction and/or # logtype, then we have a very generic rule, so add 'to any' to # mark it as extended form. if ' to ' not in res and ' from ' not in res and \ r.interface_in == "" and r.interface_out == "": res += " to any" if r.protocol != "any" and r.dapp == "" and r.sapp == "": res += " proto %s" % r.protocol if r.comment != "": res += " comment '%s'" % r.get_comment() return res get_command = staticmethod(get_command) class UFWCommandRouteRule(UFWCommandRule): '''Class for parsing ufw route rule commands''' def __init__(self, command): UFWCommandRule.__init__(self, command) self.type = 'route' def parse(self, argv): assert(argv[0] == "route") # 'ufw delete NUM' is the correct usage, not 'ufw route delete NUM' if 'delete' in argv: idx = argv.index('delete') err_msg = "" if len(argv) > idx: try: # 'route delete NUM' is unsupported int(argv[idx + 1]) err_msg = _("'route delete NUM' unsupported. Use 'delete NUM' instead.") raise UFWError(err_msg) except ValueError: # 'route delete RULE' is supported pass # Let's use as much as UFWCommandRule.parse() as possible. The only # difference with our rules is that argv[0] is 'route' and we support # both 'in on ' and 'out on ' in our rules. # Because UFWCommandRule.parse() expects that the interface clause is # specified first, strip out the second clause and add it later rule_argv = None interface = None strip = None # eg: ['route', 'allow', 'in', 'on', 'eth0', 'out', 'on', 'eth1'] s = " ".join(argv) if " in on " in s and " out on " in s: strip = "out" if argv.index("in") > argv.index("out"): strip = "in" # Remove 2nd interface clause from argv and add it to the rule # later. Because we searched for " on " in our joined # string we are guaranteed to have argv[argv.index() + 2] # exist. interface = argv[argv.index(strip) + 2] rule_argv = argv[0:argv.index(strip)] + argv[argv.index(strip)+3:] elif not re.search(r' (in|out) on ', s) and \ not re.search(r' app (in|out) ', s) and \ (" in " in s or " out " in s): # Specifying a direction without an interface doesn't make any # sense with route rules. application names could be 'in' or 'out' # so don't artificially limit those names. err_msg = _("Invalid interface clause for route rule") raise UFWError(err_msg) else: rule_argv = argv rule_argv[0] = "rule" r = UFWCommandRule.parse(self, rule_argv) if 'rule' in r.data: r.data['rule'].forward = True if strip and interface: r.data['rule'].set_interface(strip, interface) return r class UFWCommandApp(UFWCommand): '''Class for parsing ufw application commands''' def __init__(self, command): type = 'app' UFWCommand.__init__(self, type, command) def parse(self, argv): '''Parse applications command.''' name = "" action = "" addnew = False if argv[0] != "app": raise ValueError() del argv[0] nargs = len(argv) action = argv[0].lower() if action == "info" or action == "update": if nargs >= 3 and argv[1] == "--add-new": addnew = True argv.remove("--add-new") nargs = len(argv) if nargs < 2: raise ValueError() # Handle quoted name with spaces in it by stripping Python's ['...'] # list as string text. name = str(argv[1]).strip("[']") if addnew: action += "-with-new" if action == "list" and nargs != 1: raise ValueError() if action == "default": if nargs < 2: raise ValueError() if argv[1].lower() == "allow": action = "default-allow" elif argv[1].lower() == "deny": action = "default-deny" elif argv[1].lower() == "reject": action = "default-reject" elif argv[1].lower() == "skip": action = "default-skip" else: raise ValueError() r = UFWParserResponse(action) r.data['type'] = self.type r.data['name'] = name return r class UFWCommandBasic(UFWCommand): '''Class for parsing ufw basic commands''' def __init__(self, command): type = 'basic' UFWCommand.__init__(self, type, command) def parse(self, argv): if len(argv) != 1: raise ValueError() return UFWCommand.parse(self, argv) class UFWCommandDefault(UFWCommand): '''Class for parsing ufw default commands''' def __init__(self, command): type = 'default' UFWCommand.__init__(self, type, command) def parse(self, argv): # Basic sanity check if len(argv) < 2: raise ValueError() # Set the direction action = "" direction = "incoming" if len(argv) > 2: if argv[2].lower() != "incoming" and \ argv[2].lower() != "input" and \ argv[2].lower() != "routed" and \ argv[2].lower() != "forward" and \ argv[2].lower() != "output" and \ argv[2].lower() != "outgoing": raise ValueError() if argv[2].lower().startswith("in"): direction = "incoming" elif argv[2].lower().startswith("out"): direction = "outgoing" elif argv[2].lower() == "routed" or argv[2].lower() == "forward": direction = "routed" else: # pragma: no cover direction = argv[2].lower() # Set the policy if argv[1].lower() == "deny": action = "default-deny" elif argv[1].lower() == "allow": action = "default-allow" elif argv[1].lower() == "reject": action = "default-reject" else: raise ValueError() action += "-%s" % (direction) return UFWParserResponse(action) class UFWCommandLogging(UFWCommand): '''Class for parsing ufw logging commands''' def __init__(self, command): type = 'logging' UFWCommand.__init__(self, type, command) def parse(self, argv): action = "" if len(argv) < 2: raise ValueError() elif argv[1].lower() == "off": action = "logging-off" elif argv[1].lower() == "on" or argv[1].lower() == "low" or \ argv[1].lower() == "medium" or argv[1].lower() == "high" or \ argv[1].lower() == "full": action = "logging-on" if argv[1].lower() != "on": action += "_" + argv[1].lower() else: raise ValueError() return UFWParserResponse(action) class UFWCommandStatus(UFWCommand): '''Class for parsing ufw status commands''' def __init__(self, command): type = 'status' UFWCommand.__init__(self, type, command) def parse(self, argv): r = UFWCommand.parse(self, argv) if len(argv) == 1: r.action = "status" elif len(argv) > 1: if argv[1].lower() == "verbose": r.action = "status-verbose" elif argv[1].lower() == "numbered": r.action = "status-numbered" else: raise ValueError() return r class UFWCommandShow(UFWCommand): '''Class for parsing ufw show commands''' def __init__(self, command): type = 'show' UFWCommand.__init__(self, type, command) def parse(self, argv): action = "" if len(argv) == 1: raise ValueError() elif argv[1].lower() == "raw": action = "show-raw" elif argv[1].lower() == "before-rules": action = "show-before" elif argv[1].lower() == "user-rules": action = "show-user" elif argv[1].lower() == "after-rules": action = "show-after" elif argv[1].lower() == "logging-rules": action = "show-logging" elif argv[1].lower() == "builtins": action = "show-builtins" elif argv[1].lower() == "listening": action = "show-listening" elif argv[1].lower() == "added": action = "show-added" else: raise ValueError() return UFWParserResponse(action) class UFWParserResponse: '''Class for ufw parser response''' def __init__(self, action): self.action = action.lower() self.dryrun = False self.force = False self.data = {} def __str__(self): s = "action='%s'" % (self.action) keys = list(self.data.keys()) keys.sort() for i in keys: s += ",%s='%s'" % (i, self.data[i]) s += "\n" return repr(s) class UFWParser: '''Class for ufw parser''' def __init__(self): self.commands = {} def allowed_command(self, type, cmd): '''Return command if it is allowed, otherwise raise an exception''' if type.lower() not in list(self.commands.keys()): raise ValueError() if cmd.lower() not in list(self.commands[type].keys()): raise ValueError() return cmd.lower() def parse_command(self, args): '''Parse command. Returns a UFWParserAction''' dryrun = False if len(args) > 0 and args[0].lower() == "--dry-run": dryrun = True args.remove(args[0]) force = False if len(args) > 0 and (args[0].lower() == "--force" or \ args[0].lower() == "-f"): force = True args.remove(args[0]) cmd = "" type = "" tmp = args[0].lower() if len(args) > 1 and tmp in list(self.commands.keys()) and \ args[1].lower() in list(self.commands[tmp].keys()): type = tmp cmd = args[1].lower() else: # Discover the type cmd = tmp for i in list(self.commands.keys()): if cmd in self.commands[i]: # Skip any inherited commands that inherit from # UFWCommandRule since they must have more than one # argument to be valid and used if isinstance(self.commands[i][cmd], UFWCommandRule) and \ getattr(self.commands[i][cmd], 'type') != 'rule': continue # pragma: nocover type = i break if type == "": type = 'rule' action = self.allowed_command(type, cmd) cmd = self.commands[type][action] response = cmd.parse(args) response.dryrun = dryrun response.force = force return response def register_command(self, c): '''Register a command with the parser''' if c.command is None or c.command == '': # If the command is empty, then use 'type' as command key = "%s" % (c.type) else: key = "%s" % (c.command) if c.type not in self.commands: self.commands[c.type] = {} if key in self.commands[c.type]: err_msg = _("Command '%s' already exists") % (key) raise UFWError(err_msg) self.commands[c.type][key] = c ufw-0.36/src/common.py0000644000175000017500000005323013404772663013647 0ustar jamiejamie'''common.py: common classes for ufw''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import re import socket import ufw.util from ufw.util import debug programName = "ufw" state_dir = "#STATE_PREFIX#" share_dir = "#SHARE_DIR#" trans_dir = share_dir config_dir = "#CONFIG_PREFIX#" prefix_dir = "#PREFIX#" iptables_dir = "#IPTABLES_DIR#" do_checks = True class UFWError(Exception): '''This class represents ufw exceptions''' def __init__(self, value): self.value = value def __str__(self): return repr(self.value) class UFWRule: '''This class represents firewall rules''' def __init__(self, action, protocol, dport="any", dst="0.0.0.0/0", sport="any", src="0.0.0.0/0", direction="in", forward=False, comment=""): # Be sure to update dup_rule accordingly... self.remove = False self.updated = False self.v6 = False self.dst = "" self.src = "" self.dport = "" self.sport = "" self.protocol = "" self.multi = False self.dapp = "" self.sapp = "" self.action = "" self.position = 0 self.logtype = "" self.interface_in = "" self.interface_out = "" self.direction = "" self.forward = forward self.comment = "" try: self.set_action(action) self.set_protocol(protocol) self.set_port(dport) self.set_port(sport, "src") self.set_src(src) self.set_dst(dst) self.set_direction(direction) self.set_comment(comment) except UFWError: raise def __str__(self): return self.format_rule() def _get_attrib(self): '''Print rule to stdout''' res = "'%s'" % (self) keys = list(self.__dict__) keys.sort() for k in keys: res += ", %s=%s" % (k, self.__dict__[k]) return res def dup_rule(self): '''Return a duplicate of a rule''' rule = UFWRule(self.action, self.protocol) rule.remove = self.remove rule.updated = self.updated rule.v6 = self.v6 rule.dst = self.dst rule.src = self.src rule.dport = self.dport rule.sport = self.sport rule.multi = self.multi rule.dapp = self.dapp rule.sapp = self.sapp rule.position = self.position rule.logtype = self.logtype rule.interface_in = self.interface_in rule.interface_out = self.interface_out rule.direction = self.direction rule.forward = self.forward rule.comment = self.comment return rule def format_rule(self): '''Format rule for later parsing''' rule_str = "" if self.interface_in != "": rule_str += " -i %s" % (self.interface_in) if self.interface_out != "": rule_str += " -o %s" % (self.interface_out) # Protocol is handled below if self.protocol == "any": rule_str += " -p all" else: rule_str += " -p " + self.protocol if self.multi: rule_str += " -m multiport" if self.dport != "any" and self.sport != "any": rule_str += " --dports " + self.dport rule_str += " -m multiport" rule_str += " --sports " + self.sport elif self.dport != "any": rule_str += " --dports " + self.dport elif self.sport != "any": rule_str += " --sports " + self.sport if self.dst != "0.0.0.0/0" and self.dst != "::/0": rule_str += " -d " + self.dst if not self.multi and self.dport != "any": rule_str += " --dport " + self.dport if self.src != "0.0.0.0/0" and self.src != "::/0": rule_str += " -s " + self.src if not self.multi and self.sport != "any": rule_str += " --sport " + self.sport lstr = "" if self.logtype != "": lstr = "_" + self.logtype if self.action == "allow": rule_str += " -j ACCEPT%s" % (lstr) elif self.action == "reject": rule_str += " -j REJECT%s" % (lstr) if self.protocol == "tcp": # follow TCP's default and send RST rule_str += " --reject-with tcp-reset" elif self.action == "limit": # Caller needs to change this rule_str += " -j LIMIT%s" % (lstr) else: rule_str += " -j DROP%s" % (lstr) if self.dapp != "" or self.sapp != "": # Format the comment string, and quote it just in case comment = "-m comment --comment '" pat_space = re.compile(' ') if self.dapp != "": comment += "dapp_" + pat_space.sub('%20', self.dapp) if self.dapp != "" and self.sapp != "": comment += "," if self.sapp != "": comment += "sapp_" + pat_space.sub('%20', self.sapp) comment += "'" rule_str += " " + comment return rule_str.strip() def set_action(self, action): '''Sets action of the rule''' tmp = action.lower().split('_') if tmp[0] == "allow" or tmp[0] == "reject" or tmp[0] == "limit": self.action = tmp[0] else: self.action = "deny" logtype = "" if len(tmp) > 1: logtype = tmp[1] self.set_logtype(logtype) def set_port(self, port, loc="dst"): '''Sets port and location (destination or source) of the rule''' err_msg = _("Bad port '%s'") % (port) if port == "any": pass elif loc == "dst" and self.dapp: pass elif loc == "src" and self.sapp: pass elif re.match(r'^[,:]', port) or re.match(r'[,:]$', port): raise UFWError(err_msg) elif (port.count(',') + port.count(':')) > 14: # Limitation of iptables raise UFWError(err_msg) else: ports = port.split(',') if len(ports) > 1: self.multi = True tmp = "" for p in ports: if re.match(r'^\d+:\d+$', p): # Port range self.multi = True ran = p.split(':') for q in ran: if int(q) < 1 or int(q) > 65535: raise UFWError(err_msg) if int(ran[0]) >= int(ran[1]): raise UFWError(err_msg) elif re.match('^\d+$', p): if int(p) < 1 or int(p) > 65535: raise UFWError(err_msg) elif re.match(r'^\w[\w\-]+', p): try: p = socket.getservbyname(p) except Exception: raise UFWError(err_msg) else: raise UFWError(err_msg) if tmp: tmp += "," + str(p) else: tmp = str(p) port = tmp if loc == "src": self.sport = str(port) else: self.dport = str(port) def set_protocol(self, protocol): '''Sets protocol of the rule''' if protocol in ufw.util.supported_protocols + ['any']: self.protocol = protocol else: err_msg = _("Unsupported protocol '%s'") % (protocol) raise UFWError(err_msg) def _fix_anywhere(self): '''Adjusts src and dst based on v6''' if self.v6: if self.dst and (self.dst == "any" or self.dst == "0.0.0.0/0"): self.dst = "::/0" if self.src and (self.src == "any" or self.src == "0.0.0.0/0"): self.src = "::/0" else: if self.dst and (self.dst == "any" or self.dst == "::/0"): self.dst = "0.0.0.0/0" if self.src and (self.src == "any" or self.src == "::/0"): self.src = "0.0.0.0/0" def set_v6(self, v6): '''Sets whether this is ipv6 rule, and adjusts src and dst accordingly. ''' self.v6 = v6 self._fix_anywhere() def set_src(self, addr): '''Sets source address of rule''' tmp = addr.lower() if tmp != "any" and not ufw.util.valid_address(tmp, "any"): err_msg = _("Bad source address") raise UFWError(err_msg) self.src = tmp self._fix_anywhere() def set_dst(self, addr): '''Sets destination address of rule''' tmp = addr.lower() if tmp != "any" and not ufw.util.valid_address(tmp, "any"): err_msg = _("Bad destination address") raise UFWError(err_msg) self.dst = tmp self._fix_anywhere() def set_interface(self, if_type, name): '''Sets an interface for rule''' # libxtables/xtables.c xtables_parse_interface() specifies # - < 16 # - not empty # - doesn't contain ' ' # - doesn't contain '/' # # net/core/dev.c from the kernel specifies: # - < 16 # - not empty # - != '.' or '..' # - doesn't contain '/', ':' or whitespace if if_type != "in" and if_type != "out": err_msg = _("Bad interface type") raise UFWError(err_msg) # Separate a few of the invalid checks out so we can give a nice error if '!' in str(name): err_msg = _("Bad interface name: reserved character: '!'") raise UFWError(err_msg) if ':' in str(name): err_msg = _("Bad interface name: can't use interface aliases") raise UFWError(err_msg) if str(name) == "." or str(name) == "..": err_msg = _("Bad interface name: can't use '.' or '..'") raise UFWError(err_msg) if (len(str(name)) == 0): err_msg = _("Bad interface name: interface name is empty") raise UFWError(err_msg) if (len(str(name)) > 15): err_msg = _("Bad interface name: interface name too long") raise UFWError(err_msg) # We are going to limit this even further to avoid shell meta if not re.match(r'^[a-zA-Z0-9_\-\.\+,=%@]+$', str(name)): err_msg = _("Bad interface name") raise UFWError(err_msg) if if_type == "in": self.interface_in = name else: self.interface_out = name def set_position(self, num): '''Sets the position of the rule''' # -1 prepend # 0 append # >0 insert if str(num) != "-1" and not re.match(r'^[0-9]+', str(num)): err_msg = _("Insert position '%s' is not a valid position") % (num) raise UFWError(err_msg) self.position = int(num) def set_logtype(self, logtype): '''Sets logtype of the rule''' if logtype.lower() == "log" or logtype.lower() == "log-all" or \ logtype == "": self.logtype = logtype.lower() else: err_msg = _("Invalid log type '%s'") % (logtype) raise UFWError(err_msg) def set_direction(self, direction): '''Sets direction of the rule''' if direction == "in" or direction == "out": self.direction = direction else: err_msg = _("Unsupported direction '%s'") % (direction) raise UFWError(err_msg) def get_comment(self): '''Get decoded comment of the rule''' return ufw.util.hex_decode(self.comment) def set_comment(self, comment): '''Sets comment of the rule''' self.comment = comment def normalize(self): '''Normalize src and dst to standard form''' changed = False if self.src: try: (self.src, changed) = ufw.util.normalize_address(self.src, \ self.v6) except Exception: err_msg = _("Could not normalize source address") raise UFWError(err_msg) if changed: self.updated = changed if self.dst: try: (self.dst, changed) = ufw.util.normalize_address(self.dst, \ self.v6) except Exception: err_msg = _("Could not normalize destination address") raise UFWError(err_msg) if changed: self.updated = changed if self.dport: ports = self.dport.split(',') ufw.util.human_sort(ports) self.dport = ','.join(ports) if self.sport: ports = self.sport.split(',') ufw.util.human_sort(ports) self.sport = ','.join(ports) def match(x, y): '''Check if rules match Return codes: 0 match 1 no match -1 match all but action, log-type and/or comment -2 match all but comment ''' if not x or not y: raise ValueError() dbg_msg = "No match '%s' '%s'" % (x, y) if x.dport != y.dport: debug(dbg_msg) return 1 if x.sport != y.sport: debug(dbg_msg) return 1 if x.protocol != y.protocol: debug(dbg_msg) return 1 if x.src != y.src: debug(dbg_msg) return 1 if x.dst != y.dst: debug(dbg_msg) return 1 if x.v6 != y.v6: debug(dbg_msg) return 1 if x.dapp != y.dapp: debug(dbg_msg) return 1 if x.sapp != y.sapp: debug(dbg_msg) return 1 if x.interface_in != y.interface_in: debug(dbg_msg) return 1 if x.interface_out != y.interface_out: debug(dbg_msg) return 1 if x.direction != y.direction: debug(dbg_msg) return 1 if x.forward != y.forward: debug(dbg_msg) return 1 if x.action == y.action and x.logtype == y.logtype and \ x.comment == y.comment: dbg_msg = _("Found exact match") debug(dbg_msg) return 0 if x.action == y.action and x.logtype == y.logtype and \ x.comment != y.comment: dbg_msg = _("Found exact match, excepting comment") debug(dbg_msg) return -2 dbg_msg = _("Found non-action/non-logtype/comment match " \ "(%(xa)s/%(ya)s/'%(xc)s' %(xl)s/%(yl)s/'%(yc)s')") % \ ({'xa': x.action, 'ya': y.action, 'xl': x.logtype, 'yl': y.logtype, 'xc': x.comment, 'yc': y.comment}) debug(dbg_msg) return -1 def fuzzy_dst_match(x, y): '''This will match if x is more specific than y. Eg, for protocol if x is tcp and y is all or for address if y is a network and x is a subset of y (where x is either an address or network). Returns: 0 match 1 no match -1 fuzzy match This is a fuzzy destination match, so source ports or addresses are not considered, and (currently) only incoming. ''' def _match_ports(test_p, to_match): '''Returns True if p is an exact match or within a multi rule''' if ',' in test_p or ':' in test_p: if test_p == to_match: return True return False for port in to_match.split(','): if test_p == port: return True if ':' in port: (low, high) = port.split(':') if int(test_p) >= int(low) and int(test_p) <= int(high): return True return False if not x or not y: raise ValueError() # Ok if exact match if x.match(y) == 0: return 0 dbg_msg = "No fuzzy match '%s (v6=%s)' '%s (v6=%s)'" % \ (x, x.v6, y, y.v6) # Direction must match if y.direction != "in": debug("(direction) " + dbg_msg + " (not incoming)") return 1 # forward must match if y.forward != x.forward: debug(dbg_msg + " (forward does not match)") return 1 # Protocols must match or y 'any' if x.protocol != y.protocol and y.protocol != "any": debug("(protocol) " + dbg_msg) return 1 # Destination ports must match or y 'any' if y.dport != "any" and not _match_ports(x.dport, y.dport): debug("(dport) " + dbg_msg) return 1 if y.interface_in == "": # If destination interface is not specified, destination addresses # must match or x must be contained in y if x.interface_in == "" and x._is_anywhere(x.dst): # if x and y interfaces are not specified, and x.dst is # anywhere then ok pass elif x.dst != y.dst and '/' not in y.dst: debug("(dst) " + dbg_msg) return 1 elif x.dst != y.dst and '/' in y.dst and x.v6 == y.v6 and \ not ufw.util.in_network(x.dst, y.dst, x.v6): debug("(dst) " + dbg_msg + " ('%s' not in network '%s')" % \ (x.dst, y.dst)) return 1 else: # If destination interface is specified, then: # if specified, both interfaces must match or # the IP of the interface must match the IP of y or # the IP of the interface must be contained in y if x.interface_in != "" and x.interface_in != y.interface_in: debug("(interface) " + dbg_msg + " (%s != %s)" % \ (x.interface_in, y.interface_in)) return 1 try: if_ip = ufw.util.get_ip_from_if(y.interface_in, x.v6) except IOError: debug("(interface) " + dbg_msg + " %s does not exist" % \ (y.interface_in)) return 1 if y.dst != if_ip and '/' not in y.dst: debug("(interface) " + dbg_msg + " (%s != %s)" % \ (y.dst, if_ip)) return 1 elif y.dst != if_ip and '/' in y.dst and x.v6 == y.v6 and \ not ufw.util.in_network(if_ip, y.dst, x.v6): debug("(interface) " + dbg_msg + \ " ('%s' not in network '%s')" % (if_ip, y.dst)) return 1 if x.v6 != y.v6: debug("(v6) " + dbg_msg + " (%s != %s)" % (x.dst, y.dst)) return 1 # if we made it here, it is a fuzzy match debug("(fuzzy match) '%s (v6=%s)' '%s (v6=%s)'" % (x, x.v6, y, y.v6)) return -1 def _is_anywhere(self, addr): '''Check if address is anywhere''' if addr == "::/0" or addr == "0.0.0.0/0": return True return False def get_app_tuple(self): '''Returns a tuple to identify an app rule. Tuple is: dapp dst sapp src or dport dst sapp src or dapp dst sport src All of these might have in_eth0 out_eth0 (or similar) if an interface is also defined. ''' tupl = "" if self.dapp != "" or self.sapp != "": tupl = "%s %s %s %s" % (self.dapp, self.dst, self.sapp, self.src) if self.dapp == "": tupl = "%s %s %s %s" % (self.dport, self.dst, self.sapp, \ self.src) if self.sapp == "": tupl = "%s %s %s %s" % (self.dapp, self.dst, self.sport, \ self.src) # add interfaces to the end, if they exist if self.interface_in != "": tupl += " in_%s" % (self.interface_in) if self.interface_out != "": tupl += " out_%s" % (self.interface_out) return tupl def verify(self, rule_iptype): '''Verify rule''' # Verify protocol not specified with application rule if self.protocol != "any" and \ (self.sapp != "" or self.dapp != ""): err_msg = _("Improper rule syntax ('%s' specified with app rule)") \ % (self.protocol) raise UFWError(err_msg) if self.protocol in ufw.util.ipv4_only_protocols and \ rule_iptype == "v6": # Can't use protocol these protocols with v6 addresses err_msg = _("Invalid IPv6 address with protocol '%s'") % \ (self.protocol) raise UFWError(err_msg) if self.protocol in ufw.util.portless_protocols: if self.dport != "any" or self.sport != "any": err_msg = _("Invalid port with protocol '%s'") % \ (self.protocol) raise UFWError(err_msg) ufw-0.36/src/__init__.py0000644000175000017500000000000013226727543014100 0ustar jamiejamieufw-0.36/src/before.init0000644000175000017500000000215213257507473014132 0ustar jamiejamie#!/bin/sh # # before.init: if executable, called by ufw-init. See 'man ufw-framework' for # details. Note that output from these scripts is not seen via the # the ufw command, but instead via ufw-init. # # Copyright 2013 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # set -e case "$1" in start) # typically required ;; stop) # typically required ;; status) # optional ;; flush-all) # optional ;; *) echo "'$1' not supported" echo "Usage: before.init {start|stop|flush-all|status}" ;; esac ufw-0.36/src/frontend.py0000644000175000017500000010615413404772663014202 0ustar jamiejamie'''frontend.py: frontend interface for ufw''' # # Copyright 2008-2018 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # import os import sys import warnings from ufw.common import UFWError import ufw.util from ufw.util import error, warn, msg from ufw.backend_iptables import UFWBackendIptables import ufw.parser def parse_command(argv): '''Parse command. Returns tuple for action, rule, ip_version and dryrun.''' p = ufw.parser.UFWParser() # Basic commands for i in ['enable', 'disable', 'help', '--help', 'version', '--version', \ 'reload', 'reset' ]: p.register_command(ufw.parser.UFWCommandBasic(i)) # Application commands for i in ['list', 'info', 'default', 'update']: p.register_command(ufw.parser.UFWCommandApp(i)) # Logging commands for i in ['on', 'off', 'low', 'medium', 'high', 'full']: p.register_command(ufw.parser.UFWCommandLogging(i)) # Default commands for i in ['allow', 'deny', 'reject']: p.register_command(ufw.parser.UFWCommandDefault(i)) # Status commands ('status', 'status verbose', 'status numbered') for i in [None, 'verbose', 'numbered']: p.register_command(ufw.parser.UFWCommandStatus(i)) # Show commands for i in ['raw', 'before-rules', 'user-rules', 'after-rules', \ 'logging-rules', 'builtins', 'listening', 'added']: p.register_command(ufw.parser.UFWCommandShow(i)) # Rule commands rule_commands = ['allow', 'limit', 'deny', 'reject', 'insert', 'delete', 'prepend'] for i in rule_commands: p.register_command(ufw.parser.UFWCommandRule(i)) p.register_command(ufw.parser.UFWCommandRouteRule(i)) # Don't require the user to have to specify 'rule' as the command. Instead # insert 'rule' into the arguments if this is a rule command. if len(argv) > 2: idx = 1 if argv[idx].lower() == "--dry-run": idx = 2 if argv[idx].lower() != "default" and \ argv[idx].lower() != "route" and \ argv[idx].lower() in rule_commands: argv.insert(idx, 'rule') if len(argv) < 2 or ('--dry-run' in argv and len(argv) < 3): error("not enough args") # pragma: no cover try: pr = p.parse_command(argv[1:]) except UFWError as e: error("%s" % (e.value)) # pragma: no cover except Exception: error("Invalid syntax", do_exit=False) raise return pr def get_command_help(): '''Print help message''' help_msg = _(''' Usage: %(progname)s %(command)s %(commands)s: %(enable)-31s enables the firewall %(disable)-31s disables the firewall %(default)-31s set default policy %(logging)-31s set logging to %(level)s %(allow)-31s add allow %(rule)s %(deny)-31s add deny %(rule)s %(reject)-31s add reject %(rule)s %(limit)-31s add limit %(rule)s %(delete)-31s delete %(urule)s %(insert)-31s insert %(urule)s at %(number)s %(route)-31s add route %(urule)s %(route-delete)-31s delete route %(urule)s %(route-insert)-31s insert route %(urule)s at %(number)s %(reload)-31s reload firewall %(reset)-31s reset firewall %(status)-31s show firewall status %(statusnum)-31s show firewall status as numbered list of %(rules)s %(statusverbose)-31s show verbose firewall status %(show)-31s show firewall report %(version)-31s display version information %(appcommands)s: %(applist)-31s list application profiles %(appinfo)-31s show information on %(profile)s %(appupdate)-31s update %(profile)s %(appdefault)-31s set default application policy ''' % ({'progname': ufw.common.programName, \ 'command': "COMMAND", \ 'commands': "Commands", \ 'enable': "enable", \ 'disable': "disable", \ 'default': "default ARG", \ 'logging': "logging LEVEL", \ 'level': "LEVEL", \ 'allow': "allow ARGS", \ 'rule': "rule", \ 'deny': "deny ARGS", \ 'reject': "reject ARGS", \ 'limit': "limit ARGS", \ 'delete': "delete RULE|NUM", \ 'urule': "RULE", \ 'insert': "insert NUM RULE", \ 'prepend': "prepend RULE", \ 'route': "route RULE", \ 'route-delete': "route delete RULE|NUM", \ 'route-insert': "route insert NUM RULE", \ 'number': "NUM", \ 'reload': "reload", \ 'reset': "reset", \ 'status': "status", \ 'statusnum': "status numbered", \ 'rules': "RULES", \ 'statusverbose': "status verbose", \ 'show': "show ARG", \ 'version': "version", \ 'appcommands': "Application profile commands", \ 'applist': "app list", \ 'appinfo': "app info PROFILE", \ 'profile': "PROFILE", \ 'appupdate': "app update PROFILE", \ 'appdefault': "app default ARG"})) return (help_msg) class UFWFrontend: '''UI''' def __init__(self, dryrun, backend_type="iptables", rootdir=None, datadir=None): if backend_type == "iptables": try: self.backend = UFWBackendIptables(dryrun, rootdir=rootdir, datadir=datadir) except Exception: # pragma: no cover raise else: raise UFWError("Unsupported backend type '%s'" % (backend_type)) # Initialize input strings for translations self.no = _("n") self.yes = _("y") self.yes_full = _("yes") def set_enabled(self, enabled): '''Toggles ENABLED state in /ufw/ufw.conf and starts or stops running firewall. ''' res = "" config_str = "no" if enabled: config_str = "yes" changed = False if (enabled and not self.backend.is_enabled()) or \ (not enabled and self.backend.is_enabled()): changed = True # Update the config files when toggling enable/disable if changed: try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", config_str) except UFWError as e: # pragma: no cover error(e.value) error_str = "" if enabled: try: self.backend.start_firewall() except UFWError as e: # pragma: no cover if changed: error_str = e.value if error_str != "": # pragma: no cover # Revert config files when toggling enable/disable and # firewall failed to start try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", "no") except UFWError as e: error(e.value) # Report the error error(error_str) res = _("Firewall is active and enabled on system startup") else: try: self.backend.stop_firewall() except UFWError as e: # pragma: no cover error(e.value) res = _("Firewall stopped and disabled on system startup") return res def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend.is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError as e: # pragma: no cover error(e.value) return res def set_loglevel(self, level): '''Sets log level of firewall''' res = "" try: res = self.backend.set_loglevel(level) except UFWError as e: # pragma: no cover error(e.value) return res def get_status(self, verbose=False, show_count=False): '''Shows status of firewall''' try: out = self.backend.get_status(verbose, show_count) except UFWError as e: # pragma: no cover error(e.value) return out def get_show_raw(self, rules_type="raw"): '''Shows raw output of firewall''' try: out = self.backend.get_running_raw(rules_type) except UFWError as e: # pragma: no cover error(e.value) return out def get_show_listening(self): '''Shows listening services and incoming rules that might affect them''' res = "" try: d = ufw.util.parse_netstat_output(self.backend.use_ipv6()) except Exception: # pragma: no cover err_msg = _("Could not get listening status") raise UFWError(err_msg) rules = self.backend.get_rules() protocols = list(d.keys()) protocols.sort() for proto in protocols: if not self.backend.use_ipv6() and proto in ['tcp6', 'udp6']: continue # pragma: no cover res += "%s:\n" % (proto) ports = list(d[proto].keys()) ports.sort() for port in ports: for item in d[proto][port]: addr = item['laddr'] if not addr.startswith("127.") and \ not addr.startswith("::1"): ifname = "" res += " %s " % port if addr == "0.0.0.0" or addr == "::": res += "* " addr = "%s/0" % (item['laddr']) else: res += "%s " % addr ifname = ufw.util.get_if_from_ip(addr) res += "(%s)" % os.path.basename(item['exe']) # Create an incoming rule since matching outgoing and # forward rules doesn't make sense for this report. rule = ufw.common.UFWRule(action="allow", \ protocol=proto[:3], \ dport=port, \ dst=addr, direction="in", \ forward=False ) rule.set_v6(proto.endswith("6")) if ifname != "": rule.set_interface("in", ifname) rule.normalize() # Get the non-tuple rule from get_matching(), and then # add its corresponding CLI command. matching = self.backend.get_matching(rule) if len(matching) > 0: res += "\n" for i in matching: if i > 0 and i - 1 < len(rules): res += " [%2d] %s\n" % (i, \ # Don't need UFWCommandRule here either ufw.parser.UFWCommandRule.get_command(\ rules[i-1]) ) res += "\n" if not self.backend.use_ipv6(): ufw.util.debug("Skipping tcp6 and udp6 (IPv6 is disabled)") return res def get_show_added(self): '''Shows added rules to the firewall''' rules = self.backend.get_rules() out = _("Added user rules (see 'ufw status' for running firewall):") if len(rules) == 0: return out + _("\n(None)") added = [] for r in self.backend.get_rules(): if r.forward: rstr = "route %s" % \ ufw.parser.UFWCommandRouteRule.get_command(r) else: rstr = ufw.parser.UFWCommandRule.get_command(r) # Approximate the order the rules were added. Since rules is # internally rules4 + rules6, IPv6 only rules will show up after # other rules. In terms of rule ordering in the kernel, this is # an equivalent ordering. if rstr in added: continue added.append(rstr) out += "\nufw %s" % rstr return out def set_rule(self, rule, ip_version): '''Updates firewall with rule''' res = "" err_msg = "" tmp = "" rules = [] if rule.dapp == "" and rule.sapp == "": rules.append(rule) else: tmprules = [] try: if rule.remove: if ip_version == "v4": tmprules = self.backend.get_app_rules_from_system( rule, False) elif ip_version == "v6": tmprules = self.backend.get_app_rules_from_system( rule, True) elif ip_version == "both": tmprules = self.backend.get_app_rules_from_system( rule, False) tmprules6 = self.backend.get_app_rules_from_system( rule, True) # Only add rules that are different by more than v6 (we # will handle 'ip_version == both' specially, below). for x in tmprules: for y in tmprules6: prev6 = y.v6 y.v6 = False if not x.match(y): y.v6 = prev6 tmprules.append(y) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) # Don't process removal of non-existing application rules if len(tmprules) == 0 and not self.backend.dryrun: tmp = _("Could not delete non-existent rule") if ip_version == "v4": res = tmp elif ip_version == "v6": res = tmp + " (v6)" elif ip_version == "both": res = tmp + "\n" + tmp + " (v6)" return res for tmp in tmprules: r = tmp.dup_rule() r.remove = rule.remove r.set_action(rule.action) r.set_logtype(rule.logtype) rules.append(r) else: rules = self.backend.get_app_rules_from_template(rule) # Reverse the order of rules for inserted or prepended # rules, so they are inserted in the right order if rule.position != 0: rules.reverse() except Exception: raise count = 0 set_error = False pos_err_msg = _("Invalid position '") num_v4 = self.backend.get_rules_count(False) num_v6 = self.backend.get_rules_count(True) for i, r in enumerate(rules): count = i if r.position > num_v4 + num_v6: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) try: if self.backend.use_ipv6(): if ip_version == "v4": if r.position == -1: # prepend begin = 0 if count == 0 and num_v4 == 0 else 1 r.set_position(begin) elif r.position > num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": if r.position == -1: # prepend begin = 0 if count == 0 and num_v6 == 0 else 1 r.set_position(begin) elif r.position > num_v4: r.set_position(r.position - num_v4) elif r.position != 0 and r.position <= num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(True) tmp = self.backend.set_rule(r) elif ip_version == "both": user_pos = r.position # user specified position r.set_v6(False) if user_pos == -1: # prepend begin = 0 if count == 0 and num_v4 == 0 else 1 r.set_position(begin) elif not r.remove and user_pos > num_v4: # The user specified a v6 rule, so try to find a # match in the v4 rules and use its position. p = self.backend.find_other_position( \ user_pos - num_v4 + count, True) if p > 0: r.set_position(p) else: # If not found, then add the rule r.set_position(0) tmp = self.backend.set_rule(r) # We need to readjust the position since the number # of ipv4 rules increased if not r.remove and user_pos > 0: num_v4 = self.backend.get_rules_count(False) r.set_position(user_pos + 1) r.set_v6(True) if user_pos == -1: # prepend begin = 0 if count == 0 and num_v6 == 0 else 1 r.set_position(begin) elif not r.remove and r.position > 0 and \ r.position <= num_v4: # The user specified a v4 rule, so try to find a # match in the v6 rules and use its position. p = self.backend.find_other_position(r.position, \ False) if p > 0: # Subtract count since the list is reversed r.set_position(p - count) else: # If not found, then add the rule r.set_position(0) if tmp != "": tmp += "\n" # Readjust position to send to set_rule if not r.remove and r.position > num_v4 and \ user_pos != -1: r.set_position(r.position - num_v4) tmp += self.backend.set_rule(r) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) else: if r.position == -1: # prepend begin = 0 if count == 0 and num_v4 == 0 else 1 r.set_position(begin) if ip_version == "v4" or ip_version == "both": r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": err_msg = _("IPv6 support not enabled") raise UFWError(err_msg) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) except UFWError as e: err_msg = e.value set_error = True break if r.updated: warn_msg = _("Rule changed after normalization") warnings.warn(warn_msg) if not set_error: # Just return the last result if no error res += tmp elif len(rules) == 1: # If no error, and just one rule, error out error(err_msg) # pragma: no cover else: # If error and more than one rule, delete the successfully added # rules in reverse order undo_error = False indexes = list(range(count+1)) indexes.reverse() for j in indexes: if count > 0 and rules[j]: backout_rule = rules[j].dup_rule() backout_rule.remove = True try: self.set_rule(backout_rule, ip_version) except Exception: # Don't fail, so we can try to backout more undo_error = True warn_msg = _("Could not back out rule '%s'") % \ r.format_rule() warn(warn_msg) err_msg += _("\nError applying application rules.") if undo_error: err_msg += _(" Some rules could not be unapplied.") else: err_msg += _(" Attempted rules successfully unapplied.") raise UFWError(err_msg) return res def delete_rule(self, number, force=False): '''Delete rule''' try: n = int(number) except Exception: err_msg = _("Could not find rule '%s'") % number raise UFWError(err_msg) rules = self.backend.get_rules() if n <= 0 or n > len(rules): err_msg = _("Could not find rule '%d'") % n raise UFWError(err_msg) rule = self.backend.get_rule_by_number(n) if not rule: err_msg = _("Could not find rule '%d'") % n raise UFWError(err_msg) rule.remove = True ip_version = "v4" if rule.v6: ip_version = "v6" proceed = True if not force: if rule.forward: rstr = "route %s" % \ ufw.parser.UFWCommandRouteRule.get_command(rule) else: rstr = ufw.parser.UFWCommandRule.get_command(rule) prompt = _("Deleting:\n %(rule)s\nProceed with operation " \ "(%(yes)s|%(no)s)? ") % ({'rule': rstr, \ 'yes': self.yes, \ 'no': self.no}) msg(prompt, output=sys.stdout, newline=False) ans = sys.stdin.readline().lower().strip() if ans != "y" and ans != self.yes.lower() and \ ans != self.yes_full.lower(): proceed = False res = "" if proceed: res = self.set_rule(rule, ip_version) else: res = _("Aborted") return res def do_action(self, action, rule, ip_version, force=False): '''Perform action on rule. action, rule and ip_version are usually based on return values from parse_command(). ''' res = "" if action.startswith("logging-on"): tmp = action.split('_') if len(tmp) > 1: res = self.set_loglevel(tmp[1]) else: res = self.set_loglevel("on") elif action == "logging-off": res = self.set_loglevel("off") elif action.startswith("default-"): err_msg = _("Unsupported default policy") tmp = action.split('-') if len(tmp) != 3: raise UFWError(err_msg) res = self.set_default_policy(tmp[1], tmp[2]) elif action == "reset": res = self.reset(force) elif action == "status": res = self.get_status() elif action == "status-verbose": res = self.get_status(True) elif action.startswith("show"): tmp = action.split('-')[1] if tmp == "listening": res = self.get_show_listening() elif tmp == "added": res = self.get_show_added() else: res = self.get_show_raw(tmp) elif action == "status-numbered": res = self.get_status(False, True) elif action == "enable": res = self.set_enabled(True) elif action == "disable": res = self.set_enabled(False) elif action == "reload": if self.backend.is_enabled(): self.set_enabled(False) self.set_enabled(True) res = _("Firewall reloaded") else: res = _("Firewall not enabled (skipping reload)") elif action.startswith("delete-"): res = self.delete_rule(action.split('-')[1], force) elif action == "allow" or action == "deny" or action == "reject" or \ action == "limit": # allow case insensitive matches for application rules if rule.dapp != "": try: tmp = self.backend.find_application_name(rule.dapp) if tmp != rule.dapp: rule.dapp = tmp rule.set_port(tmp, "dst") except UFWError as e: # allow for the profile being deleted (LP: #407810) if not rule.remove: # pragma: no cover error(e.value) if not ufw.applications.valid_profile_name(rule.dapp): err_msg = _("Invalid profile name") raise UFWError(err_msg) if rule.sapp != "": try: tmp = self.backend.find_application_name(rule.sapp) if tmp != rule.sapp: rule.sapp = tmp rule.set_port(tmp, "dst") except UFWError as e: # allow for the profile being deleted (LP: #407810) if not rule.remove: # pragma: no cover error(e.value) if not ufw.applications.valid_profile_name(rule.sapp): err_msg = _("Invalid profile name") raise UFWError(err_msg) res = self.set_rule(rule, ip_version) else: err_msg = _("Unsupported action '%s'") % (action) raise UFWError(err_msg) return res def set_default_application_policy(self, policy): '''Sets default application policy of firewall''' res = "" try: res = self.backend.set_default_application_policy(policy) except UFWError as e: # pragma: no cover error(e.value) return res def get_application_list(self): '''Display list of known application profiles''' names = list(self.backend.profiles.keys()) names.sort() rstr = _("Available applications:") for n in names: rstr += "\n %s" % (n) return rstr def get_application_info(self, pname): '''Display information on profile''' names = [] if pname == "all": names = list(self.backend.profiles.keys()) names.sort() else: if not ufw.applications.valid_profile_name(pname): err_msg = _("Invalid profile name") raise UFWError(err_msg) names.append(pname) rstr = "" for name in names: if name not in self.backend.profiles or \ not self.backend.profiles[name]: err_msg = _("Could not find profile '%s'") % (name) raise UFWError(err_msg) if not ufw.applications.verify_profile(name, \ self.backend.profiles[name]): err_msg = _("Invalid profile") raise UFWError(err_msg) rstr += _("Profile: %s\n") % (name) rstr += _("Title: %s\n") % (ufw.applications.get_title(\ self.backend.profiles[name])) rstr += _("Description: %s\n\n") % \ (ufw.applications.get_description(\ self.backend.profiles[name])) ports = ufw.applications.get_ports(self.backend.profiles[name]) if len(ports) > 1 or ',' in ports[0]: rstr += _("Ports:") else: rstr += _("Port:") for p in ports: rstr += "\n %s" % (p) if name != names[len(names)-1]: rstr += "\n\n--\n\n" return ufw.util.wrap_text(rstr) def application_update(self, profile): '''Refresh application profile''' rstr = "" allow_reload = True trigger_reload = False try: # pragma: no cover if self.backend.do_checks and ufw.util.under_ssh(): # Don't reload the firewall if running under ssh allow_reload = False except Exception: # pragma: no cover # If for some reason we get an exception trying to find the parent # pid, err on the side of caution and don't automatically reload # the firewall. LP: #424528 allow_reload = False if profile == "all": profiles = list(self.backend.profiles.keys()) profiles.sort() for p in profiles: (tmp, found) = self.backend.update_app_rule(p) if found: if tmp != "": tmp += "\n" rstr += tmp trigger_reload = found else: (rstr, trigger_reload) = self.backend.update_app_rule(profile) if rstr != "": rstr += "\n" if trigger_reload and self.backend.is_enabled(): if allow_reload: try: self.backend._reload_user_rules() except Exception: raise rstr += _("Firewall reloaded") else: rstr += _("Skipped reloading firewall") return rstr def application_add(self, profile): '''Refresh application profile''' rstr = "" policy = "" if profile == "all": err_msg = _("Cannot specify 'all' with '--add-new'") raise UFWError(err_msg) default = self.backend.defaults['default_application_policy'] if default == "skip": ufw.util.debug("Policy is '%s', not adding profile '%s'" % \ (policy, profile)) return rstr elif default == "accept": policy = "allow" elif default == "drop": policy = "deny" elif default == "reject": policy = "reject" else: err_msg = _("Unknown policy '%s'") % (default) raise UFWError(err_msg) args = [ 'ufw' ] if self.backend.dryrun: args.append("--dry-run") args += [ policy, profile ] try: pr = parse_command(args) except Exception: # pragma: no cover raise if 'rule' in pr.data: rstr = self.do_action(pr.action, pr.data['rule'], \ pr.data['iptype']) else: rstr = self.do_action(pr.action, "", "") return rstr def do_application_action(self, action, profile): '''Perform action on profile. action and profile are usually based on return values from parse_command(). ''' res = "" if action == "default-allow": res = self.set_default_application_policy("allow") elif action == "default-deny": res = self.set_default_application_policy("deny") elif action == "default-reject": res = self.set_default_application_policy("reject") elif action == "default-skip": res = self.set_default_application_policy("skip") elif action == "list": res = self.get_application_list() elif action == "info": res = self.get_application_info(profile) elif action == "update" or action == "update-with-new": str1 = self.application_update(profile) str2 = "" if action == "update-with-new": str2 = self.application_add(profile) if str1 != "" and str2 != "": str1 += "\n" res = str1 + str2 else: err_msg = _("Unsupported action '%s'") % (action) raise UFWError(err_msg) return res def continue_under_ssh(self): '''If running under ssh, prompt the user for confirmation''' proceed = True if self.backend.do_checks and ufw.util.under_ssh(): # pragma: no cover prompt = _("Command may disrupt existing ssh connections. " \ "Proceed with operation (%(yes)s|%(no)s)? ") % \ ({'yes': self.yes, 'no': self.no}) msg(prompt, output=sys.stdout, newline=False) ans = sys.stdin.readline().lower().strip() if ans != "y" and ans != self.yes and ans != self.yes_full: proceed = False return proceed def reset(self, force=False): '''Reset the firewall''' res = "" prompt = _("Resetting all rules to installed defaults. Proceed with " \ "operation (%(yes)s|%(no)s)? ") % \ ({'yes': self.yes, 'no': self.no}) if self.backend.do_checks and ufw.util.under_ssh(): prompt = _("Resetting all rules to installed defaults. This may " \ "disrupt existing ssh connections. Proceed with " \ "operation (%(yes)s|%(no)s)? ") % \ ({'yes': self.yes, 'no': self.no}) if self.backend.do_checks and not force: # pragma: no cover msg(ufw.util.wrap_text(prompt), output=sys.stdout, newline=False) ans = sys.stdin.readline().lower().strip() if ans != "y" and ans != self.yes and ans != self.yes_full: res = _("Aborted") return res if self.backend.is_enabled(): res += self.set_enabled(False) res = self.backend.reset() return res ufw-0.36/locales/0000755000175000017500000000000013404772663012635 5ustar jamiejamieufw-0.36/locales/Makefile0000644000175000017500000000051013261507036014260 0ustar jamiejamieall: for pofile in `ls po/*.po`; do \ lang=$$(basename $$pofile .po); \ echo "msgfmt -c -o mo/$$lang.mo po/$$lang.po"; \ formatted=`msgfmt -c -o mo/$$lang.mo po/$$lang.po 2>&1 | grep fatal` ; \ if [ "$$formatted" != "" ]; then \ exit 1; \ fi; \ done; \ # These are only used in development clean: rm -rf ./*.mo ufw-0.36/locales/mo/0000755000175000017500000000000013404772663013250 5ustar jamiejamieufw-0.36/locales/po/0000755000175000017500000000000013404775052013246 5ustar jamiejamieufw-0.36/locales/po/he.po0000644000175000017500000004607713257507473014226 0ustar jamiejamie# Hebrew translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:18+0000\n" "Last-Translator: Yaron \n" "Language-Team: Hebrew \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "מדיניות לא נתמכת '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(ודא כי עדכנת את הכללים שלך בהתאם)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "בודק את iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "בדוק את ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "בעיה בהפעלה" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "עד" #: src/backend_iptables.py:433 msgid "From" msgstr "מ־" #: src/backend_iptables.py:434 msgid "Action" msgstr "פעולה" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "לא ניתן לפתוח את '%s' לקריאה" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "מדלג על רשומה פגומה במסד הנתונים (אורך שגוי): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "מדלג על רשומה פגומה במסד הנתונים: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "הוספת כלל ה־IPv6 נכשל: IPv6 לא הופעל" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "מדלג על כלל לא נתמך ב־IPv6 '%s'" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "לא ניתן לעדכן את קובץ הכללים" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "הכללים עודכנו" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "הכללים עודכנו (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "הכלל עודכן" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "הכלל נמחק" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "נוסף כלל" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "לא ניתן לעדכן חומת־אש פעילה" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "לא ניתן לבצע stat על '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "הבדיקות בוטלו" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "שגיאה: סקריפט זה לא אמור להיות SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "עליך להיות משתמש על כדי להריץ סקריפט זה" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s נין לכתיבה עולמית!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s ניתן לכתיבה קבוצתית!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "אפשרות שגויה" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "הרישום מנוטרל" #: src/backend.py:608 msgid "Logging enabled" msgstr "הרישום פעיל" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "פתחה שגויה '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "פרוטוקול לא נתמך '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "כתובת המקור שגויה" #: src/common.py:290 msgid "Bad destination address" msgstr "כתובת היעד שגויה" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "נמצאה התאמה מושלמת" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "חומת האש נוטרלה כמו גם הפעלתה עם הפעלת המערכת" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "גירסת ה־IP שגויה '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "התמיכה ב־IPv6 אינה פעילה" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "פתחה שגויה" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "מספר הארגומנטים שגוי" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "זקוק לפיסקת 'to' או 'from'" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "תחביר הכלל שגוי" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "אסימון שגוי '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "פסקת 'proto' שגויה" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "פסקת 'from' שגויה" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "פסקת 'to' שגויה" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "פסקת 'port' שגויה" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "גרסאות IP מעורבות עבור 'from' ו־'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "חוסר תאימות הפרוטוקולים (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "חוסר תאימות הפרוטוקול עם הפרוטוקול שצויין %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "מזהה המשתמש הוא %s אך '%s' שייך ל־%s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "קובץ ה־'%s' '%s' אינו קיים" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "מדיניות ברירת המחדל שונתה ל־'%s'\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "אין התאמה" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "שימוש: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": זקוק ל־python בגירסה 2.5 לפחות)\n" ufw-0.36/locales/po/nl.po0000644000175000017500000006521713257507473014240 0ustar jamiejamie# Dutch translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-03-02 09:30+0000\n" "Last-Translator: rob \n" "Language-Team: Dutch \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Minimaal python 2.6 benodigd)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Afgebroken" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profielmap bestaat niet" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "'%s' overslaan: kon niet bepalen" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Overslaan van '%s': te groot" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Overslaan van '%s': reeds te veel bestanden gelezen" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Overslaan van '%s': kon niet verwerken" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Overslaan van '%s': naam te lang" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Overslaan van '%s': ongeldige naam" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Overslaan van '%s': reeds in /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "'%s' overslaan: veld te lang" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "'%(value)s' overslaan: waarde te lang voor '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Dubbel profiel '%s', laatst gevonden wordt gebruikt" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profiel '%(fn)s' mist vereist veld '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profiel '%(fn)s' heeft leeg vereist veld '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Geen poorten gevonden in profiel '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Ongeldige poorten in profiel '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nieuwe profielen:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Niet-ondersteund beleid '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Niet-ondersteund beleid voor richting '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Standaardbeleid %(direction)s gewijzigd naar '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(zorg dat u uw regels overeenkomstig bijwerkt)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Ruwe iptables controleren\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Ruwe ip6tables controleren\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "iptables controleren\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Ip6tables controleren\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "probleem met uitvoeren van" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status: inactief" #: src/backend_iptables.py:432 msgid "To" msgstr "Naar" #: src/backend_iptables.py:433 msgid "From" msgstr "Van" #: src/backend_iptables.py:434 msgid "Action" msgstr "Actie" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Standaardwaarde: %(in)s (inkomend), %(out)s (uitgaand), %(routed)s (omgeleid)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: actief\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: actief%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "ufw-init uitvoeren" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "probleem met uitvoeren van ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Kon LOGNIVEAU niet instellen" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Kon logregels niet laden" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Kon '%s' niet voor lezen openen" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Misvormde tupel overslaan (ongeldige lengte): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Misvormde tupel overslaan (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Misvormde tupel overslaan: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' is niet beschrijfbaar" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "IPv6-regel toevoegen mislukt: IPv6 niet ingeschakeld" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Overslaan van niet-ondersteunde IPv6 '%s'-regel" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Overslaan van niet ondersteunde IPv4 '%s'-regel" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Moet 'tcp' of 'udp' met meerdere poorten specificeren" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "IPv6-programmaregel wordt genegeerd. Ten minste versie 1.4 van iptables is " "vereist." #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Ongeldige positie '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Kan invoeren en verwijderen niet specificeren" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Kan regel niet invoeren op positie '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Invoeren van bestaande regel overslaan" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Kon niet-bestaande regel niet verwijderen" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Toevoegen van bestaande regel overslaan" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Kon regelsbestand niet bijwerken" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regels bijgewerkt" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regels bijgewerkt (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regel ingevoerd" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regel bijgewerkt" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (herladen van firewall overgeslagen)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regel verwijderd" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regel toegevoegd" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Kon draaiende firewall niet bijwerken" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Kon '%s' niet uitvoeren" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Kon regelsbestand niet bijwerken voor log" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Ongeldig logniveau '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Kon '%s' niet vinden. Wordt nu afgebroken." #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' bestaat al. Wordt nu afgebroken." #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Er wordt een reservekopie gemaakt van '%(old)s' naar '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Kon '%s' niet in statistiek brengen" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "WAARSCHUWING: iedereen heeft schrijfrechten voor '%s'" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "WAARSCHUWING: iedereen heeft leesrechten voor '%s'" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Kon iptables-versie niet bepalen" #: src/backend.py:143 msgid "problem running sysctl" msgstr "probleem met uitvoeren van sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Controles geannuleerd" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "FOUT: dit script zou geen SUID moeten zijn" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "FOUT: dit script zou geen SGID moeten zijn" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "U moet root zijn om dit script uit te voeren" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' bestaat niet" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid is %(uid)s maar '%(path)s' is van %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s kan door iedereen bewerkt worden!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s kan door de groep bewerkt worden!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' bestand '%(name)s' bestaat niet" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Missend beleid voor '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Ongeldig beleid '%(policy)s' voor '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Ongeldige optie" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Standaard programmabeleid gewijzigd naar '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Geen regels gevonden voor programmaprofiel" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regels bijgewerkt voor profiel '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Kon programmaregels niet bijwerken" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Meerdere resultaten gevonden voor '%s'. Geef de exacte profielnaam op" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Geen zoekresultaten gevonden voor '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Loggen: " #: src/backend.py:579 msgid "unknown" msgstr "onbekend" #: src/backend.py:606 msgid "Logging disabled" msgstr "Loggen uitschakeld" #: src/backend.py:608 msgid "Logging enabled" msgstr "Loggen ingeschakeld" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Ongeldige poort '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Niet-ondersteund protocol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Ongeldig bronadres" #: src/common.py:290 msgid "Bad destination address" msgstr "Ongeldig bestemmingsadres" #: src/common.py:298 msgid "Bad interface type" msgstr "Slecht interfacetype" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Slechte interfacenaam: volgend teken is ongeldig: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Slechte interfacenaam" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Slechte interfacenaam: kan interface-aliases niet gebruiken" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Invoerpositie '%s' is geen geldige positie" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Ongeldig logtype '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Niet-ondersteunde richting '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Kon bronadres niet normaliseren" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Kon bestemmingsadres niet normaliseren" #: src/common.py:425 msgid "Found exact match" msgstr "Exacte overeenkomst gevonden" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Niet-actie/niet-logtype-overeenkomst gevonden: (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Gebruik: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s de firewall inschakelen\n" " %(disable)-31s de firewall uitschakelen\n" " %(default)-31s standaardbeleid instellen\n" " %(logging)-31s logniveau instellen op %(level)s\n" " %(allow)-31s toestaan-%(rule)s toevoegen\n" " %(deny)-31s (stil) blokkeren-%(rule)s toevoegen\n" " %(reject)-31s blokkeren-%(rule)s toevoegen\n" " %(limit)-31s beperken-%(rule)s toevoegen\n" " %(delete)-31s %(urule)s verwijderen\n" " %(insert)-31s %(urule)s invoeren op positie %(number)s\n" " %(reload)-31s firewall herladen\n" " %(reset)-31s firewall resetten\n" " %(status)-31s firewall-status tonen\n" " %(statusnum)-31s firewall-status tonen als genummerde lijst van %(rules)s\n" " %(statusverbose)-31s firewall-status tonen met extra informatie\n" " %(show)-31s firewall-rapport tonen\n" " %(version)-31s versie-informatie tonen\n" "\n" "%(appcommands)s:\n" " %(applist)-31s programmaprofielen tonen\n" " %(appinfo)-31s informatie tonen van %(profile)s\n" " %(appupdate)-31s %(profile)s bijwerken\n" " %(appdefault)-31s standaardprogrammabeleid instellen\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "ja" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall is actief en ingeschakeld bij het opstarten van het systeem" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" "Firewall is gestopt en uitgeschakeld bij het opstarten van het systeem" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Kon geen luisterstatus verkrijgen" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Toegevoegde gebruikersregels (zie 'ufw-status' voor draaiende firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Geen)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Ongeldige IP-versie '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Ongeldige positie '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6-ondersteuning niet ingeschakeld" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regel gewijzigd na normalisatie" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Kon regel '%s' niet weigeren" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Fout bij toepassen van programmaregels" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Sommige regels konden niet uitgeschakeld worden." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Regels succesvol uitgeschakeld." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Kon regel '%s' niet vinden" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Kon regel '%d' niet vinden" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Verwijderen:\n" " %(rule)s\n" "Opdracht uitvoeren (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Niet-ondersteund standaardbeleid" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall herstart" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall niet ingeschakeld (herstarten overslaan)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Ongeldige profielnaam" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Niet-ondersteunde actie '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Beschikbare programma's:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Kon profiel '%s' niet vinden" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Ongeldig profiel" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profiel: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Titel: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Omschrijving: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Poorten:" #: src/frontend.py:741 msgid "Port:" msgstr "Poort:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Herstarten van firewall overgeslagen" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Kan 'all' niet met '--add-new' specificeren" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Onbekend beleid '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Deze opdracht kan mogelijk bestaande bestaande ssh-verbindingen verstoren. " "Opdracht uitvoeren (%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Alle regels terugzetten naar de standaardwaarden. Uitvoeren " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Alle regels terugzetten naar de standaardwaarden. Deze opdracht kan mogelijk " "bestaande bestaande ssh-verbindingen verstoren. Opdracht uitvoeren " "(%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Kan geen regel invoeren op positie '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Ongeldige interface-clausule" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Optie 'log' niet toegestaan hier" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Optie 'log-all' niet toegestaan hier" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Ongeldige poort" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Poortbereik moeten numeriek zijn" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Ongeldige poort met protocol '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Ongeldig aantal argumenten" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "'to' of 'from'-clausule vereist" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Onjuiste regelsyntaxis" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Ongeldige token '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Ongeldige 'proto'-clausule" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Ongeldige '%s'-clausule" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Ongeldige 'from'-clausule" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Ongeldige 'to'-clausule" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "'from' of 'to' benodigd voor '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Ongeldige 'port'-clausule" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Gemengde IP-versies voor 'from' en 'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Kon protocol niet vinden" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protocol-mismatch (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocol-mismatch met protocol %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Onjuiste regelsyntaxis ('%s' gespecificeerd met programmaregel)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Ongeldig IPv6-adres met protocol '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Ongeldige interface-clausule voor omleidingsregel" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Opdracht '%s' bestaat reeds" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Kon pid niet vinden (is /proc aangekoppeld?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Kon ouder-pid voor '%s' niet vinden" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Kan '%s' niet vinden" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Kon uitvoerbaar bestand voor '%s' niet vinden" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Kon geen statistieken verkrijgen voor '%s'" #~ msgid "No match" #~ msgstr "Geen overeenkomst" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid is %s maar van '%s' is %s de eigenaar" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Overslaan van '%s': waarde te lang voor '%s'" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Ten minste versie 2.5 van Python benodigd)\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Commando kan mogelijk actieve ssh-verbindingen verstoren" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Ongeldige opdracht '%s'" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Gebruik: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s Firewall inschakelen\n" #~ " %(disable)-31s Firewall uitschakelen\n" #~ " %(default)-31s Standaard beleid instellen\n" #~ " %(logging)-31s Logniveau instellen op %(level)s\n" #~ " %(allow)-31s Toestaan toevoegen %(rule)s\n" #~ " %(deny)-31s Blokkeren (stil) toevoegen %(rule)s\n" #~ " %(reject)-31s Blokkeren toevoegen %(rule)s\n" #~ " %(limit)-31s Limiet toevoegen %(rule)s\n" #~ " %(delete)-31s Verwijderen %(urule)s\n" #~ " %(insert)-31s %(urule)s invoeren op %(number)s\n" #~ " %(reset)-31s Firewall herstellen\n" #~ " %(status)-31s Firewallstatus tonen\n" #~ " %(statusnum)-31s Firewallstatus tonen als genummerde lijst van %(rules)s\n" #~ " %(statusverbose)-31s Verbose firewallstatus tonen\n" #~ " %(show)-31s Firewallrapport tonen\n" #~ " %(version)-31s Versie-informatie tonen\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s Programmaprofielen tonen\n" #~ " %(appinfo)-31s Informatie tonen over %(profile)s\n" #~ " %(appupdate)-31s Update %(profile)s\n" #~ " %(appdefault)-31s Standaard programmabeleid instellen\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Standaard: %(in)s (binnenkomend), %(out)s (uitgaand)" ufw-0.36/locales/po/sl.po0000644000175000017500000006544013257507473014243 0ustar jamiejamie# Slovenian translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-11-25 20:06+0000\n" "Last-Translator: Andrej Znidarsic \n" "Language-Team: Slovenian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": zahtevan je najmanj python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Preklicano" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Mapa profilov ne obstaja" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Preskok '%s': ukaza stat ni mogoče izvesti" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Preskok '%s': preveliko" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Preskok '%s': preveč prebranih datotek" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Preskok '%s': ni mogoče obdelati" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Preskok '%s': ime je predolgo" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Preskok '%s': neveljavno ime" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Preskok '%s': tudi v /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Preskok '%s': polje je predolgo" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Preskok '%(value)s': vrednost je predolga za '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Dvojnik profila '%s', uporaba zadnjega najdenega" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profilu '%(fn)s' manjka zahtevano polje '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profil '%(fn)s' ima prazno zahtevno polje '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "V profilu '%s' ni mogoče najti vrat" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Neveljavna vrata v profilu '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Novi profili:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Nepodprta pravila '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Nepodprta pravila za smer '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Privzeto pravilo %(direction)s spremenjeno v '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(zagotovite ustrezno posodabljanje vaših pravil)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Preverjanje surovih iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Preverjanje surovih ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Preverjanje iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Preverjanje ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "težave z zagonom" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Stanje nedejavno" #: src/backend_iptables.py:432 msgid "To" msgstr "Za" #: src/backend_iptables.py:433 msgid "From" msgstr "Od" #: src/backend_iptables.py:434 msgid "Action" msgstr "Dejanje" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Privzeto: %(in)s (dohodni), %(out)s (odhodni), %(routed)s (usmerjeni)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Stanje: dejavno\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Stanje: dejavno%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "zaganjanje ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "napaka med izvajanjem ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "RAVNIDNEVNIKA ni mogoče nastaviti" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Pravil beleženja ni mogoče naložiti" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "'%s' ni mogoče odpreti za branje" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Preskok slabo oblikovane n-terice (napačna dolžina): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Preskok slabo oblikovane n-terice: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' ni zapisljivo" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Dodajanje pravil za IPv6 ni uspelo: IPv6 ni omogočen" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Izpustitev nepodprtega pravila za IPv6 '%s'" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Preskok nepodprtega pravila IPv4 '%s'" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Potrebno je določiti 'tcp' ali 'udp' z več vrati" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Preskok IPv6 pravila programa. Zahtevan je vsaj iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Neveljaven položaj '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Vstavitve in izbrisa ni mogoče določiti" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Pravila ni mogoče vstaviti na položaj '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Preskok vstavljanja obstoječega pravila" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Neobstoječega pravila ni mogoče izbrisati" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Preskok dodajanja obstoječega prvila" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Datoteke s pravili ni bilo mogoče posodobiti" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Pravila posodobljena" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Pravila posodobljena (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Pravilo je vstavljeno" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Pravilo posodobljeno" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (preskok ponovnega nalaganja požarnega zidu)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Pravilo izbrisano" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Pravilo dodano" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Požarnega zidu ni mogoče posodobiti med tekom" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "'%s' ni mogoče izvesti" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Ni bilo mogoče posodobiti datoteke pravil za beleženje" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Neveljavna raven dnevnika '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Ni mogoče najti '%s'. Prekinitev" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' že obstaja. Prekinitev" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Ustvarjanje varnostne kopije '%(old)s' na '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Ukaza stat ni mogoče izvesti na '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "OPOZORILO: '%s' je splošno zapisljivo" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "OPOZORILO: '%s' lahko bere ves svet" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Ni mogoče določiti različice iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "težave pri izvajanju sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Preverjanje je onemogočeno" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "NAPAKA: ta skripta ne sme biti SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "NAPAKA: ta skripta ne sme biti SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Za zagon te skripte morate biti skrbnik (root)" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' ne obstaja" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid je %(uid)s toda '%(path)s ' nadzira %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "V %s lahko piše kdorkoli!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "V %s lahko pišejo člani skupine!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' datoteka '%(name)s' ne obstaja" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Manjka pravilo za '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Neveljavno pravilo '%(policy)s' za '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "neveljavna možnost" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Privzeto pravilo programa spremenjeno v '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Ni pravil za profil programa" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Pravila za profil '%s' so posodobljena" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Pravil programa ni mogoče posodobiti" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Najdenih je bilo več ujemanj za '%s'. Uporabite točno ime profila" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Profila skladajočega z '%s' ni mogoče najti" #: src/backend.py:575 msgid "Logging: " msgstr "Beleženje: " #: src/backend.py:579 msgid "unknown" msgstr "neznano" #: src/backend.py:606 msgid "Logging disabled" msgstr "Beleženje onemogočeno" #: src/backend.py:608 msgid "Logging enabled" msgstr "Beleženje omogočeno" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Neveljavna vrata '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Nepodprt protokol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Neveljaven izvorni naslov" #: src/common.py:290 msgid "Bad destination address" msgstr "Neveljaven ciljni naslov" #: src/common.py:298 msgid "Bad interface type" msgstr "Slaba vrsta vmesnika" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Slabo ime vmesnika: pridržan znak: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Slabo ime vmesnika" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Slabo ime vmesnika: vzdevkov vmesnika ni mogoče uporabiti" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Vstavljen položaj '%s' ni veljaven položaj" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Neveljavna vrsta dnevnika '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Nepodprta smer '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Izvornega naslova ni mogoče normalizirati" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Ciljnega naslova ni mogoče normalizirati" #: src/common.py:425 msgid "Found exact match" msgstr "Najden točen zadetek" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Najden ne-dejavni/ne-dnevniški zadetek (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Uporaba: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s omogoči požarni zid\n" " %(disable)-31s onemogoči požarni zid\n" " %(default)-31s nastavi privzeti pravilnik\n" " %(logging)-31s nastavi beleženje na %(level)s\n" " %(allow)-31s dodaj dovoli %(rule)s\n" " %(deny)-31s dodaj prepovej %(rule)s\n" " %(reject)-31s dodaj zavrni %(rule)s\n" " %(limit)-31s dodaj omejitev %(rule)s\n" " %(delete)-31s izbriši %(urule)s\n" " %(insert)-31s vstavi %(urule)s na %(number)s\n" " %(reload)-31s ponovno naloži požarni zid\n" " %(reset)-31s ponastavi požarni zid\n" " %(status)-31s prikaži stanje požarnega zidu\n" " %(statusnum)-31s prikaži stanje požarnega zidu kot oštevilčen seznam " "%(rules)s\n" " %(statusverbose)-31s prikaži podrobni izpis stanja požarnega zidu\n" " %(show)-31s prikaži poročilo požarnega zidu\n" " %(version)-31s prikaži podrobnosti različice\n" "%(appcommands)s:\n" " %(applist)-31s navedi profile programov\n" " %(appinfo)-31s prikaži podatke %(profile)s\n" " %(appupdate)-31s posodobi %(profile)s\n" " %(appdefault)-31s nastavi privzet pravilnik programov\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "da" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Požarni zid je dejaven in omogočen ob sistemskem zagonu" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Požarni zid je zaustavljen in onemogočen ob sistemskem zagonu" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Ni mogoče pridobiti stanja poslušanja" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Dodana uporabniška pravila (za izvajanje požarnega zidu si oglejte 'ufw " "status'):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Ničesar)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Neveljavna različica IP '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Neveljaven položaj '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Poodpora za IPv6 ni omogočena" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Pravilo je spremenjeno po izenačenju" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Pravila '%s' ni mogoče umakniti" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Napaka med uveljavljanjem pravil programa" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Nekaterih pravil ni mogoče razveljaviti" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Poskušana pravila so uspešno oduveljavljena" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Ni mogoče najti pravila '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Ni mogoče najti pravila '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Brisanje:\n" " %(rule)s\n" "Nadaljevanje opravila (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Nepodprta privzeta pravila" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Požarni zid je ponovno naložen" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Požarni zid ni onemogočen (preskok ponovnega nalaganja)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Neveljavno ime profila" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Nepodprto dejanje '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Dostopni programi:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Profila '%s' ni mogoče najti" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Neveljaven profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Naslov: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Opis: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Vrata:" #: src/frontend.py:741 msgid "Port:" msgstr "Vrata:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Preskok ponovnega nalaganja požarnega zidu" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Z '--add-new' ni mogoče določiti 'all'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Neznano pravilo '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Ukaz lahko prekine obstoječe povezave ssh. Ali želite nadaljevati z " "opravilom (%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Ponastavljanje vseh pravil na privzete vrednosti. Ali želite nadaljevati z " "opravilom (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Ponastavljanje vseh pravil na privzete vrednosti. Ukaz lahko prekine " "obstoječe povezave ssh. Ali želite nadaljevati z opravilom (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Pravila ni mogoče vstaviti na položaj '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Neveljavna določba vmesnika" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Možnost 'beleži' tukaj ni dovoljena" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Možnost 'beleži-vse' tukaj ni dovoljena" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Neveljavna vrata" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Obseg vrat mora biti število" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Neveljavna vrata s protokolom '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Napačno število argumentov" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Zahtevana je določba 'od' ali 'za'" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Neveljavno pravilo skladnje" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Neveljaven žeton '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Neveljavna določba 'proto'" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Neveljavna določba '%s'" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Neveljavna določba 'od'" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Neveljavna določba 'do'" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Z '%s' je zahtevan 'od' ali 'do'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Neveljavna določba 'vrata'" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Mešane različice IP za 'od' in 'do'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Protokola ni mogoče najti" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Neustrezen protokol (od/do)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Neustrezen protokol z določenim protokolom %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Nepravilna skladnja pravila ('%s' je določen s pravilom programa)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Neveljaven naslov IPv6 s protokolom '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Neveljavna določba vmesnika za pravilo usmerjanja" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Ukaz '%s' že obstaja" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Ni mogoče najti (je /proc priklopljen?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Nadrejenega pid za '%s' ni mogoče najti" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "'%s' ni mogoče najti" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Izvršilne datoteke za '%s' ni mogoče najti" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Ni mogoče pridobiti statistike za '%s'" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid je %s, ampak '%s' je v lasti %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' datoteka '%s' ne obstaja" #~ msgid "No match" #~ msgstr "Brez zadetka" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Uporaba: " #~ msgid "------" #~ msgstr "------" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Potrebujete najmanj python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Privzeto: %(in)s (prihajajoče), %(out)s (odhajajoče)" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Ukaz lahko moti obstoječe povezave ssh." #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Uporaba: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s omogoči požarni zid\n" #~ " %(disable)-31s onemogoči požarni zid\n" #~ " %(default)-31s nastavi privzeto ravnanje\n" #~ " %(logging)-31s nastavi beleženje na %(level)s\n" #~ " %(allow)-31s dodaj dovoljeno %(rule)s\n" #~ " %(deny)-31s dodaj preprečitev %(rule)s\n" #~ " %(reject)-31s dodaj zavrnitev %(rule)s\n" #~ " %(limit)-31s dodaj omejitev %(rule)s\n" #~ " %(delete)-31s izbriši %(urule)s\n" #~ " %(insert)-31s vstavi %(urule)s v %(number)s\n" #~ " %(reset)-31s ponastavi požarni zid\n" #~ " %(status)-31s prikaži stanje požarnega zidu\n" #~ " %(statusnum)-31s prikaži stanje požarnega zidu kot oštevilčen seznam " #~ "%(rules)s\n" #~ " %(statusverbose)-31s prikaži podroben izpis stanja požarnega zidu\n" #~ " %(show)-31s prikaži poročilo o požarnem zidu\n" #~ " %(version)-31s prikaži podrobnosti o različici\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s prikaži profile programa\n" #~ " %(appinfo)-31s prikaži podrobnosti o %(profile)s\n" #~ " %(appupdate)-31s posodobi %(profile)s\n" #~ " %(appdefault)-31s nastavi privzeto ravnanje programa\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Neveljaven ukaz '%s'" ufw-0.36/locales/po/el.po0000644000175000017500000010015413257507473014215 0ustar jamiejamie# Greek translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-09-24 09:35+0000\n" "Last-Translator: sterios prosiniklis \n" "Language-Team: Greek \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Απαιτείται τουλάχιστον python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Ματαιώθηκε" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Ο κατάλογος των προφίλ δεν υπάρχει" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Παράκαμψη '%s':" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Παράκαμψη του '%s': πολύ μεγάλο" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Παράκαμψη του '%s': υπάρχουν ήδη πολλά αρχεία αναγνωσμένα" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Παράκαμψη του '%s': αδυναμία επεξεργασίας" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Παράκαμψη του '%s': πολύ μεγάλο όνομα" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Παράκαμψη του '%s': μη έγκυρο όνομα" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Παράκαμψη του '%s': υπάρχει στο /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Παράκαμψη του '%s': πολύ μεγάλο πεδίο" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" "Παράκαμψη της '%(value)s': η τιμή είναι πολύ μεγάλη για το πεδίο '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Διπλότυπο αρχείο '%s', χρήση του τελευταίου που βρέθηκε" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Το προφίλ του '%(fn)s' υπολείπεται του απαραίτητου πεδίου '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Το προφίλ '%(fn)s' έχει κενό το απαραίτητο πεδίο '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Δεν βρέθηκαν θύρες στο προφίλ '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Άκυρες τιμές θυρών στο προφίλ '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Νέα προφίλ:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Μη υποστηριζόμενη πολιτική '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Μη υποστηριζόμενη πολιτική για την οδηγία '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Η προεπιλεγμένη %(direction)s πολιτική άλλαξε σε '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(φροντίστε να ενημερώσετε τους κανόνες σας ανάλογα)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Έλεγχος ανεπεξέργαστων αρχείων (raw) iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Έλεγχος ανεπεξέργαστων αρχείων (raw) ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Έλεγχος iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Έλεγχος ip6iptables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "πρόβλημα εκτέλεσης" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Κατάσταση: ανενεργό" #: src/backend_iptables.py:432 msgid "To" msgstr "Προς" #: src/backend_iptables.py:433 msgid "From" msgstr "Από" #: src/backend_iptables.py:434 msgid "Action" msgstr "Ενέργεια" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Κατάσταση: ενεργό\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Κατάσταση: ενεργό%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "εκτελείται το ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "πρόβλημα εκτέλεσης του ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Αδυναμία ορισμού LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Αδύνατη η φόρτωση των κανόνων καταχώρησης" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Αδύνατο το άνοιγμα του '%s' για ανάγνωση" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Παράλειψη δύσμορφης πλειάδας (κακό μήκος): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Παράλειψη δύσμορφης πλειάδας: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "Το '%s' δεν είναι εγγράψιμο" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Απέτυχε η προσθήκη κανόνα IPv6: το IPv6 δεν είναι ενεργοποιημένο" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Παράκαμψη μη-υποστηριζόμενου κανόνα IPv6 '%s'" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Παρακάμπτοντας τον μη υποστηριζόμενο κανόνα IPv4 '%s'" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Πρέπει να προσδιορίσετε 'tcp' ή 'udp' με πολλαπλές θύρες" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Παράκαμψη κανόνα εφαρμογής IPv6. Χρειάζεται τουλάχιστον το iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Μη έγκυρη θέση '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Δεν μπορεί να γίνει καθορισμός εισαγωγής και διαγραφής" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Αδύνατη η εισαγωγή κανόνα στην θέση '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Παράλειψη εισαγωγής υπάρχοντος κανόνα" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Αδύνατη η διαγραφή μη υπάρχοντος κανόνα" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Παράλειπεται η προσθήκη υπάρχοντος κανόνα" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Αδύνατη η ενημέρωση του αρχείου κανόνων" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Οι κανόνες ενημερώθηκαν" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Οι κανόνες ενημερώθηκαν (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Ο κανόνας εισήχθηκε" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Ο κανόνας ενημερώθηκε" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (αγνοήθηκε η επαναφόρτωση του τείχους προστασίας)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Ο κανόνας διαγράφηκε" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Ο κανόνας προστέθηκε" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Αδυναμία ενημέρωσης εκτελούμενου τείχους προστασίας" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Αδύνατη η εκτέλεση '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Αδυναμία ενημέρωσης του αρχείου κανόνων για καταγραφή" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Άκυρο επίπεδο αρχείου καταγραφής '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Δεν ήταν δυνατή η εύρεση του '%s'. Γίνεται ακύρωση" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "Το '%s' υπάρχει ήδη. Γίνεται ακύρωση" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Αντιγραφή του '%(old)s' στο '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Αδυναμία stat '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Το '%s' είναι εγγράψιμο από όλους" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "ΠΡΟΕΙΔΟΠΟΙΗΣΗ: Το '%s' είναι αναγνώσιμο από όλους" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Δεν ήταν δυνατή η εξακρίβωση της έκδοσης iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Οι έλεγχοι έχουν απενεργοποιηθεί" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ΣΦΑΛΜΑ: αυτό το σενάριο δε θα έπρεπε να είναι SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ΣΦΑΛΜΑ: αυτό το σενάριο δε θα έπρεπε να είναι SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Απαιτούνται δικαιώματα διαχειριστή για να εκτελεστεί αυτό το σενάριο" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "Το '%s' δεν υπάρχει" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" "Το uid είναι %(uid)s αλλά η διαδρομή '%(path)s' ανήκει στον %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "Το %s είναι εγγράψιμο από όλους!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "Το %s είναι εγγράψιμο από όλη την ομάδα!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "Το όνομα '%(name)s' του αρχείου '%(f)s' δεν υπάρχει" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Λείπει η πολιτική για το '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Μη έγκυρη πολιτική '%(policy)s' για '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Άκυρη επιλογή" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Η προεπιλεγμένη πολιτική της εφαρμογής έχει αλλάξει σε '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Δεν βρέθηκαν κανόνες για το προφίλ της εφαρμογής" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Οι κανόνες ενημερώθηκαν για το προφίλ '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Δεν είναι δυνατή η ενημέρωση των κανόνων της εφαρμογής" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Βρέθηκαν πολλαπλά αποτελέσματα για το '%s'. Παρακαλούμε χρησιμοποιήστε το " "ακριβές όνομα του προφίλ" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Αδυναμία εύρεσης προφίλ που να ταιριάζει με το '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Καταγραφή: " #: src/backend.py:579 msgid "unknown" msgstr "άγνωστο" #: src/backend.py:606 msgid "Logging disabled" msgstr "Καταγραφή απενεργοποιημένη" #: src/backend.py:608 msgid "Logging enabled" msgstr "Καταγραφή ενεργοποιημένη" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Λανθασμένη θύρα '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Μη υποστηριζόμενο πρωτόκολλο '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Λανθασμένη διεύθυνση πηγής" #: src/common.py:290 msgid "Bad destination address" msgstr "Λανθασμένη διεύθυνση προορισμού" #: src/common.py:298 msgid "Bad interface type" msgstr "Λανθασμένος τύπος διεπαφής" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "Λανθασμένο όνομα διεπαφής" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Λανθασμένο όνομα διεπαφής: δεν μπορούν να χρησιμοποιηθούν ψευδώνυμα διεπαφών" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Η θέση εισαγωγής '%s' δεν είναι έγκυρη θέση" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Μη έγκυρος τύπος καταγραφής '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Μη υποστηριζόμενη κατεύθυνση '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Αδυναμία κανονικοποίησης διεύθυνσης πηγής" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Αδυναμία κανονικοποίησης διεύθυνσης προορισμού" #: src/common.py:425 msgid "Found exact match" msgstr "Βρέθηκε ακριβής αντιστοιχία" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Βρέθηκε ταύτιση non-action/non-logtype (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "ο" #: src/frontend.py:165 msgid "y" msgstr "ν" #: src/frontend.py:166 msgid "yes" msgstr "ναι" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" "Το τείχος προστασίας είναι ενεργό και ενεργοποιείται κατά την εκκίνηση του " "συστήματος" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" "Το τείχος προστασίας είναι σταματημένο και δεν ενεργοποιείται κατά την " "εκκίνηση του συστήματος" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Δεν ήταν δυνατή η λήψη της κατάστασης ακρόασης" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Πρόσθετοι κανόνες χρήστη (δείτε την 'κατάσταση του ufw' για την εκτέλεση " "τείχους προστασίας):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Κανένας)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Μη έγκυρη έκδοση IP '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Μη έγκυρη θέση '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Η υποστήριξη για IPv6 δεν είναι ενεργοποιημένη" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Ο κανόνας αλλάχτηκε μετά την κανονικοποίηση" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Αδυναμία υπαναχώρησης από κανόνα '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Σφάλμα κατά την εφαρμογή κανόνων προγράμματος." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Αδυναμία αναίρεσης κάποιων κανόνων." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Επιτυχημένη αναίρεση δοκιμαστικών κανόνων." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Δεν ήταν δυνατή η εύρεση του κανόνα '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Δεν ήταν δυνατή η εύρεση του κανόνα '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Διαγραφή:\n" " %(rule)s\n" "Να συνεχιστεί η ενέργεια (%(yes)s|%(no)s); " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Μη υποστηριζόμενη προεπιλεγμένη πολιτική" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Το τείχος προστασίας επαναφορτώθηκε" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Το τείχος προστασίας δεν είναι ενεργό (παράκαμψη επαναφόρτωσης)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Μη έγκυρο όνομα προφίλ" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Μη υποστηριζόμενη ενέργεια '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Διαθέσιμες εφαρμογές:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Αδυναμία εύρεσης του προφίλ '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Μη έγκυρο προφίλ" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Προφίλ: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Τίτλος: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Περιγραφή: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Θύρες:" #: src/frontend.py:741 msgid "Port:" msgstr "Θύρα:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Η επαναφόρτωση του τείχους προστασίας παρακάμφθηκε" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Αδυναμία προσδιορισμού 'all' με '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Άγνωστη πολιτική '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Είναι πιθανό, η εντολή, να επηρεάσει τις υπάρχουσες συνδέσεις ssh. Να " "συνεχιστεί η ενέργεια (%(yes)s|%(no)s); " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Επαναφορά των κανόνων στους προκαθορισμένους από την εγκατάσταση. Να " "συνεχιστεί η ενέργεια (%(yes)s|%(no)s); " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Επαναφορά των κανόνων στους προκαθορισμένους από την εγκατάσταση. Είναι " "πιθανό να επηρεαστούν οι υπάρχουσες συνδέσεις ssh. Να συνεχιστεί η ενέργεια " "(%(yes)s|%(no)s); " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Αδυναμία εισαγωγής κανόνα στη θέση '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Μη έγκυρη συνιστώσα διεπαφής" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Η επιλογή 'log' δεν επιτρέπεται εδώ" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Η επιλογή 'log-all' δεν επιτρέπεται εδώ" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Λάθος θύρα" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Τα εύρη θυρών πρέπει να είναι αριθμητικά" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Λανθασμένη θύρα με το πρωτόκολλο '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Λάθος αριθμός παραμέτρων" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Χρειάζεται όρο 'προς' ή 'από'" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Μη έγκυρη σύνταξη κανόνα" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Μη έγκυρο αναγνωριστικό '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Μη έγκυρη συνιστώσα 'proto'" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Μη έγκυρη πρόταση '%s'" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Μη έγκυρη πρόταση 'από'" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Μη έγκυρη πρόταση 'προς'" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Χρειάζεται το 'από' ή το 'προς' με '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Μη έγκυρη συνιστώσα 'port'" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Μεικτές εκδόσεις IP για 'από' και 'προς'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Αδυναμία εύρεσης πρωτοκόλλου" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Ασυμβατότητα πρωτοκόλλου (από/προς)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Ασυμβατότητα πρωτοκόλλου με καθορισμένο πρωτόκολλο %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Ακατάλληλη σύνταξη κανόνα ('%s' specified with app rule)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Λανθασμένη διεύθυνση IPv6 με το πρωτόκολλο '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Η εντολή '%s' υπάρχει ήδη" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Αδυναμία εύρεσης του pid (είναι προσαρτημένο το /proc;)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Αδυναμία εύρεσης γονεϊκού pid για '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Αδυναμία εύρεσης του '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Αδυναμία εύρεσης εκτελέσιμου για το '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Δεν ήταν δυνατή η λήψη στατιστικών για το '%s'" #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "Το προφίλ '%s' έχει κενό το απαιτούμενο πεδίο '%s'" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Η προεπιλεγμένη πολιτική άλλαξε σε '%s'\n" #~ msgid "Status: active" #~ msgstr "Κατάσταση: ενεργό" #, python-format #~ msgid "Default: %s" #~ msgstr "Προεπιλεγμένο: %s" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Η εντολή μπορεί να διακόψει υπάρχουσες συνδέσεις ssh." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Προεπιλογή: %(in)s (εισερχόμενα), %(out)s (εξερχόμενα)" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Λανθασμένη εντολή '%s'" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Χρήση: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s ενεργοποιεί το τείχος προστασίας\n" #~ " %(disable)-31s απενεργοποιεί το τείχος προστασίας\n" #~ " %(default)-31s ορισμός της προκαθορισμένης πολιτικής\n" #~ " %(logging)-31s ορισμός των %(level)s καταγραφής\n" #~ " %(allow)-31s προσθήκη ενεργοποίησης %(rule)s\n" #~ " %(deny)-31s προσθήκη απαγόρευσης %(rule)s\n" #~ " %(reject)-31s προσθήκη απόρριψης %(rule)s\n" #~ " %(limit)-31s προσθήκη ορίου %(rule)s\n" #~ " %(delete)-31s διαγραφή %(urule)s\n" #~ " %(insert)-31s εισαγωγή %(urule)s σε %(number)s\n" #~ " %(reset)-31s επαναφορά τοίχους προστασίας\n" #~ " %(status)-31s εμφάνιση κατάστασης τοίχου προστασίας\n" #~ " %(statusnum)-31s εμφάνιση κατάστασης τοίχου προστασίας ως αριθμημένη λίστα " #~ "%(rules)s\n" #~ " %(statusverbose)-31s εμφάνιση λεπτομερούς κατάστασης του τοίχους " #~ "προστασίας\n" #~ " %(show)-31s εμφάνιση αναφοράς του τοίχους προστασίας\n" #~ " %(version)-31s εμφάνιση πληροφοριών έκδοσης\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s εμφάνιση των προφίλ εφαρμογών\n" #~ " %(appinfo)-31s εμφάνιση πληροφοριών σχετικά με τα %(profile)s εφαρμογών\n" #~ " %(appupdate)-31s ενημέρωση %(profile)s\n" #~ " %(appdefault)-31s ορισμός προεπιλεγμένης πολιτικής εφαρμογών\n" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Είναι απαραίτητη η python 2.5 ή νεότερη\n" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Στο προφίλ '%s' λείπει το απαιτούμενο πεδίο '%s'" #~ msgid "No match" #~ msgstr "Δε βρέθηκε" ufw-0.36/locales/po/lv.po0000644000175000017500000004125713257507473014246 0ustar jamiejamie# Latvian translation for ufw # Copyright (c) 2014 Rosetta Contributors and Canonical Ltd 2014 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2014. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-06-06 18:47+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Latvian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Atsaukts" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/ru.po0000644000175000017500000010120613257507473014242 0ustar jamiejamie# Russian translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2013-03-09 17:21+0000\n" "Last-Translator: Sergey Basalaev \n" "Language-Team: Russian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Необходим python версии не ниже 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Прервано" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Каталог профилей не существует" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Пропуск «%s»: невозможно собрать статистику" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Пропуск «%s»: слишком велико" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Пропуск «%s»: слишком много файлов уже прочитано" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Пропуск «%s»: невозможно обработать" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Пропуск «%s»: слишком длинное имя файла" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Пропуск «%s»: недопустимое имя" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Пропуск «%s»: информация уже находится в /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Пропуск «%s»: поле слишком большое" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Пропуск «%(value)s»: значение слишком велико для «%(field)s»:" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Профиль «%s» дублируется, будет использован последний найденный" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "В профиле «%(fn)s» пропущено обязательное поле «%(f)s»" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Профиль «%(fn)s» содержит пустое обязательное поле «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Не указаны порты в профиле «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Неверные порты в профиле «%s»" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Новые профили:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Неподдерживаемое правило «%s»" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Неподдерживаемое правило для направления «%s»" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Правило по умолчанию %(direction)s изменено на «%(policy)s»\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(не забудьте соответственно обновить правила)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Проверка рядов iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Проверка рядов ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Проверка iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Проверка ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "проблема запуска" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Состояние: неактивен" #: src/backend_iptables.py:432 msgid "To" msgstr "В" #: src/backend_iptables.py:433 msgid "From" msgstr "Из" #: src/backend_iptables.py:434 msgid "Action" msgstr "Действие" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Состояние: активен\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Состояние: активен%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "выполнение ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "проблема запуска ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Не удалось установить LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Не удалось загрузить правила ведения журнала" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Не удалось открыть «%s» для чтения" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Пропуск некорректных элементов (неверная длина): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Пропуск некорректных элементов: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "«%s» недоступен для записи" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Сбой при добавлении правила IPv6: IPv6 не включён" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Пропуск неподдерживаемого правила «%s» для IPv6" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Пропуск не поддерживаемого правила «%s» для IPv4" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "При нескольких портах должно быть указано «tcp» или «udp»" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Пропуск правила приложения IPv6. Требуется iptables версии не ниже 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Неверная позиция «%d»" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Не удалось распознать вставку или удаление" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Не удалось вставить правило в позицию «%d»" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Пропуск вставки существующего правила" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Невозможно удалить несуществующее правило" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Пропуск добавления уже существующего правила" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Не удалось обновить файл правил" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Правила обновлены" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Правила обновлены (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Правило вставлено" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Правило обновлено" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (пропущен перезапуск брандмауэра)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Правило удалено" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Правило добавлено" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Не удалось обновить запущенный межсетевой экран" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Не удалось выполнить «%s»" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Не удалось обновить файл правил журналирования" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Неверный уровень журналирования «%s»" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Не удалось найти «%s». Пропуск" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "«%s» уже существует. Пропуск" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Резервное копирование «%(old)s» в «%(new)s»\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Не удалось получить статус «%s»" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "Предупреждение: «%s» доступен для записи всем" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "Предупреждение: «%s» доступен для чтения всем" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Не удалось определить версию iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "ошибка при выполнении sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Проверки выключены" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "Ошибка: этот сценарий не должен быть SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "Ошибка: этот сценарий не должен быть SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Для запуска этого сценария требуются права администратора" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "«%s» не существует" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid %(uid)s, но «%(path)s» занят %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s доступен для записи всем!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s доступен для записи группе!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "«%(f)s» файл «%(name)s» не существует" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Отсутствует правило для «%s»" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Неверное правило «%(policy)s» для «%(chain)s»" #: src/backend.py:298 msgid "Invalid option" msgstr "Неверный параметр" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Правило приложения по умолчанию изменено на «%s»" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Не найдено правил для профиля приложения" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Правила для профиля «%s» обновлены" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Не удалось обновить правила приложения" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Найдены множественные совпадения для «%s». Используйте точное название " "профиля" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Не найдено профилей соответствующих «%s»" #: src/backend.py:575 msgid "Logging: " msgstr "Журналирование: " #: src/backend.py:579 msgid "unknown" msgstr "неизвестный" #: src/backend.py:606 msgid "Logging disabled" msgstr "Журналирование отключено" #: src/backend.py:608 msgid "Logging enabled" msgstr "Журналирование включено" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Недопустимый порт «%s»" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Неподдерживаемый протокол «%s»" #: src/common.py:280 msgid "Bad source address" msgstr "Недопустимый адрес источника" #: src/common.py:290 msgid "Bad destination address" msgstr "Недопустимый адрес назначения" #: src/common.py:298 msgid "Bad interface type" msgstr "Неверный тип интерфейса" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Неверное имя интерфейса: зарезервированный символ: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Неверное имя интерфейса" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Неверное имя интерфейса: невозможно использовать псевдонимы интерфейса" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Неверная позиция вставки «%s»" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Неверный тип журнала «%s»" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Неподдерживаемое направление «%s»" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Не удалось привести адрес источника к стандартному виду" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Не удалось привести адрес назначения к стандартному виду" #: src/common.py:425 msgid "Found exact match" msgstr "Найдено точное совпадение" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Найдено non-action/non-logtype совпадение (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Использование: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s включить брандмауэр\n" " %(disable)-31s отключить брандмауэр\n" " %(default)-31s установить политику по умолчанию\n" " %(logging)-31s задать уровень журналирования %(level)s\n" " %(allow)-31s добавить allow %(rule)s\n" " %(deny)-31s добавить deny %(rule)s\n" " %(reject)-31s добавить reject %(rule)s\n" " %(limit)-31s добавить limit %(rule)s\n" " %(delete)-31s удалить %(urule)s\n" " %(insert)-31s вставить %(urule)s в позиции %(number)s\n" " %(reload)-31s перезагрузить брандмауэр\n" " %(reset)-31s сбросить брандмауэр\n" " %(status)-31s показать статус брандмауэра\n" " %(statusnum)-31s показать статус брандмауэра как нумерованый список " "%(rules)s\n" " %(statusverbose)-31s показать подробное состояние брандмауэра\n" " %(show)-31s показать отчёт брандмауэра\n" " %(version)-31s показать информацию о версии\n" "\n" "%(appcommands)s:\n" " %(applist)-31s показать профили приложения\n" " %(appinfo)-31s показать информацию о %(profile)s\n" " %(appupdate)-31s обновить %(profile)s\n" " %(appdefault)-31s установить политику приложения по умолчанию\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "да" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Межсетевой экран включён и будет запускаться при запуске системы" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Межсетевой экран отключён и не будет запускаться при запуске системы" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Не удалось получить состояние прослушивания" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Добавленные правила пользователя (см. 'ufw status' межсетевого экрана):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Отсутствует)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Неверная версия IP «%s»" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Неверная позиция '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Поддержка IPv6 не включена" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Правило изменено после нормализации" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Не удалось вернуть правило «%s»" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Ошибка применения правил приложения." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Некоторые правила не могут быть отменены." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Пробные правила отменены успешно." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Не удалось найти правило «%s»" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Не удалось найти правило «%d»" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Удаление:\n" " %(rule)s\n" "Продолжить операцию (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Неподдерживаемое правило по умолчанию" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Брандмауэр перезагружен" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Межсетевой экран не включён (перезагрузка пропущена)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Неправильное имя профиля" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Неподдерживаемое действие «%s»" #: src/frontend.py:700 msgid "Available applications:" msgstr "Доступные приложения:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Не удалось найти профиль «%s»" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Неправильный профиль" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Профиль: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Заголовок: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Описание: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Порты:" #: src/frontend.py:741 msgid "Port:" msgstr "Порт:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Пропущена перезагрузка брандмауэра" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Нельзя указывать «all» вместе с «--add-new»" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Неизвестное правило «%s»" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Команда может разорвать существующие соединения ssh. Продолжить операцию " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Сброс всех правил к значениям по умолчанию. Продолжить операцию " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Сброс всех правил к значениям по умолчанию. Это может разорвать существующие " "соединения ssh. Продолжить операцию (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Не удалось добавить правило в позицию «%s»" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Неверное расположение интерфейса" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Параметр 'log' здесь недопустим" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Параметр 'log-all' здесь недопустим" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Недопустимый порт" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Интервалы портов должны быть численными" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Неверный порт для протокола «%s»" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Неверное количество аргументов" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Необходимо условие «to» или «from»" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Недопустимый синтаксис правила" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Некорректный символ «%s»" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Неверное условие «proto»" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Неверное условие «%s»" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Неверное условие «from»" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Неверное условие «to»" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Необходимо указать «from» или «to» для «%s»" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Неверное условие «port»" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Указаны разные версии IP для «from» и «to»" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Не удалось найти протокол" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Несоответствие протокола (из/в)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Несоответствие протокола с указанным протоколом %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Неверный синтаксис правила («%s» указан с правилом для приложения)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Неверный адрес IPv6 с протоколом «%s»" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Команда «%s» уже существует" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Не удалось найти pid (убедитесь, что каталог /proc смонтирован)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Не удалось найти родительский pid для «%s»" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Не удалось найти «%s»" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Не удалось найти исполняемый файл для «%s»" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Не удалось получить статистику для «%s»" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid назначен %s, однако владельцем '%s' является %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' файл '%s' не существует" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Политика \"По умолчанию\" изменена в '%s'\n" #~ msgid "----" #~ msgstr "---" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Нет соответствия" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Использование: " #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Команда может оборвать существующие соединения ssh." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "По умолчанию: %(in)s (входящие), %(out)s (исходящие)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Использование: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s включить межсетевой экран\n" #~ " %(disable)-31s отключить межсетевой экран\n" #~ " %(default)-31s задать правило по умолчанию\n" #~ " %(logging)-31s задать уровень журналирования %(level)s\n" #~ " %(allow)-31s добавить allow %(rule)s\n" #~ " %(deny)-31s добавить deny %(rule)s\n" #~ " %(reject)-31s добавить reject %(rule)s\n" #~ " %(limit)-31s добавить limit %(rule)s\n" #~ " %(delete)-31s удалить %(urule)s\n" #~ " %(insert)-31s вставить %(urule)s в позиции %(number)s\n" #~ " %(reset)-31s сбросить межсетевой экран\n" #~ " %(status)-31s показать состояние межсетевого экрана\n" #~ " %(statusnum)-31s показать состояние межсетевого экрана как нумерованный " #~ "список %(rules)s\n" #~ " %(statusverbose)-31s показать подробное состояние межсетевого экрана\n" #~ " %(show)-31s показать отчёт межсетевого экрана\n" #~ " %(version)-31s отобразить информацию о версии\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s список профилей приложения\n" #~ " %(appinfo)-31s показать информацию по %(profile)s\n" #~ " %(appupdate)-31s обновить %(profile)s\n" #~ " %(appdefault)-31s задать правило приложения по умолчанию\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Неверная команда «%s»" ufw-0.36/locales/po/de.po0000644000175000017500000005134113257507473014210 0ustar jamiejamie# German translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-11-09 18:41+0000\n" "Last-Translator: Keruskerfuerst \n" "Language-Team: German \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Es wird mindestens Python 2.6 benötigt)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Abgebrochen" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Verzeichnis für Profile existiert nicht" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "»%(value)s« wird übersprungen: Wert zu lang für »%(field)s«" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profil »%(fn)s« fehlt das benötigte Feld »%(f)s«" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Das benötigte Feld »%(f)s« für Profil »%(fn)s« ist leer" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Nicht unterstützte Standardeinstellung '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Nicht unterstützte Regel für Richtung »%s«" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Voreingestellte %(direction)s-Regel in »%(policy)s« geändert\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(die Regeln müssen entsprechend aktualisiert werden)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Kontrolliere iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Kontrolliere ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "Problem beim Aufruf von" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "Zu" #: src/backend_iptables.py:433 msgid "From" msgstr "Von" #: src/backend_iptables.py:434 msgid "Action" msgstr "Aktion" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Voreinstellung: %(in)s (eingehend), %(out)s (abgehend), %(routed)s (gesendet)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "Problem bei der Ausführung von ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Konnte '%s' nicht zum Lesen öffnen" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Überspringe falsch geformtes Tupel (ungültige Länge): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Überspringe falsch geformtes Tupel: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Hinzufügen von IPv6-Regel schlug fehl: IPv6 nicht aktiviert" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Überspringe nicht unterstützte IPv6 Regel '%s'" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Nicht unterstützte IPv4-»%s«-Regel werden übersprungen" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Konnte Regeldatei nicht aktualisieren" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regeln aktualisiert" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regeln aktualisiert (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regel aktualisiert" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regel gelöscht" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regel hinzugefügt" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Konnte laufende Firewall nicht aktualisieren" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Konnte stat für '%s' nicht aufrufen" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Iptables-Version konnte nicht ermittelt werden" #: src/backend.py:143 msgid "problem running sysctl" msgstr "Problem bei der Ausführung von sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontrollen deaktiviert" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "FEHLER: SUID-Bit sollte nicht gesetzt sein" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "FEHLER: SGID-Bit sollte nicht gesetzt sein" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Es werden Root-Rechte benötigt, um dieses Skript auszuführen" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s hat Schreibrechte für jeden Benutzer" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s hat Gruppenschreibrechte" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Ungültige Option" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "Loggen wurde deaktiviert" #: src/backend.py:608 msgid "Logging enabled" msgstr "Loggen wurde aktiviert" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Fehlerhafte Portangabe '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Nicht unterstütztes Protokoll '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Fehlerhafte Quellenadresse" #: src/common.py:290 msgid "Bad destination address" msgstr "Fehlerhafte Zieladresse" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Fehlerhafter Schnittstellenname: belegtes Zeichen: »!«" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "Exakte Übereinstimmung gefunden" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Aufruf: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s aktiviert Firewall\n" " %(disable)-31s deaktiviert Firewall\n" " %(default)-31s legt Standardrichtlinien fest\n" " %(logging)-31s legt Protokollierung fest für %(level)s\n" " %(allow)-31s fügt Zulassen %(rule)s hinzu\n" " %(deny)-31s fügt Verweigern %(rule)s hinzu\n" " %(reject)-31s fügt Zurückweisen %(rule)s hinzu\n" " %(limit)-31s fügt Grenzwert %(rule)s hinzu\n" " %(delete)-31s löscht %(urule)s\n" " %(insert)-31s setzt %(urule)s bei %(number)s ein\n" " %(reload)-31s lädt Firewall neu\n" " %(reset)-31s richtet Fireall neu ein\n" " %(status)-31s zeigt den Firewall-Status\n" " %(statusnum)-31s zeigt den Firewall-Status als nummerierte Liste %(rules)s\n" " %(statusverbose)-31s zeigt den ausführlichen Firewall-Status\n" " %(show)-31s zeigt den Firewall-Bericht\n" " %(version)-31s zeigt Versions-Informationen\n" "\n" "%(appcommands)s:\n" " %(applist)-31s Anwendungs-listet Anwendungsprofile auf\n" " %(appinfo)-31s zeigt Informationen %(profile)s\n" " %(appupdate)-31s aktualisiert %(profile)s\n" " %(appdefault)-31s richtet Standardanwendungsrichtlinien ein\n" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall deaktiviert und beim Systemstart deaktiviert" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Benutzerregeln hinzugefügt (siehe »ufw status« für aktive Firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Keine)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Ungültige IP Version '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Unterstützung für IPv6 nicht aktiviert" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Ungültiger Port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Falsche Anzahl an Argumenten" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Benötige 'to' oder 'from' Angabe" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Ungültige Regelsyntax" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Ungültiges Token '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Ungültige 'proto' Angabe" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Ungültige 'from' Angabe" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Ungültige 'to' Angabe" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Ungültige 'port' Angabe" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Unterschiedliche IP-Versionen für 'from' und 'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Ungleiche Protokolle (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Ungleiche Protokolle bei spezifiziertem Protokoll %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Es wird mindestens Python 2.5 benötigt)\n" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Nutzung: " #~ msgid "No match" #~ msgstr "Keine Übereinstimmung" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "Benutzer-ID (UID) ist %s, aber Besitzer von '%s' ist %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' Datei '%s' existiert nicht" #~ msgid "------" #~ msgstr "------" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Standardrichtlinien auf '%s' geändert\n" ufw-0.36/locales/po/en_AU.po0000644000175000017500000006332713257507473014616 0ustar jamiejamie# English (Australia) translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2011-05-29 12:56+0000\n" "Last-Translator: Joel Pickett \n" "Language-Team: English (Australia) \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Need at least python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Aborted" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profiles directory does not exist" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Skipping '%s': couldn't stat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Skipping '%s': too big" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Skipping '%s': too many files read already" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Skipping '%s': couldn't process" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Skipping '%s': name too long" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Skipping '%s': invalid name" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Skipping '%s': also in /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Skipping '%s': field too long" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Skipping '%(value)s': value too long for '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Duplicate profile '%s', using last found" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profile '%(fn)s' missing required field '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profile '%(fn)s' has empty required field '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "No ports found in profile '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Invalid ports in profile '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "New profiles:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Unsupported policy '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Unsupported policy for direction '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Default %(direction)s policy changed to '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(be sure to update your rules accordingly)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Checking raw iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Checking raw ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Checking iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Checking ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problem running" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status: inactive" #: src/backend_iptables.py:432 msgid "To" msgstr "To" #: src/backend_iptables.py:433 msgid "From" msgstr "From" #: src/backend_iptables.py:434 msgid "Action" msgstr "Action" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: active%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "running ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problem running ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Could not set LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Could not load logging rules" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Couldn't open '%s' for reading" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Skipping malformed tuple (bad length): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Skipping malformed tuple (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Skipping malformed tuple: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' is not writeable" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Adding IPv6 rule failed: IPv6 not enabled" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Skipping unsupported IPv6 '%s' rule" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Skipping unsupported IPv4 '%s' rule" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Must specify 'tcp' or 'udp' with multiple ports" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Skipping IPv6 application rule. Need at least iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Invalid position '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Cannot specify insert and delete" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Cannot insert rule at position '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Skipping inserting existing rule" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Could not delete non-existent rule" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Skipping adding existing rule" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Couldn't update rules file" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Rules updated" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Rules updated (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Rule inserted" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Rule updated" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (skipped reloading firewall)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Rule deleted" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Rule added" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Could not update running firewall" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Could not perform '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Couldn't update rules file for logging" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Invalid log level '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Could not find '%s'. Aborting" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' already exists. Aborting" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Backing up '%(old)s' to '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Couldn't stat '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "WARN: '%s' is world writable" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "WARN: '%s' is world readable" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Couldn't determine iptables version" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problem running sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Checks disabled" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERROR: this script should not be SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERROR: this script should not be SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "You need to be root to run this script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' does not exist" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s is world writable!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s is group writable!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' file '%(name)s' does not exist" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Missing policy for '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Invalid policy '%(policy)s' for '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Invalid option" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Default application policy changed to '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "No rules found for application profile" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Rules updated for profile '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Couldn't update application rules" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Found multiple matches for '%s'. Please use exact profile name" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Could not find a profile matching '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Logging: " #: src/backend.py:579 msgid "unknown" msgstr "unknown" #: src/backend.py:606 msgid "Logging disabled" msgstr "Logging disabled" #: src/backend.py:608 msgid "Logging enabled" msgstr "Logging enabled" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Bad port '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Unsupported protocol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Bad source address" #: src/common.py:290 msgid "Bad destination address" msgstr "Bad destination address" #: src/common.py:298 msgid "Bad interface type" msgstr "Bad interface type" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Bad interface name: reserved character: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Bad interface name" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Bad interface name: can't use interface aliases" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Insert position '%s' is not a valid position" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Invalid log type '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Unsupported direction '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Could not normalise source address" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Could not normalise destination address" #: src/common.py:425 msgid "Found exact match" msgstr "Found exact match" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "yes" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall is active and enabled on system startup" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall stopped and disabled on system startup" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Could not get listening status" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Added user rules (see 'ufw status' for running firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(None)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Invalid IP version '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Invalid position '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6 support not enabled" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Rule changed after normalisation" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Could not back out rule '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Error applying application rules." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Some rules could not be unapplied." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Attempted rules successfully unapplied." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Could not find rule '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Could not find rule '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Unsupported default policy" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall reloaded" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall not enabled (skipping reload)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Invalid profile name" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Unsupported action '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Available applications:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Could not find profile '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Invalid profile" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profile: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Title: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Description: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Ports:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Skipped reloading firewall" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Cannot specify 'all' with '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Unknown policy '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Cannot insert rule at position '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Invalid interface clause" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Option 'log' not allowed here" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Option 'log-all' not allowed here" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Bad port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Port ranges must be numeric" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Invalid port with protocol '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Wrong number of arguments" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Need 'to' or 'from' clause" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Improper rule syntax" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Invalid token '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Invalid 'proto' clause" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Invalid '%s' clause" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Invalid 'from' clause" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Invalid 'to' clause" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Need 'from' or 'to' with '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Invalid 'port' clause" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Mixed IP versions for 'from' and 'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Could not find protocol" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protocol mismatch (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocol mismatch with specified protocol %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Improper rule syntax ('%s' specified with app rule)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Invalid IPv6 address with protocol '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Invalid interface clause for route rule" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Command '%s' already exists" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Couldn't find pid (is /proc mounted?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Couldn't find parent pid for '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Couldn't find '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Could not find executable for '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Could not get statistics for '%s'" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid is %s but '%s' is owned by %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' file '%s' does not exist" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Default policy changed to '%s'\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "No match" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Usage: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Need at least python 2.5)\n" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Invalid command '%s'" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Default: %(in)s (incoming), %(out)s (outgoing)" ufw-0.36/locales/po/sv.po0000644000175000017500000006325713257507473014261 0ustar jamiejamie# Swedish translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-08-28 01:18+0000\n" "Last-Translator: Daniel Nylander \n" "Language-Team: Swedish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Kräver python 2.6 el. senare)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Avbruten" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profilkatalogen finns inte" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Hoppar över \"%s\": kunde inte ta status" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Hoppar över \"%s\": för stor" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Hoppar över \"%s\": för många filer inlästa redan" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Hoppar över \"%s\": kunde inte behandla" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Hoppar över \"%s\": namnet är för långt" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Hoppar över \"%s\": ogiltigt namn" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Hoppar över \"%s\": finns även i /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Hoppar över \"%s\": fältet för långt" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Hoppar över \"%(value)s\": värdet är för långt för \"%(field)s\"" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Dublett av profilen \"%s\", använder senast hittad" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profilen \"%(fn)s\" saknar nödvändiga fältet \"%(f)s\"" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profilen \"%(fn)s\" har nödvändiga fältet \"%(f)s\" tomt" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Inga portar hittades i profilen \"%s\"" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Ogiltiga portar i profilen \"%s\"" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nya profiler:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Policyn \"%s\" stöds inte" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Policyn för riktningen \"%s\" stöds inte" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Standardpolicy för %(direction)s har ändrats till \"%(policy)s\"\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(glöm inte att uppdatera dina regler enligt detta)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Kontrollerar rå iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Kontrollerar rå ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Kontrollerar iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Kontrollerar ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "kunde inte köra" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status: inaktiv" #: src/backend_iptables.py:432 msgid "To" msgstr "Till" #: src/backend_iptables.py:433 msgid "From" msgstr "Från" #: src/backend_iptables.py:434 msgid "Action" msgstr "Åtgärd" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Förval: %(in)s (inkommande), %(out)s (utgående), %(routed)s (ruttlagda)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: aktiv\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: aktiv%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "kör ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problem vid körning av ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Kunde inte ställa in LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Kunde inte läsa in loggningsregler" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Kunde inte öppna \"%s\" för läsning" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Hoppar över felformulerad tupel (felaktig längd): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Hoppar över felformaterad tuple (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Hoppar över felformulerad tupel: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Misslyckades med att lägga till IPv6-regel: IPv6 inte aktiverat" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Hoppar över IPv6 \"%s\"-regel som inte stöds" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Hoppar över IPv4 '%s'-regel utan stöd" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Måste ange \"tcp\" eller \"udp\" med flera portar" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Hoppar över IPv6-programregel. Behöver minst iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Ogiltig position \"%d\"" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Kan inte ange insert och delete" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Kan inte infoga regel på position \"%d\"" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Hoppar över inmatning av befintlig regel" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Kunde inte ta bort icke-existerande regel" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Hoppar över addering av befintlig regel" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Kunde inte uppdatera regelfilen" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regler uppdaterade" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regler uppdaterade (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regel infogad" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regel uppdaterad" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (hoppade över omläsning av brandvägg)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regel borttagen" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regel lades till" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Kunde inte uppdatera körande brandvägg" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Kunde inte genomföra \"%s\"" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Ogiltig loggnivå \"%s\"" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Kunde inte ta status på \"%s\"" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Kunde inte bestämma iptables version" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problem vid körning av sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroller inaktiverade" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "FEL: detta skript ska inte vara SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "FEL: detta skript ska inte vara SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Du måste vara root för att köra detta skript" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "\"%s\" finns inte" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid är %(uid)s men \"%(path)s\" ägs av %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s är skrivbar för alla!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s är skrivbar för gruppen!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "\"%(f)s\"-filen \"%(name)s\" finns inte" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Saknar policy för \"%s\"" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Ogiltig policy \"%(policy)s\" för \"%(chain)s\"" #: src/backend.py:298 msgid "Invalid option" msgstr "Ogiltig flagga" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Standardprogrampolicy ändrad till \"%s\"" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Inga regler hittades för programprofilen" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regler uppdaterade för profilen \"%s\"" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Kunde inte uppdatera programregler" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Hittade flera träffar för \"%s\". Använd det exakta profilnamnet" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Kunde inte hitta en profil som matchar \"%s\"" #: src/backend.py:575 msgid "Logging: " msgstr "Loggning: " #: src/backend.py:579 msgid "unknown" msgstr "okänd" #: src/backend.py:606 msgid "Logging disabled" msgstr "Loggning inaktiverad" #: src/backend.py:608 msgid "Logging enabled" msgstr "Loggning aktiverad" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Felaktig port \"%s\"" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protokollet \"%s\" stöds inte" #: src/common.py:280 msgid "Bad source address" msgstr "Felaktig källadress" #: src/common.py:290 msgid "Bad destination address" msgstr "Felaktig måladress" #: src/common.py:298 msgid "Bad interface type" msgstr "Felaktig gränssnittstyp" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Dåligt namn för gränssnitt: reserverat tecken: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Felaktigt gränssnittsnamn" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Felaktigt gränssnittsnamn: kan inte använd alias för gränssnitt" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Inmatningsposition \"%s\" är inte en giltig position" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Ogiltig loggtyp \"%s\"" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Riktningen stöds inte \"%s\"" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Kunde inte normalisera källadressen" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Kunde inte normalisera måladressen" #: src/common.py:425 msgid "Found exact match" msgstr "Hittade exakt träff" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Hittade non-action/non-logtype-matchning (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Användning: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s aktiverar brandväggen\n" " %(disable)-31s inaktiverar brandväggen\n" " %(default)-31s anger standardpolicy\n" " %(logging)-31s ställ in loggningsnivå till %(level)s\n" " %(allow)-31s lägg till tillåt %(rule)s\n" " %(deny)-31s lägg till neka %(rule)s\n" " %(reject)-31s lägg till avslå %(rule)s\n" " %(limit)-31s lägg till begränsning %(rule)s\n" " %(delete)-31s ta bort %(rule)s\n" " %(insert)-31s infoga %(urule)s vid %(number)s\n" " %(reload)-31s uppdatera brandväggen\n" " %(reset)-31s starta om brandväggen\n" " %(status)-31s visa brandväggens tillstånd\n" " %(statusnum)-31s visa brandväggens tillstånd som numrerad lista över " "%(rules)s\n" " %(statusverbose)-31s visa utförligt brandväggens tillstånd\n" " %(show)-31s visa rapport från brandväggen\n" " %(version)-31s visa versionsinformation\n" "\n" "%(appcommands)s:\n" " %(applist)-31s lista programprofiler\n" " %(appinfo)-31s visa information om %(profile)s\n" " %(appupdate)-31s uppdatera %(profile)s\n" " %(appdefault)-31s ange standardprogrampolicy\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "j" #: src/frontend.py:166 msgid "yes" msgstr "ja" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Brandväggen är aktiv och aktiverad vid systemuppstart" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Brandvägg stoppad och inaktiverad vid systemets uppstart" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Lade till användarregler (se 'ufw status' för aktiv brandvägg):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Ingen)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Ogiltig IP-version \"%s\"" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Ogiltig position \"" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6-stöd inte aktiverat" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regel ändrad efter normalisering" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Kunde inte backa ut regeln \"%s\"" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Fel vid tillämpning av programregler." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Några regler kunde inte inaktiveras." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Inaktivering av regler lyckades." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Standardpolicyn stöds inte" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Brandväggen omläst" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Brandvägg inte aktiverad (hoppar över omläsning)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Ogiltigt profilnamn" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Åtgärden \"%s\" stöds inte" #: src/frontend.py:700 msgid "Available applications:" msgstr "Tillgängliga program:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Kunde inte hitta profilen \"%s\"" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Ogiltig profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Titel: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Beskrivning: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Portar:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Hoppade över omläsning av brandvägg" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Kan inte ange \"all\" med \"--add-new\"" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Okänd policy \"%s\"" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Kan inte infoga regel på position \"%s\"" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Ogiltigt gränssnittsklausul" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Flaggan \"log\" tillåts inte här" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Flaggan \"log-all\" tillåts inte här" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Felaktig port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Portintervall måste vara numeriska" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Fel antal argument" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Behöver \"to\" eller \"from\"" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Felaktig regelsyntax" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Ogiltigt token \"%s\"" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Ogiltig \"proto\"" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Ogiltig \"%s\"-klausul" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Ogiltig \"from\"" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Ogiltig \"to\"" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Behöver \"from\" eller \"to\" med \"%s\"" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Ogiltig \"port\"" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Blandade IP-versioner för \"from\" och \"to\"" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Kunde inte hitta protokollet" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protokollen stämmer inte överens (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protokollen stämmer inte överens med angivet protokoll %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Felaktig regelsyntax (\"%s\" angiven med programregel)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Ogiltig gränssnittsklausul för ruttregel" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Kunde inte hitta pid (är /proc monterad?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Kunde inte hitta föräldra-pid för \"%s\"" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Kunde inte hitta \"%s\"" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Kunde inte hitta körbar fil för \"%s\"" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "------" #~ msgstr "------" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid är %s men \"%s\" ägs av %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "\"%s\"-filen \"%s\" finns inte" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Standardpolicy ändrad till \"%s\"\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "----" #~ msgid "No match" #~ msgstr "Ingen träff" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Användning: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Behöver minst python 2.5)\n" #, python-format #~ msgid "Default: %s" #~ msgstr "Standard: %s" #~ msgid "Status: active" #~ msgstr "Status: aktiv" #~ msgid "" #~ " COMMAND\n" #~ "\n" #~ "Commands:\n" #~ " enable\t\t\t\tenables the firewall\n" #~ " disable\t\t\tdisables the firewall\n" #~ " default ARG\t\t\tset default policy to ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tset logging to OFF, ON or LEVEL\n" #~ " allow|deny|reject ARG\t\tadd allow, deny or reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgstr "" #~ " KOMMANDO\n" #~ "\n" #~ "Kommandon:\n" #~ " enable\t\t\t\taktiverar brandväggen\n" #~ " disable\t\t\tinaktiverar brandväggen\n" #~ " default ARG\t\t\tställ in standardpolicy till ALLOW, DENY eller REJECT\n" #~ " logging ARG\t\t\tställ in loggning till OFF, ON eller LEVEL\n" #~ " allow|deny|reject ARG\t\tlägg till REGEL för allow, deny eller reject\n" #~ " delete REGEL\t\t \tta bort REGEL\n" #~ " insert NUM REGEL\t \tinfoga REGEL vid NUM\n" #~ " status \t\t\tvisa brandväggsstatus\n" #~ " status numbered\t\tvisa brandväggsstatus som numrerad lista av REGLER\n" #~ " show ARG\t\t\tvisa brandväggsrapport\n" #~ " version\t\t\tvisa versionsinformation\n" #~ "\n" #~ "Kommandon för programprofiler:\n" #~ " app list\t\t\tlista programprofiler\n" #~ " app info PROFIL\t\tvisa information om PROFIL\n" #~ " app update PROFIL\t\tuppdatera PROFIL\n" #~ " app default ARG\t\tställ in profilpolicy till ALLOW, DENY, REJECT\n" #~ "\t\t\t\teller SKIP\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Kommandot kan påverka befintliga ssh-anslutningar." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Standard: %(in)s (inkommande), %(out)s (utgående)" ufw-0.36/locales/po/bs.po0000644000175000017500000005054513257507473014231 0ustar jamiejamie# Bosnian translation for ufw # Copyright (c) 2011 Rosetta Contributors and Canonical Ltd 2011 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2011. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-04-21 19:16+0000\n" "Last-Translator: Ema Begulic \n" "Language-Team: Bosnian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Potreban najmanje python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Prekinuto" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profil direktorij ne postoji" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Preskakanje '%s': nije moglo biti održano" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Preskakanje '%s': preveliko" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Preskakanje '%s': previše datoteka već učitano" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Preskakanje '%s': nije moguće obraditi" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Preskakanje '%s': ime je predugo" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Preskakanje '%s': pogrešno ime" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Preskakanje '%s': također u /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Preskakanje '%s': polje predugo" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Umnoži profil '%s', koristeći zadnji pronađeni" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Nema pronađenih ulaza u profilu '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Nevažeći ulaz u profilu '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Novi profili:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Nepodržana politika '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(budite sigurni da ažurirate pravila u skladu sa)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Provjera sirovih ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Provjera iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Provjera ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "Problem u toku" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status:neaktivno" #: src/backend_iptables.py:432 msgid "To" msgstr "Za" #: src/backend_iptables.py:433 msgid "From" msgstr "Od" #: src/backend_iptables.py:434 msgid "Action" msgstr "Radnja" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: Aktivno\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: aktivan%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "U toku ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problem izvršavanja ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Nemoguće postaviti LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Nije moguće unijeti logging pravila" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Nije moguće otvoriti '%s' za čitanje" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Preskakanje pogrešne n-torke (pogrešna dužina): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Preskakanje pogrešne n-torke: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Dodavanje IPv6 pravila: IPv6 nije dozvoljeno" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Preskakanje nepodržanog IPv6 '%s' pravila" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Preskačem nepodržano IPv4 '%s' pravilo" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Morate specificirat 'tcp' ili 'udp' sa više portova" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Preskačem IPv6 aplikacijsko pravilo. Potrebno najmanje iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Pogrešna pozicija '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Nije moguće specificirati ubaci i izbriši" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Nije moguće ubaciti pravilo na poziciju '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Preskakanje umetanja postojećeg pravila" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Nije moguće izbrisati pravilo koje ne postoji" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Preskačem dodavanje već postojećeg pravila" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Nije moguće ažuriranje dokumenta s pravilima" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Pravila ažurirana" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Pravila ažurirana (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Pravilo ubačeno" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Pravilo ažurirano" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (preskočeno ponovno učitavanje firewall-a)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Pravilo uklonjeno" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Pravilo dodano" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Nije moguće ažuriranje aktivnog firewall-a" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Nije moguće izvršiti '% s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Nevažeća prijava nivo '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Nije moguće stat '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Ne mogu odrediti iptables verziju" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Provjere isključene" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "GREŠKA:ova skripta ne treba imati SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "GREŠKA:ova skripta netreba imati SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Trebaš biti root da pokreneš ovu skriptu" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' ne postoji" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s je svjetski zapisivo!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s je upisiv za grupu!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Nevažeća opcija" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "zadana politika za aplikacije promijenjena u '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Nisu pronađena pravila za aplikacijski profil" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Pravila ažurirana za profil '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Nije moguće ažurirati aplikacijska pravila" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Pronađena višestruka poklapanja za '%s'. Molimo vas koristite isto ime " "profila" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Nije moguće pronaći profil koji se poklapa sa '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Prijavljivanje: " #: src/backend.py:579 msgid "unknown" msgstr "Nepoznato" #: src/backend.py:606 msgid "Logging disabled" msgstr "Prijava je onemogućena" #: src/backend.py:608 msgid "Logging enabled" msgstr "Prijava je omogućena" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Nepodržan protokol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Pogrešna izvorna adresa" #: src/common.py:290 msgid "Bad destination address" msgstr "Pogrešna odredišna adresa" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Nevažeći tip prijave '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Nije moguće normalizirati izvornu adresu" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Nije moguće normalizirati destinacijsku adresu" #: src/common.py:425 msgid "Found exact match" msgstr "Pronađeno tačno poklapanje" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "d" #: src/frontend.py:166 msgid "yes" msgstr "da" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Dodana korisnička pravila (vidi 'ufw status' za pokretanje zaštitnog zida):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Ništa)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Nije moguće povratiti pravilo '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Ponovno učitavanje Firewall-a" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Nepodržana akcija '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Nevažeći profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Naslov: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Opis: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Portovi:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Pogrešan port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Domet portova mora biti numerički" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Netačan broj argumenata" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Potrebna 'to' ili 'from' klauzula" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Nije moguće pronaći '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "Profil '%s' ima prazno potrebno polje '%s'" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Preskakanje '%s': vrijednost prevelika za '%s'" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Profil '%s' nedostaje potrebno polje '%s'" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'&s' datoteka '&s' ne postoji" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid je %s ali '%s' je u vlasništvu %s" #~ msgid "--" #~ msgstr "--" #~ msgid "No match" #~ msgstr "Nema poklapanja" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Zadana: %(in)s (dolazne), %(out)s (odlazne)" ufw-0.36/locales/po/pt.po0000644000175000017500000006166613257507473014256 0ustar jamiejamie# Portuguese translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-09-16 09:56+0000\n" "Last-Translator: cetautomatix \n" "Language-Team: Portuguese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Necessita pelo menos o python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Abortado" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "O diretório de perfis não existe" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "A evitar '%s': não conseguiu fazer stat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "A evitar '%s': demasiado grande" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "A saltar '%s': já foram lidos demasiados ficheiros" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "A evitar '%s': não pôde processar" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "A evitar '%s': nome demasiado longo" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "A evitar '%s': nome inválido" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "A evitar '%s': também em /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "A evitar '%s': campo demasiado longo" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "A evitar '%(value)s': valor demasiado longo em '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Perfil duplicado '%s', utilizando o último encontrado" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Perfil '%(fn)s' tem em falta campo necessário '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Perfil '%(fn)s' tem um campo necessário vazio '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Não foram encontradas portas no perfil '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Portas inválidas no perfil '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Novos perfis:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Política '%s' não suportada" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Política não suportada para a direção '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Política de %(direction)s padrão mudada para '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(certifique-se de que altera as suas regras)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Verificando iptables brutos\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Verificando ipt6ables brutos\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "A verificar iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "A verificar ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema ao executar" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Estado: inativo" #: src/backend_iptables.py:432 msgid "To" msgstr "Para" #: src/backend_iptables.py:433 msgid "From" msgstr "De" #: src/backend_iptables.py:434 msgid "Action" msgstr "Acção" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "Predefinido: %(in)s (entrada), %(out)s (saída), %(routed)s (roteado)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Estado: ativo\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Estado: active%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "a executar ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problema ao executar o ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Não pôde ajustar o LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Não pôde carregar a regras de registo" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Não pôde abrir '%s' para leitura" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "A ignorar tuple mal formado (tamanho errado): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Ignorando tupla malformada (iface):% s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "A ignorar tuple mal formado: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' não está disponível para escrita" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Falha ao adicionar regra IPv6: IPv6 não está activo" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Saltando regra IPv6 '%s' não suportada" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Ignorando regra IPv4 não suportada '% s'" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Deve especificar 'tcp' ou 'udp' com múltiplas portas" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "A evitar a regra de aplicação IPv6. Necessita pelo menos o iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Posição '%d' inválida" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Não pode especificar o inserir e apagar" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Não pode inserir a regra na posição '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "A evitar a inserção de regra existente" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Impossível de apagar regra não existente" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "A evitar a adição de uma regra existente" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Não pôde atualizar o ficheiro de regras" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regras atualizadas" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regras atualizadas (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regra inserida" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regra actualizada" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (ignorado recarregamento da firewall)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regra eliminada" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regra adicionada" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Não pôde atualizar firewall em funcionamento" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Não pôde executar '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Não pôde atualizar o ficheiro de regras para registo" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Nível de registo inválido '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Não pôde encontrar '%s'. A abortar" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' já existe. A abortar" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "A fazer cópia de segurança de '%(old)s' para '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Não conseguiu fazer stat '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "AVISO: '%s' pode ser escrito pelo mundo" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "AVISO: '%s' pode ser lido pelo mundo" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Não foi possível determinar a versão do iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problema executando o sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Verificações desligadas" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERRO: este script não deve ser do tipo SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERRO: Este script não deve ser do tipo SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Necessita ser root para executar este script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' não existe" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid é %(uid)s mas '%(path)s' é possuído por %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s pode ser escrito por todos!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s pode ser escrito pelo grupo!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' ficheiro '%(name)s' não existe" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Política em falta para '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Política inválida '%(policy)s' para '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Opção inválida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Política padrão de aplicação alterada para '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Não foram encontradas regras para perfil de aplicação" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regras atualizadas para o perfil '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Não foi possível atualizar regras da aplicação" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Foram encontradas múltiplas correspondências para '%s'. Por favor utilize o " "nome exato do perfil" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Não pôde encontrar o perfil correspondente a '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "A registar: " #: src/backend.py:579 msgid "unknown" msgstr "desconhecido" #: src/backend.py:606 msgid "Logging disabled" msgstr "Registo desativado" #: src/backend.py:608 msgid "Logging enabled" msgstr "Registo ativado" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Porta errada '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocolo '%s' não suportado" #: src/common.py:280 msgid "Bad source address" msgstr "Endereço de origem errado" #: src/common.py:290 msgid "Bad destination address" msgstr "Endereço de destino errado" #: src/common.py:298 msgid "Bad interface type" msgstr "Tipo mau de interface" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Mau nome de interface: caracteres reservados: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Mau nome de interface" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Mau nome de interface: não pode usar nomes alternativos" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Posição de inserção '%s' não é uma posição válida" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Tipo de registo '%s' inválido" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Direção não suportada '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Não pude normalizar o endereço de origem" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Impossível de normalizar o endereço de destino" #: src/common.py:425 msgid "Found exact match" msgstr "Foi encontrada uma ocorrência exata" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Encontrou ocorrência não-acção/não-tipo de registo (%(xa)s/%(ya)s " "%(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Utilização: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s Ativa a firewall\n" " %(disable)-31s desativa the firewall\n" " %(default)-31s define políticas padrão\n" " %(logging)-31s define logging para %(level)s\n" " %(allow)-31s add permissão %(rule)s\n" " %(deny)-31s add negação %(rule)s\n" " %(reject)-31s add rejeição %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s apaga %(urule)s\n" " %(insert)-31s inserir %(urule)s em %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s mostrar status da firewall\n" " %(statusnum)-31s mostra status da firewall como lista numerada de " "%(rules)s\n" " %(statusverbose)-31s mostra status verbose da firewall\n" " %(show)-31s mostra relatório da firewall\n" " %(version)-31s apresenta a versão\n" "\n" "%(appcommands)s:\n" " %(applist)-31s lista de perfis de aplicações\n" " %(appinfo)-31s mostrar informações sobre %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s define políticas padrão\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "s" #: src/frontend.py:166 msgid "yes" msgstr "sim" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall ativa e ligada no arranque do sistema" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall parada e desligada no arranque do sistema" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Não atingiu o estado de escuta" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Adicionadas regras de utilizador (veja 'ufw status' para executar a " "firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Nenhum)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Versão '%s' de IP inválida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Posição inválida '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Suporte IPv6 não habilitado" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regra alterada após normalização" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Incapaz de retroceder a regra '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Erro ao aplicar as regras de aplicação." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Algumas regras não puderam ser não aplicadas." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Regras tentadas esquecidas com sucesso." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Não conseguiu encontrar a regra '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Não conseguiu encontrar a regra '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "A apagar:\n" " %(rule)s\n" "Proceder com a operação (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Política padrão não suportada" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall recarregada" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall não ligada (ignorando o recarregamento)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Nome de perfil inválido" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Ação '%s' não suportada" #: src/frontend.py:700 msgid "Available applications:" msgstr "Aplicações disponíveis:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Não pôde encontrar o perfil '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Perfil inválido" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Perfil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Título: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Descrição: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Portas:" #: src/frontend.py:741 msgid "Port:" msgstr "Porta:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Recarregamento da firewall ignorado" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Não pode especificar 'all' com '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Política desconhecida '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "O comando pode romper ligações ssh existentes. Proceder com a operação " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "A reconfigurar todas as regras para os padrões instalados. Proceder com " "operação (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "A reconfigurar todas as regras para os padrões instalados. Isso pode romper " "as ligações ssh existentes. Proceder com operação (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Não pode inserir regra na posição '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Cláusula de interface inválida" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Opção 'log' não permitida aqui" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Opção 'log-all' não permitida aqui" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Porta incorreta" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Intervalos de portas devem ser numéricos" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Porta inválida com protoclo '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Número de argumentos errado" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Necessita cláusula 'de' ou 'para'" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Sintaxe de regra inválida" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Símbolo inválido '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Cláusula 'proto' inválida" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Cláusula '%s' inválida" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Clásula 'de' inválida" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Cláusula 'para' inválida" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Necessário 'from' ou 'to' com '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Cláusula de 'porta' inválida" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Versões IP misturadas para 'de' e 'para'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Não pôde encontrar o protocolo" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protocolo sem correspondência (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocolo sem correspondência com o protocolo especificado %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "Regra com sintaxe imprópria ('%s' especificada com a regra da aplicação)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Endereço IPv6 inválido com o protocolo '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Cláusula de interface inválida para regras de route" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Comando '%s' já existe" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Não pôde encontrar o pid (o /proc está montado?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Não pôde encontrar o pid pai para '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Não pôde encontrar '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Não pôde encontrar um executável para '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Não foi possível encontrar estatísticas para '%s'" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid é %s, mas '% s' é propriedade de % s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' ficheiro '%s' não existe" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Política predefinida alterada para '%s'\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Não corresponde" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Uso: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Necessita pelo menos do python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Padrão: %(in)s (entrando), %(out)s (saindo)" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Comando inválido '%s'" ufw-0.36/locales/po/ur.po0000644000175000017500000004124113257507473014244 0ustar jamiejamie# Urdu translation for ufw # Copyright (c) 2010 Rosetta Contributors and Canonical Ltd 2010 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2010. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-10-27 20:08+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Urdu \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/pt_BR.po0000644000175000017500000006255313257507473014635 0ustar jamiejamie# Brazilian Portuguese translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-05-12 02:07+0000\n" "Last-Translator: Neliton Pereira Jr. \n" "Language-Team: Brazilian Portuguese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Abortado" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Diretório de perfis não existe" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Ignorando '%s': Não foi possível obter status" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Ignorando '%s': muito grande" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Ignorando '%s': muitos arquivos já lidos" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Ignorando '%s': não foi possível processar" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Ignorando '%s': nome muito extenso" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Ignorando '%s': nome inválido" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Ignorando '%s': também em /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Ignorando '%s': campo muito extenso" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Ignorando '%(value)s': valor muito extenso para '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Perfil duplicado '%s'. Utilizando o último perfil válido." #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Perfil '%(fn)s'. Faltando campo requerido '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "O Perfil '%(fn)s' tem um campo requerido vazio '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Nenhuma porta encontrada no perfil '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Portas inválidas no perfil '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Novos perfis:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Política '%s' não suportada" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Política não suportada para a direção '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "A política padrão %(direction)s mudou para '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(assegure-se de ter atualizado suas regras apropriadamente)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Checando iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Checando ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Verificando iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Verificando ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema ao executar" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Estado: inativo" #: src/backend_iptables.py:432 msgid "To" msgstr "Para" #: src/backend_iptables.py:433 msgid "From" msgstr "De" #: src/backend_iptables.py:434 msgid "Action" msgstr "Ação" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Estado: ativo\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Estado: ativo%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "executando ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "falha ao executar ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Não foi possível definir Nível de Log" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Não foi possível carregar regras de registro" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Não pôde abrir '%s' para leitura" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Ignorando tupla mal-formada (tamanho inválido): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Ignorando tupla mal-formada: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' não é gravável" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Falha ao adicionar regra de IPv6: IPv6 não habilitado" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Ignorando a regra IPv6 '%s' não suportada" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Ignorando regra de IPv4 '%s' não suportada" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Deve-se especificar 'tcp' ou 'udp' com múltiplas portas" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Pulando regra de aplicativos IPv6. Necessário no mínimo iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Posição inválida '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Não é possível especificar Insert e Delete" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Não é possível inserir regra na posição '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Ignorando a inserção de regra já existente." #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Não é possível remover uma regra que não existe" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Ignorando adição de regra que já existe" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Não foi possível atualizar o arquivo de regras" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regras atualizadas" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regras atualizadas (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regra inserida" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regra atualizada" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (ignorado recarregamento do firewall)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regra apagada" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regra adicionada" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Não é possível atualizar enquanto executa o firewall" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Não foi possível executar '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Nível de log inválido '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Não pôde achar '%s', Abortando" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Salvando '%(old)s' para '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Não foi possível obter estado de '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "AVISO: '%s' é um mundo gravável" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "Aviso: '%s' pode ser lido por qualquer um." #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Não foi possível determinar a versão da tabela de IPs" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Verificação desabilitada" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERRO: esse script não deveria estar com permissão de SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERRO: esse script não deveria estar com permissão de SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Você precisa ser superusuário para executar este script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' não existe" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "A uid é %(uid)s mas '%(path)s' é de propriedade de %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s está com permissão de escrita para todos!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s está com permissão de escrita para o grupo!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' arquivo '%(name)s' não existe" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Faltando política para '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Política '%(policy)s' inválida para '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Opção inválida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Política padrão do aplicativo mudou para '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Nenhuma regra encontrada para o perfil do aplicativo" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regras atualizadas para o perfil '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Não foi possível atualizar regras de aplicativos" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Encontrados múltiplos resultados para '%s'. Por favor use o nome exato do " "perfil" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Não foi possível encontrar um perfil correspondente '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Logando: " #: src/backend.py:579 msgid "unknown" msgstr "desconhecido" #: src/backend.py:606 msgid "Logging disabled" msgstr "Registro desativado" #: src/backend.py:608 msgid "Logging enabled" msgstr "Registro ativado" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Porta '%s' incorreta" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocolo não suportado '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Endereço de origem incorreto" #: src/common.py:290 msgid "Bad destination address" msgstr "Endereço de destino incorreto" #: src/common.py:298 msgid "Bad interface type" msgstr "Tipo de interface incorreto" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "Nome de interface incorreto" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Nome de interface incorreto: não é possível usar aliases de interface" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "A posição inserida '%s' não é uma posição válida" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Tipo '%s' de log inválido" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Direção não suportada '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Não foi possível normalizar endereço de origem" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Não foi possível normalizar endereço de destino" #: src/common.py:425 msgid "Found exact match" msgstr "Encontrada ocorrência exata" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Correspondência non-action/non-logtype encontrada (%(xa)s/%(ya)s " "%(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "s" #: src/frontend.py:166 msgid "yes" msgstr "sim" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall está ativo e habilitado na inicialização do sistema" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall parado e desativado na inicialização do sistema" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Não pôde obter status de ouvinte" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Regras de usuário adicionadas (veja 'ufw status' para executar o firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Nenhuma)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Versão IP '%s' inválida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Posição inválida '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Suporte ao IPv6 não habilitado" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regra alterada depois da normalização" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Não foi possível retornar a regra '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Erro ao aplicar regras de aplicativo." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Algumas regras não puderam ser desaplicadas." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Regras tentadas foram desaplicadas com sucesso." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Não pôde achar regra '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Não pôde achar regra '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Política padrão não suportada" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall recarregado" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall não habilitado (recarregamento ignorado)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Nome de perfil inválido" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Ação '%s' não suportada" #: src/frontend.py:700 msgid "Available applications:" msgstr "Aplicativos disponíveis:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Não foi possível encontrar o perfil '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Perfil inválido" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Perfil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Título: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Descrição: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Portas:" #: src/frontend.py:741 msgid "Port:" msgstr "Porta:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Recarregamento do firewall ignorado" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Não é possível especificar 'all' com '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Política desconhecida '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "O comando pode romper conexões ssh existentes. Proceder com a operação " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Não é possível inserir regra na posição '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Cláusula de interface inválida" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Opção 'log' não permitida aqui" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Opção 'log-all' não permitida aqui" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Porta incorreta" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "O intervalo de portas deve ser numérico" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Número errado de argumentos" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Precisa da cláusula 'de' ou 'para'" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Sintaxe de regra imprópria" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Sinal '%s' inválido" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Cláusula 'proto' inválida" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Cláusula '%s' inválida" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Cláusula 'from' inválida" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Cláusula 'to' inválida" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Necessário 'from' ou 'to' com '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Cláusula 'port' inválida" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Versões de IP mistos para 'from' e 'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Não foi possível encontrar protocolo" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Incompatibilidade de protocolo (de/para)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocolo incompatível com o protocolo '%s' especificado" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "Regra de sintaxe imprópria ('%s' especificado com a regra do aplicativo)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Endereço IPV6 inválido com protocolo '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Não foi possível encontrar o pid (/proc está montado?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Não foi possível encontrar o pid pai para '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Não foi possível encontrar '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Não foi possível encontrar o executável para '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Não pôde obter estatísticas para '%s'" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Não coincide" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "A política padrão foi modificada para '%s'\n" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Uso: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Necessita pelo menos do python 2.5)\n" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' arquivo não existe" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid é %s, mas o dono de '%s' é %s" #, python-format #~ msgid "Default: %s" #~ msgstr "Padrão: %s" #~ msgid "Status: active" #~ msgstr "Estado: ativo" #~ msgid "" #~ " COMMAND\n" #~ "\n" #~ "Commands:\n" #~ " enable\t\t\t\tenables the firewall\n" #~ " disable\t\t\tdisables the firewall\n" #~ " default ARG\t\t\tset default policy to ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tset logging to OFF, ON or LEVEL\n" #~ " allow|deny|reject ARG\t\tadd allow, deny or reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgstr "" #~ " COMANDO\n" #~ "\n" #~ "Comandos:\n" #~ " enable\t\t\t\tativa o firewall\n" #~ " disable\t\t\tdesativa o firewall\n" #~ " default ARG\t\t\tdefine política padrão para ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tdefinie log como OFF, ON ou LEVEL\n" #~ " allow|deny|reject ARG\t\tadiciona allow, deny ou reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "O comando pode interromper conexões ssh existentes." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Padrão: %(in)s (entradas), %(out)s (saídas)" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Comando '%s' inválido" ufw-0.36/locales/po/da.po0000644000175000017500000004416213257507473014207 0ustar jamiejamie# Danish translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:12+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Danish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Ikke understøttet politik »%s«" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(vær sikker på at opdatere dine regler tilsvarende)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "Til" #: src/backend_iptables.py:433 msgid "From" msgstr "Fra" #: src/backend_iptables.py:434 msgid "Action" msgstr "Handling" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Kunne ikke åbne »%s« for skrivning" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Tilføjelse af IPv6-regel mislykkedes: IPv6 er ikke slået til" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Kunne ikke opdatere regelfil" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regler opdateret" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regler opdateret (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regel opdateret" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regel slettet" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regel tilføjet" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Kunne ikke opdatere kørende brandmur" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "FEJL: Dette skript bør ikke være SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "FEJL: Dette skript bør ikke være SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Du skal være administrator (root) for at køre dette skript" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s er verdensskrivbar!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s er gruppeskrivbar!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Ugyldig tilvalg" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "Log slået fra" #: src/backend.py:608 msgid "Logging enabled" msgstr "Log slået til" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Dårlig port »%s«" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Ikke understøttet protokol »%s«" #: src/common.py:280 msgid "Bad source address" msgstr "Dårlig kildeadresse" #: src/common.py:290 msgid "Bad destination address" msgstr "Dårlig destinationsadresse" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "Fandt præcis match" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Brandmur stoppet og slået fra ved systemopstart" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Ugyldig ip-version »%s«" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6-understøttelse er ikke slået til" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Dårlig port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Forkert antal argumenter" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Forskellige IP-versioner for »fra« og »til«" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "»%s« fil »%s« eksisterer ikke" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Ingen match" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Kræver mindst python 2.5)\n" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid er %s men »%s« er ejet af %s" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Standardpolitik ændret til »%s«\n" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Brug: " ufw-0.36/locales/po/ja.po0000644000175000017500000004521613257507473014216 0ustar jamiejamie# Japanese translation for ufw # Copyright (c) 2011 Rosetta Contributors and Canonical Ltd 2011 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2011. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2011-09-19 15:37+0000\n" "Last-Translator: Fumihito YOSHIDA \n" "Language-Team: Japanese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": 少なくとも python 2.6 が必要)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "中断しました" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "プロファイルディレクトリが存在しません" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "'%s' を飛ばします: statできませんでした" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "'%s' を飛ばします: 大きすぎます" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "'%s' を飛ばします: 読み込まれたファイルが多すぎます" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "'%s' を飛ばします: 処理できません" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "'%s' を飛ばします: 名前が長すぎます" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "'%s' を飛ばします: 名前が無効です" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "'%s' を飛ばします: /etc/servicesにも存在します" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "'%s' を飛ばします: フィールドが長すぎます" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "'%(value)s'を飛ばします: '%(field)s' の値が長すぎます" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "プロファイル'%(fn)s'には必要なフィールド'%(f)s'がありません" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "プロファイル '%s' にポート指定が見つかりません" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "新しいプロファイル:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "サポートされていないポリシー '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "ufw-init の実行に問題が発生しました\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "不正な形式の tuple (iface) をスキップしました: %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "サポートされていないIPv4 '%s' ルールをスキップします" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "警告: '%s' は外部ネットワークから書き込み可能です" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "警告: '%s' は外部ネットワークから読み取り可能です" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "iptables のバージョンを確認できません" #: src/backend.py:143 msgid "problem running sysctl" msgstr "sysctl の実行時に問題が発生しました" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "インターフェースタイプが適切ではありません" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "インターフェース名が適切ではありません: '!' は予約文字" #: src/common.py:306 msgid "Bad interface name" msgstr "インターフェース名が適切ではありません" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(なし)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "削除:\n" " %(rule)s\n" "操作を続けますか (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "インストール時のデフォルトルールを再設定します。操作を続行しますか (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "インストール時のデフォルトルールを再設定します。既存のSSH接続を中断することがあります。操作を続行しますか (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "無効なインターフェース項目" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "無効な '%s' 項目" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": 少なくとも python 2.5 が必要です)\n" ufw-0.36/locales/po/zh_CN.po0000644000175000017500000005243713257507473014630 0ustar jamiejamie# Simplified Chinese translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-08-28 01:33+0000\n" "Last-Translator: Xhacker Liu \n" "Language-Team: Simplified Chinese \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "已中止" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "配置目录不存在" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "跳过‘%s’:不能进行 stat 操作" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "跳过 '%s':太大" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "跳过‘%s’:已经打开太多文件" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "跳过 '%s':不能执行" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "跳过 '%s':名称太长" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "跳过 '%s':非法名称" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "跳过 '%s':在 /etc/services 中也存在" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "跳过 '%s':域太长" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "跳过 “%(value)s”: 对于 “%(field)s”来说,值过长" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "重复的配置 “%s”,使用上次发现的配置" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "配置 '%(fn)s' 缺少必需的字段 %(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "配置 '%(fn)s' 的必需字段 '%(f)s' 为空" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "在配置 “%s” 中没有发现端口" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "配置 '%s' 中含有无效的端口" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "新建配置文件:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "策略 '%s' 未被支持" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "'%s' 方向不支持的策略" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "默认的 %(direction)s 策略更改为 '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(请相应地更新你的防火墙规则)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "检查原始的 iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "检查原始的 ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "检查 iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "检查 ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "运行时出现问题" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "状态:不活动" #: src/backend_iptables.py:432 msgid "To" msgstr "至" #: src/backend_iptables.py:433 msgid "From" msgstr "来自" #: src/backend_iptables.py:434 msgid "Action" msgstr "动作" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "状态: 激活%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "运行 ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "无法设置 LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "无法加载日志规则" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "无法打开 '%s' 进行读操作" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "忽略错误的多员组(长度错误): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "跳过错误的元组: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "添加 IPv6 规则失败: IPv6 未被启用" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "忽略未被支持的 IPv6 '%s' 规则" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "必须在复合的端口中指定 'tcp' 或者 'udp'" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "忽略 IPv6 应用规则。需要 iptables 1.4 以上" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "无效的位置 '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "无法指定插入和删除" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "无法在'%d'处插入规则" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "跳过插入已存在的规则" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "无法删除不存在的规则" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "跳过添加已经存在的规则" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "无法更新防火墙规则文件" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "防火墙规则已更新" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "规则已更新(v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "规则已插入" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "规则已更新" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (跳过重新加载的防火墙)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "规则已删除" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "规则已添加" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "无法更新正在运行的防火墙" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "无效的日志级别 '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "无法在 '%s' 上运行 stat 命令" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "检查被禁用" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "错误: 这个脚本不能被 SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "错误: 这个脚本不能被 SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "只有 root 用户才能运行此脚本" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "“%s”不存在" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid 是 %(uid)s 但是 '%(path)s' 属于 %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s 是全局可写属性!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s 是全组可写属性!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' 文件 '%(name)s' 不存在" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "针对 '%s' 的策略不存在" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "'%(chain)s' 的策略 '%(policy)s' 无效" #: src/backend.py:298 msgid "Invalid option" msgstr "无效选项" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "'%s' 的默认应用程序策略已改变" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "没有发现程序配置的规则" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "配置 '%s' 的规则已经升级" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "不能更新应用程序规则" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "'%s' 找到了多个匹配。清使用更精确的配置名称。" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "无法为 '%s' 找到相匹配的配置" #: src/backend.py:575 msgid "Logging: " msgstr "日志: " #: src/backend.py:579 msgid "unknown" msgstr "未知" #: src/backend.py:606 msgid "Logging disabled" msgstr "日志被禁用" #: src/backend.py:608 msgid "Logging enabled" msgstr "日志被启用" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "错误的端口 '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "未被支持的协议 '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "错误的源地址" #: src/common.py:290 msgid "Bad destination address" msgstr "错误的目标地址" #: src/common.py:298 msgid "Bad interface type" msgstr "错误的接口类型" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "错误的接口名称" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "错误的接口名称:无法使用接口别名" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "插入位置‘%s'不是一个有效的位置" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "无效的日志类型'%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "不支持的方向 '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "不能标准化源地址" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "不能标准化目标地址" #: src/common.py:425 msgid "Found exact match" msgstr "找到完全匹配项" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "是" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "在系统启动时启用和激活防火墙" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "防火墙在系统启动时自动禁用" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "错误的 IP 协议版本 '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "无效位置 '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6 支持未被启用" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "标准化后规则被改变" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "无法备份规则 '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "应用规则时出错。" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " 一些规则不能被撤销。" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " 成功撤销了对尝试规则的应用。" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "不支持的默认策略" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "已经重新载入防火墙" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "未启用防火墙(跳过重新载入)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "非法的配置文件名" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "不支持的动作'%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "可用应用程序:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "无法找到配置文件 '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "非法配置文件" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "配置: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "标题:%s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "描述: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "端口:" #: src/frontend.py:741 msgid "Port:" msgstr "端口:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "跳过重新加载防火墙" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "不能指定 'all' 使用 '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "未知的策略 '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "无法在'%s'处插入规则" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "此处不允许使用 'log' 选项" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "此处不允许使用 'log-all' 选项" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "错误的端口" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "端口范围必须为数字" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "参数数目错误" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "需要 'to' 或者 'from' 从句" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "防火墙规则的语法不正确" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "无效的标记 '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "无效的 'proto' 从句" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "无效的 'from' 从句" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "无效的 'to' 从句" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "无效的 'port' 从句" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "'from' 和 'to' 的 IP 版本不同" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "无法找到协议" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "from 和 to 的协议不匹配" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "协议与指定的协议 %s 不匹配" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "不正确的规则语法 ('%s' 是由程序规则指定的)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "无法找到 pid (/proc 是否已经加载?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "无法找到 '%s' 的父 pid" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "无法找到 '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "无法找到针对 '%s' 的可执行文件" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "无匹配" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid 是 %s 但是 '%s' 属于 %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' 文件 '%s' 不存在" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "用法: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": 需要 python 2.5 或以上版本)\n" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "默认策略被更改为 '%s'\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "命令可能会中断现有的 ssh 连接。" ufw-0.36/locales/po/bg.po0000644000175000017500000004231413257507473014210 0ustar jamiejamie# Bulgarian translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:14+0000\n" "Last-Translator: Siyan Panayotov \n" "Language-Team: Bulgarian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "До" #: src/backend_iptables.py:433 msgid "From" msgstr "От" #: src/backend_iptables.py:434 msgid "Action" msgstr "Действие" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Правилото е обновено" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Правилото е изтрито" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Правилото е добавено" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Невалидна опция" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "Намерено е точно съответствие" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Грешен брои аргументи" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Неправилен синтаксис на правилото" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Няма съвпадение" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Употреба: " ufw-0.36/locales/po/fi.po0000644000175000017500000004465513257507473014230 0ustar jamiejamie# Finnish translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-09-02 11:27+0000\n" "Last-Translator: Jiri Grönroos \n" "Language-Team: Finnish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Keskeytetty" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profiilihakemistoa ei ole olemassa" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Sivuutetaan '%s': Tilastoa ei saada" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Sivuutetaan '%s': liian iso" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Sivuutetaan '%s': liian monta tiedostoa luettu" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Sivuutetaan '%s': ei voitu käsitellä" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Sivuutetaan '%s': nimi on liian pitkä" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Sivuutetaan '%s': nimi on virheellinen" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Sivuutetaan '%s': löytyy myös tiedostosta /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Sivuutetaan '%s': kenttä on liian pitkä" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Sivutetaan '%(value)s': arvo on liian pitkä paikkaan '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Monista profiili '%s', käyttäen viimeistä löytynyttä" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Portteja ei löytynyt profiilista '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Virheellisiä portteja profiilissa '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Uudet profiilit:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Käytäntö '%s' ei ole tuettu" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Ohjaukselle '%s' ei löytynyt kelvollista käytäntöä" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Tarkistetaan iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Tarkistetaan ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "ongelma ajettaessa" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Tila: passiivinen" #: src/backend_iptables.py:432 msgid "To" msgstr "Vastaanottaja" #: src/backend_iptables.py:433 msgid "From" msgstr "Lähettäjä" #: src/backend_iptables.py:434 msgid "Action" msgstr "Toiminto" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Tila: käytössä%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "suoritetaan ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "IPv6-säännön lisäys epäonnistui: IPv6 ei ole käytössä" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Sivuutetaan IPv6-sovellussääntö. Tarvitaan vähintään iptablesin versio 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Säännöt päivitetty" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Säännöt päivitetty (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Sääntö lisätty" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Sääntö päivitetty" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Sääntö poistettu" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Sääntö lisätty" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Ei voitu luoda statistiikka '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Tarkastukset eivät ole päällä" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "VIRHE: tämän komentosarjan ei pitäisi olla SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "VIRHE: tämän komentosarjan ei pitäisi olla SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Tarvitset pääkäyttäjän oikeudet suorittaaksesi tamän komennon" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Virheellinen valinta" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Säännöt päivitetty profiilille '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "tuntematon" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Virheellinen portti '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6-tuki ei käytössä" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Virheellinen profiilin nimi" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Profiilia '%s' ei löytynyt" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Virheellinen profiili" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profiili: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Nimi: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Kuvaus: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Portit:" #: src/frontend.py:741 msgid "Port:" msgstr "Portti:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Tuntematon käytäntö '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Vaatii vähintään Python-version 2.5)\n" ufw-0.36/locales/po/sr.po0000644000175000017500000004126313257507473014246 0ustar jamiejamie# Serbian translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:29+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Serbian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/zh_TW.po0000644000175000017500000006005113257507473014651 0ustar jamiejamie# Simplified Chinese translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # Rex Tsai , 2011. # Xhacker Liu # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-12-12 10:04+0000\n" "Last-Translator: Walter Cheuk \n" "Language-Team: Chinese (traditional) \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" "Language: zh_TW\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": 需要至少 python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "中止" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "設定目錄不存在" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "跳過‘%s’:無法查詢檔案狀態 (stat)" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "跳過 '%s':太大" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "跳過‘%s’:已經開啟太多檔案" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "跳過 '%s':無法執行" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "跳過 '%s':名稱太長" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "跳過 '%s':無效名稱" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "跳過 '%s':在 /etc/services 中也存在" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "跳過 '%s':域太長" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "跳過 “%(value)s”: 對于 “%(field)s”來說,值過長" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "重復的設定 “%s”,使用上次發現的設定" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "設定 '%(fn)s' 缺少必需的欄位 %(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "設定 '%(fn)s' 的必需欄位 '%(f)s' 為空" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "在設定 “%s” 中未發現埠號" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "設定 '%s' 中含有無效的埠號" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "新建設定檔案:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "不支援 '%s' 策略" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "不支援 '%s' 方向的策略" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "預設的 %(direction)s 策略更改為 '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(請相應更新您的防火牆規則)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "檢查原始的 iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "檢查原始的 ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "檢查 iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "檢查 ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "運行時出現問題" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "狀態:不活動" #: src/backend_iptables.py:432 msgid "To" msgstr "至" #: src/backend_iptables.py:433 msgid "From" msgstr "來自" #: src/backend_iptables.py:434 msgid "Action" msgstr "動作" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "狀態: 啓用\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "狀態: 啓用%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "運行 ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "執行 ufw-init 時發生問題\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "無法設置 LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "無法載入日誌規則" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "無法開啟 '%s' 進行讀操作" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "跳過錯誤的多員組(長度錯誤): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "跳過錯誤的元組: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "%s 無法寫入" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "添加 IPv6 規則失敗:未啟用 IPv6" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "跳過不支援的 IPv6 '%s' 規則" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "跳過不支援的 IPv4 '%s' 規則" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "必須在復合的埠號中指定 'tcp' 或者 'udp'" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "跳過 IPv6 套用規則。需要 iptables 1.4 版或以上" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "無效的位置 '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "無法指定插入和刪除" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "無法在'%d'處插入規則" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "跳過插入已存在的規則" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "無法刪除不存在的規則" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "跳過添加已經存在的規則" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "無法更新防火牆規則檔案" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "已更新防火牆規則" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "已更新規則(v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "已插入規則" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "已更新規則" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (跳過重新載入的防火牆)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "已刪除規則" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "已添加規則" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "無法更新正在運行的防火牆" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "無法執行 '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "無法爲日誌記錄更新防火牆規則" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "無效的日誌級別 '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "無法找到 '%s'。取消中" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' 已存在,取消中" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "備份 '%(old)s' 到 '%(new)s\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "無法在 '%s' 上運行 stat 指令" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "WARN: %s 是全域可寫屬性" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "WARN: %s 是全局可讀屬性" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "無法判斷 iptables 的版本" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "檢查被禁用" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "錯誤: 這個腳本無法被 SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "錯誤: 這個腳本無法被 SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "只有 root 使用者才能運行此腳本" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "“%s”不存在" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid 是 %(uid)s 但是 '%(path)s' 屬於 %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s 是全局可寫屬性!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s 是全組可寫屬性!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' 檔案 '%(name)s' 不存在" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "針對 '%s' 的策略不存在" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "'%(chain)s' 的策略 '%(policy)s' 無效" #: src/backend.py:298 msgid "Invalid option" msgstr "無效選項" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "'%s' 的預設套用程序策略已改變" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "沒有發現程序設定的規則" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "設定 '%s' 的規則已經更新" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "無法更新套用程序規則" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "'%s' 找到了多個相配。清使用更精確的設定名稱。" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "無法為 '%s' 找到相相配的設定" #: src/backend.py:575 msgid "Logging: " msgstr "日誌: " #: src/backend.py:579 msgid "unknown" msgstr "未知" #: src/backend.py:606 msgid "Logging disabled" msgstr "日誌被禁用" #: src/backend.py:608 msgid "Logging enabled" msgstr "日誌被啟用" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "錯誤的埠號 '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "不支援 '%s' 協定" #: src/common.py:280 msgid "Bad source address" msgstr "錯誤的源地址" #: src/common.py:290 msgid "Bad destination address" msgstr "錯誤的目標地址" #: src/common.py:298 msgid "Bad interface type" msgstr "錯誤的接口類型" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "錯誤的接口名稱" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "錯誤的接口名稱:無法使用接口別名" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "插入位置‘%s'不是一個有效的位置" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "無效的日誌類型'%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "不支援 '%s' 方向" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "無法標準化目標地址" #: src/common.py:425 msgid "Found exact match" msgstr "找到完全相配項" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "是" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "在系統啟動時啟用防火牆" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "在系統啟動時停用防火牆" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "無法取得聽取狀態" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "已添加使用者規則 (要執行防火牆請見 'ufw status'):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(無)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "錯誤的 IP 協定版本 '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "無效位置 '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "未啟用 IPv6 支援" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "標準化後規則被改變" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "無法備份規則 '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "套用規則時出錯。" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " 一些規則無法被撤銷。" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " 成功撤銷了對嘗試規則的套用。" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "無法找到規則 '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "無法找到規則 '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "刪除中:\n" " %(rule)s\n" " 繼續執行(%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "預設策略不受支援" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "已經重新載入防火牆" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "未啟用防火牆(跳過重新載入)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "無效的設定檔案名" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "不支援 '%s' 動作" #: src/frontend.py:700 msgid "Available applications:" msgstr "可用套用程序:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "無法找到設定檔案 '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "無效設定檔案" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "設定: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "標題:%s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "描述: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "埠號:" #: src/frontend.py:741 msgid "Port:" msgstr "埠號:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "跳過重新載入防火牆" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "無法指定 'all' 使用 '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "未知的策略 '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "指令可能會中斷現有的 ssh 連接。繼續執行(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "重設所有規則為預設值。繼續執行(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "重設所有規則為預設,這可能影響現有 ssh 連線。繼續執行(%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "無法在'%s'處插入規則" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "錯誤的介面語法" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "此處不允許使用 'log' 選項" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "此處不允許使用 'log-all' 選項" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "錯誤的埠號" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "埠號範圍必須為數字" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "'%s' 中使用無效的埠號" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "參數數目錯誤" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "需要 'to' 或者 'from' 從句" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "防火牆規則的語法不正確" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "無效的標記 '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "無效的 'proto' 從句" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "錯誤 '%s' 語法" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "無效的 'from' 從句" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "無效的 'to' 從句" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "%s 需要 'from' 或 'to'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "無效的 'port' 從句" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "'from' 和 'to' 的 IP 版本不同" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "無法找到協定" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "from 和 to 的協定不相配" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "協定與指定的協定 %s 不相配" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "規則語法不正確 ('%s' 是由程序規則指定的)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "無效的 IPv6 位址 '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "命令 '%s' 已經存在" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "無法找到 pid (/proc 是否已經掛載?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "無法找到 '%s' 的母行程" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "無法找到 '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "無法找到針對 '%s' 的可執行檔" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "無法取得 '%s' 數據" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": 需要至少 python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Default: %(in)s (入), %(out)s (出)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "用法: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s 啟用防火牆\n" #~ " %(disable)-31s 停用防火牆\n" #~ " %(default)-31s 測定預設策略\n" #~ " %(logging)-31s 設定紀錄到 %(level)s\n" #~ " %(allow)-31s 新增允許 %(rule)s\n" #~ " %(deny)-31s 新增拒絕(deny) %(rule)s\n" #~ " %(reject)-31s 新增抵制(reject) %(rule)s\n" #~ " %(limit)-31s 新增限制 %(rule)s\n" #~ " %(delete)-31s 刪除 %(urule)s\n" #~ " %(insert)-31s 插入 %(urule)s 到 %(number)s\n" #~ " %(reset)-31s 重設防火牆\n" #~ " %(status)-31s 顯示防火牆狀態\n" #~ " %(statusnum)-31s 以條列 %(rules)s 顯示防火牆狀態\n" #~ " %(statusverbose)-31s 顯示防火牆狀態明細\n" #~ " %(show)-31s 顯示防火牆報告\n" #~ " %(version)-31s 顯示版本資訊\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s 顯示應用程式設定\n" #~ " %(appinfo)-31s 顯示 %(profile)s 資訊\n" #~ " %(appupdate)-31s 更新 %(profile)s\n" #~ " %(appdefault)-31s 設定預設應用程式策略\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "無效指令 '%s'" ufw-0.36/locales/po/ufw.pot0000644000175000017500000004234013404775052014576 0ustar jamiejamie# SOME DESCRIPTIVE TITLE. # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2018-12-14 10:02-0600\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #: src/ufw:74 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:139 src/frontend.py:625 src/frontend.py:927 msgid "Aborted" msgstr "" #: src/backend.py:70 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:149 msgid "problem running sysctl" msgstr "" #: src/backend.py:188 msgid "Checks disabled" msgstr "" #: src/backend.py:194 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:197 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:202 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:212 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 src/backend_iptables.py:1416 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend.py:253 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:260 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:265 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:281 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:292 src/backend_iptables.py:690 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend.py:306 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:310 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:317 msgid "Invalid option" msgstr "" #: src/backend.py:323 src/backend_iptables.py:790 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend.py:370 src/backend_iptables.py:94 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend.py:373 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:440 msgid "No rules found for application profile" msgstr "" #: src/backend.py:496 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:502 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:524 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:527 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:594 msgid "Logging: " msgstr "" #: src/backend.py:598 msgid "unknown" msgstr "" #: src/backend.py:610 src/backend_iptables.py:1284 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend.py:625 msgid "Logging disabled" msgstr "" #: src/backend.py:627 msgid "Logging enabled" msgstr "" #: src/common.py:196 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:309 msgid "Bad interface type" msgstr "" #: src/common.py:314 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:318 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:322 msgid "Bad interface name: can't use '.' or '..'" msgstr "" #: src/common.py:326 msgid "Bad interface name: interface name is empty" msgstr "" #: src/common.py:330 msgid "Bad interface name: interface name too long" msgstr "" #: src/common.py:335 msgid "Bad interface name" msgstr "" #: src/common.py:349 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:359 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:367 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:386 msgid "Could not normalize source address" msgstr "" #: src/common.py:397 msgid "Could not normalize destination address" msgstr "" #: src/common.py:463 msgid "Found exact match" msgstr "" #: src/common.py:468 msgid "Found exact match, excepting comment" msgstr "" #: src/common.py:472 #, python-format msgid "" "Found non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/" "%(yl)s/'%(yc)s')" msgstr "" #: src/common.py:630 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/common.py:637 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/common.py:643 src/util.py:84 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:110 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:148 msgid "Invalid interface clause" msgstr "" #: src/parser.py:174 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:178 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:185 msgid "Option 'comment' missing required argument" msgstr "" #: src/parser.py:191 msgid "Comment may not contain \"'\"" msgstr "" #: src/parser.py:233 src/parser.py:359 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:242 src/util.py:87 msgid "Bad port" msgstr "" #: src/parser.py:245 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:249 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:264 msgid "Improper rule syntax" msgstr "" #: src/parser.py:271 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:283 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:298 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:320 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:342 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:347 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:374 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:383 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:400 src/parser.py:410 src/parser.py:419 msgid "Could not find protocol" msgstr "" #: src/parser.py:426 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:433 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:552 msgid "'route delete NUM' unsupported. Use 'delete NUM' instead." msgstr "" #: src/parser.py:585 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:884 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:446 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:450 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:460 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:466 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1026 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #: src/backend_iptables.py:78 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:99 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:159 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:161 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:169 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:262 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:264 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:267 src/backend_iptables.py:568 msgid "problem running" msgstr "" #: src/backend_iptables.py:273 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:443 msgid "To" msgstr "" #: src/backend_iptables.py:444 msgid "From" msgstr "" #: src/backend_iptables.py:445 msgid "Action" msgstr "" #: src/backend_iptables.py:461 src/backend_iptables.py:465 msgid "\n" msgstr "" #: src/backend_iptables.py:473 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:481 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:485 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:490 src/backend_iptables.py:508 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:502 src/backend_iptables.py:520 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:529 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:535 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:709 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:720 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:768 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:966 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:970 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:974 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:977 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:989 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:994 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:998 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:1001 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1062 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1073 src/frontend.py:415 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1078 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1094 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1099 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1101 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1109 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1111 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1121 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1124 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1127 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1144 src/backend_iptables.py:1235 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1199 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1226 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1382 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1394 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1400 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1421 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1423 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/frontend.py:93 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(route)-31s add route %(urule)s\n" " %(route-delete)-31s delete route %(urule)s\n" " %(route-insert)-31s insert route %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:176 msgid "n" msgstr "" #: src/frontend.py:177 msgid "y" msgstr "" #: src/frontend.py:178 msgid "yes" msgstr "" #: src/frontend.py:223 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:230 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:282 msgid "Could not get listening status" msgstr "" #: src/frontend.py:351 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:354 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:410 src/frontend.py:521 src/frontend.py:534 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:441 msgid "Invalid position '" msgstr "" #: src/frontend.py:531 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:542 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:566 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:570 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:572 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:574 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:585 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:590 src/frontend.py:595 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:611 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:643 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:672 src/frontend.py:817 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:674 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:691 src/frontend.py:705 src/frontend.py:742 msgid "Invalid profile name" msgstr "" #: src/frontend.py:710 src/frontend.py:892 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:729 msgid "Available applications:" msgstr "" #: src/frontend.py:750 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:755 msgid "Invalid profile" msgstr "" #: src/frontend.py:758 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:759 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:762 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:768 msgid "Ports:" msgstr "" #: src/frontend.py:770 msgid "Port:" msgstr "" #: src/frontend.py:819 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:829 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:844 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:901 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:914 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation (%(yes)s|" "%(no)s)? " msgstr "" #: src/frontend.py:918 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/applications.py:37 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:69 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:74 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:79 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:93 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:100 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:105 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:111 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:120 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:125 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:135 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:178 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:183 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:198 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" ufw-0.36/locales/po/fr.po0000644000175000017500000006655613257507473014245 0ustar jamiejamie# French translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-09-28 06:10+0000\n" "Last-Translator: Bruno Patri \n" "Language-Team: French \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Nécessite au moins python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Annulé" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Le répertoire des profils n'existe pas" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "« %s » ignoré : impossible à évaluer (stat)" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "« %s » ignoré : trop gros" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "« %s » ignoré : trop de fichiers déjà lus" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "« %s » ignoré : traitement impossible" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "« %s » ignoré : nom trop long" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "« %s » ignoré : nom non valable" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "« %s » ignoré : déjà dans /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "« %s » ignoré : champ trop long" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "« %(value)s » ignoré : valeur trop grande pour « %(field)s »" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Profil « %s » en doublon, utilisation du dernier trouvé" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Le champ « %(f)s » requis pour le profil « %(fn)s » est manquant" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Le champ requis « %(f)s » est vide dans le profil « %(fn)s »" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Aucun port trouvé dans le profil « %s »" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Ports non valables dans le profile « %s »" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nouveaux profils :" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Stratégie « %s » non prise en charge" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Stratégie non prise en charge pour le sens « %s »" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" "La stratégie par défaut pour le sens « %(direction)s » a été remplacée par " "« %(policy)s »\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(veillez à mettre à jour vos règles en conséquence)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Vérification des règles iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Vérification des règles ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Vérification de iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Vérification de ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problème en cours" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "État : inactif" #: src/backend_iptables.py:432 msgid "To" msgstr "Vers" #: src/backend_iptables.py:433 msgid "From" msgstr "De" #: src/backend_iptables.py:434 msgid "Action" msgstr "Action" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "État : actif\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "État : actif%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "exécution de ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problème pour lancer ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Impossible de définir LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Impossible de charger les règles de journalisation" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Impossibel d'ouvrir le fichier « %s » en lecture" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Omission du tuple non conforme (longeur erronée) : %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Omission du tuple non conforme : %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "« %s » n'est pas accessible en écriture" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "L'ajout de la règle IPv6 a échoué : IPv6 non activé" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Omission de la règle IPv6 non prise en charge « %s »" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "La règle IPv4 '%s' non supportée a été ignorée" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Vous devez spécifier « tcp » ou « udp » avec des ports multiples" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Omission de la règle IPv6 de l'application. Cela requiert au minimum " "iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Position « %d » non valable" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Impossible de spécifier « insert » et « delete »" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Impossible d'insérer la règle à la position « %d »" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Omission de l'insertion de la règle existante" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Impossible de supprimer une règle qui n'existe pas" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Omission de l'ajout de la règle existante" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Impossible de mettre à jour le fichier de règles" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Les règles ont été mises à jour" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Les règles ont été mises à jour (IPv6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "La régle a été insérée" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "La règle a été mise à jour" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (rechargement du pare-feu ignoré)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "La règle a été supprimée" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "La règle a été ajoutée" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Impossible de mettre à jour le pare-feu actif" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Impossible d'accomplir « %s »" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Impossible de mettre à jour les règles pour la journalisation" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Niveau de journalisation non valable « %s »" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "« %s » introuvable. Abandon" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "« %s » existe déjà. Abandon" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Sauvegarde de « %(old)s » vers « %(new)s »\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Impossible d'évaluer « %s » (stat)" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "ALERTE : « %s » est accessible en écriture à tout le monde" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "ALERTE : « %s » est accessible en lecture à tout le monde" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Impossible de déterminer la version d'iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problème lors de l'exécution de sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Vérifications désactivées" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERREUR : ce script ne devrait pas avoir le SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERREUR : ce script ne devrait pas avoir le SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Vous devez être root pour pouvoir exécuter ce script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "« %s » n'existe pas" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid est %(uid)s mais « %(path)s » appartient à %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s est accessible en écriture pour tout le monde !" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s est accessible en écriture pour le groupe !" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "Le fichier de « %(f)s » nommé « %(name)s » n'existe pas" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "La stratégie pour « %s » est manquante" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "La stratégie « %(policy)s » pour « %(chain)s » est invalide" #: src/backend.py:298 msgid "Invalid option" msgstr "Option invalide" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "La stratégie par défaut de l'application a été changée en « %s »" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Aucune règle trouvée pour le profil de l'application" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Règles mises à jour pour le profil « %s »" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Impossible de mettre à jour les règles de l'application" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Correspondance multiple trouvée pour « %s ». Veuillez utiliser le nom exact " "du profil." #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Impossible de trouver un profil correspondant à « %s »" #: src/backend.py:575 msgid "Logging: " msgstr "Journalisation : " #: src/backend.py:579 msgid "unknown" msgstr "inconnu" #: src/backend.py:606 msgid "Logging disabled" msgstr "Journalisation désactivée" #: src/backend.py:608 msgid "Logging enabled" msgstr "Journalisation activée" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Port « %s » incorrect" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Le protocole « %s » n'est pas pris en charge" #: src/common.py:280 msgid "Bad source address" msgstr "L'adresse de la source n'est pas correcte" #: src/common.py:290 msgid "Bad destination address" msgstr "L'adresse de destination n'est pas correcte" #: src/common.py:298 msgid "Bad interface type" msgstr "Le type d'interface n'est pas correct" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "Le nom de l'interface n'est pas correct" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Le nom de l'interface n'est pas correct : impossible d'utiliser les alias " "d'interface" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "La position d'insertion « %s » n'est pas valable" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Type de journalisation « %s » non valable" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Le sens « %s » n'est pas pris en charge" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Impossible de normaliser l'adresse de la source" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Impossible de normaliser l'adresse de destination" #: src/common.py:425 msgid "Found exact match" msgstr "Une correspondance exacte a été trouvée" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Une « non-action/non-logtype » correspondant à (%(xa)s/%(ya)s %(xl)s/%(yl)s) " "a été trouvée" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "o" #: src/frontend.py:166 msgid "yes" msgstr "oui" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Le pare-feu est actif et lancé au démarrage du système" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Le pare-feu est arrêté et désactivé lors du démarrage du système" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Impossible d'acquérir l'état d'écoute" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Règles utilisateur ajoutées (voir 'ufw status' pour le pare-feu en cours) :" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Aucun)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Version d'IP non valable : « %s »" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Position non valable '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "La prise en charge d'IPv6 n'est pas activée" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Règle modifiée après normalisation" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Impossible de remonter la règle « %s »" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Erreur lors du traitement des règles de l'application." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Certaines régles ne peuvent pas être retirées" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Les règles choisies ont été retirées avec succès" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Impossible de trouver la règle « %s »" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Impossible de trouver la règle « %d »" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Suppression de :\n" " %(rule)s\n" "Exécuter l'opération (%(yes)s|%(no)s) ? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Stratégie par défaut non prise en charge" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Pare-feu rechargé" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Pare-feu inactif (rechargement ignoré)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Nom de profil non valable" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Action « %s » non prise en charge" #: src/frontend.py:700 msgid "Available applications:" msgstr "Applications disponibles :" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Impossible de trouver le profil « %s »" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Profil non valable" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil : « %s »\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Titre : %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Description : %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Ports :" #: src/frontend.py:741 msgid "Port:" msgstr "Port :" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Rechargement du pare-feu ignoré" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Impossible de spécifier « all » avec « --add-new »" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Stratégie « %s » inconnue" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "La commande peut interrompre les connexions ssh existantes. Exécuter " "l'opération (%(yes)s|%(no)s) ? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Réinitialisation de toutes les règles à leurs paramètres installés par " "défaut. Exécuter l'opération (%(yes)s|%(no)s) ? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Réinitialisation de toutes les règles à leurs paramètres installés par " "défaut. Cela peut interrompre les connexions ssh existantes. Exécuter " "l'opération (%(yes)s|%(no)s) ? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Impossible d'insérer la règle à la position « %s »" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Clause d'interface incorrecte" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "L'option « log » n'est pas autorisée ici" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "L'option « log-all » n'est pas autorisée ici" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Port incorrect" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Les plages de ports doivent être des nombres" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Port invalide avec le protocole « %s »" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Nombre d'arguments incorrect" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Une clause « from » ou une clause « to » est nécessaire" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "La règle présente une syntaxe incorrecte" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Le jeton « %s » n'est pas valable" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "La clause « proto » n'est pas valable" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "La clause « %s » n'est pas valable" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "La clause « from » n'est pas valable" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "La clause « to » n'est pas valable" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "« for » ou « to » sont nécessaires avec « %s »" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Clause « port » non valable" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Versions d'IP différentes pour les clauses « from » et « to »" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Impossible de trouver le protocole" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protocoles incompatibles (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocole incompatible avec le protocole %s spécifié" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "La règle présente une syntaxe incorrecte (« %s » spécifié avec une règle " "d'application)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Adresse IPv6 incompatible avec le protocole « %s »" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Commande « %s » déjà existante" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Impossible de trouver le « pid » (/proc est-il monté ?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Impossible de trouver le « pid » parent pour « %s »" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Impossible de trouver « %s »" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Impossible de trouver l'exécutable pour « %s »" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Impossible d'obtenir les statistiques pour « %s »" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Aucune correspondance n'a été trouvée" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "« %s » le fichier « %s » n'existe pas" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "La stratégie par défaut a été changée en « %s »\n" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Utilisation : " #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "L'uid est %s mais « %s » appartient à %s" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Par défaut : %(in)s (entrant), %(out)s (sortant)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Utilisation : %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s :\n" #~ " %(enable)-31s activer le pare-feu\n" #~ " %(disable)-31s désactiver le pare-feu\n" #~ " %(default)-31s définir la stratégie par défaut\n" #~ " %(logging)-31s définir la journalisation à %(level)s\n" #~ " %(allow)-31s ajouter autorisation %(rule)s\n" #~ " %(deny)-31s ajouter interdiction %(rule)s\n" #~ " %(reject)-31s ajouter refus %(rule)s\n" #~ " %(limit)-31s ajouter limite %(rule)s\n" #~ " %(delete)-31s supprimer %(urule)s\n" #~ " %(insert)-31s insérer %(urule)s at %(number)s\n" #~ " %(reset)-31s réinitialiser le pare-feu\n" #~ " %(status)-31s afficher le statut du pare-feu\n" #~ " %(statusnum)-31s afficher le statut du pare-feu en liste numérotée de " #~ "%(rules)s\n" #~ " %(statusverbose)-31s afficher le statut verbeux du pare-feu\n" #~ " %(show)-31s afficher le rapport du pare-feu\n" #~ " %(version)-31s afficher les informations de version\n" #~ "\n" #~ "%(appcommands)s :\n" #~ " %(applist)-31s lister les profiles d'application\n" #~ " %(appinfo)-31s afficher les informations sur %(profile)s\n" #~ " %(appupdate)-31s mettre à jour %(profile)s\n" #~ " %(appdefault)-31s définir la stratégie d'application par défaut\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Commande « %s » non valable" ufw-0.36/locales/po/tr.po0000644000175000017500000006017113257507473014246 0ustar jamiejamie# Turkish translation for ufw # Copyright (c) 2014 Rosetta Contributors and Canonical Ltd 2014 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2014. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-12-29 10:32+0000\n" "Last-Translator: Necdet Yucel \n" "Language-Team: Turkish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" "Language: tr\n" "X-POOTLE-MTIME: 1419799925.000000\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ":En az python 2.6 gerekli)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "İptal edildi" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profiller dizini yok" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "'%s' atlanıyor: başlatılamadı" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "'%s' atlanıyor: çok büyük" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "'%s' atlanıyor: çok fazla dosya açık" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "'%s' atlanıyor: işlenemedi" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "'%s' atlanıyor: adı çok uzun" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "'%s' atlanıyor: geçersiz ad" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "'%s' atlanıyor: zaten /etc/services dosyasında" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "'%s' atlanıyor: alan çok uzun" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "'%(value)s' atlanıyor: değer '%(field)s' için çok uzun" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Son bulunanı kullanarak '%s' profilini çoğalt" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "'%(fn)s' profilinde gerekli '%(f)s' alanı eksik" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "'%(fn)s' profilinde gerekli '%(f)s' alanı boş" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "'%s' profilinde hiç port bulunmuyor" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "'%s' profilinde geçersiz portlar" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Yeni profiller:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Desteklenmeyen politika '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "'%s' yönü için desteklenmeyen politika" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" "Varsayılan %(direction)s politikası '%(policy)s' olarak değiştirildi\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(kurallarınızı uygun şekilde güncellediğinizden emin olun)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Ham iptables kontrol ediliyor\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Ham ip6tables kontrol ediliyor\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Iptables kontrol ediliyor\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Ip6tables kontrol ediliyor\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "çalıştırma sorunu" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Durum: etkin değil" #: src/backend_iptables.py:432 msgid "To" msgstr "Alıcı" #: src/backend_iptables.py:433 msgid "From" msgstr "Gönderen" #: src/backend_iptables.py:434 msgid "Action" msgstr "Eylem" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Öntanımlı: %(in)s (gelen), %(out)s (giden), %(routed)s (yönlendirilmiş)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Durum: etkin\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Durum: etkin%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "ufw-init çalıştırılıyor" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "ufw-init çalıştırılırken sorun\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "LOGLEVEL ayarlanamadı" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Günlükleme kuralları yüklenemedi" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "'%s' dosyası okumak için açılamadı" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Kusurlu tanımlama düzeni (hatalı uzunluklu) atlanıyor: %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Kusurlu tanımlama düzeni (iface) atlanıyor: %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Kusurlu tanımlama düzeni atlanıyor: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' yazılabilir değil" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "IPv6 kuralı eklenemedi: IPv6 etkin değil" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Desteklenmeyen IPv6 '%s' kuralı atlanıyor" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Desteklenmeyen IPv4 '%s' kuralı atlanıyor" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Çoklu portla birlikte 'tcp' veya 'udp' belirtilmelidir" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "IPv6 uygulama kuralı atlanıyor. En az iptables 1.4 sürümü gereklidir" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Geçersiz konum '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Ekleme ve silme belirtilemez" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "'%d' konumuna kural eklenemez" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Mevcut kuralın eklenmesi atlanıyor" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Olmayan kural silinemez" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Mevcut kuralın eklenmesi atlanıyor" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Kurallar dosyası güncellenemedi" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Kurallar güncellendi" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Kurallar güncellendi (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Kural eklendi" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Kural güncellendi" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (güvenlik duvarının yeniden yüklenmesi atlandı)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Kural silindi" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Kural eklendi" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Çalışan bir güvenlik duvarı güncellenemez" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "'%s' gerçekleştiremedi" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Kayıt için kurallar dosyası güncellenemedi" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Geçersiz kayıt seviyesi '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "'%s' bulunamadı. İptal ediliyor" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' zaten mevcut. İptal ediliyor" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "'%(old)s', '%(new)s' olarak yedekleniyor\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "'%s' başlatılamadı" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "UYARI: '%s' herkes için yazılabilir" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "UYARI: '%s' herkes için okunabilir" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "iptables sürümü belirlenemedi" #: src/backend.py:143 msgid "problem running sysctl" msgstr "sysctl çalıştırılırken sorun oluştu" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroller kapalı" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "HATA: bu betik SUID hakkıyla çalıştırılmamalıdır" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "HATA: bu betik SGID hakkıyla çalıştırılmamalıdır" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Bu betiği çalıştırmak için root olmanız gerekir" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' yok" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid %(uid)s ama '%(path)s' yolunun sahibi %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s herkes için yazılabilir!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s grup için yazılabilir!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' dosyası '%(name)s' yok" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "'%s' için eksik politika" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Geçersiz politika '%(policy)s' '%(chain)s' zinciri için" #: src/backend.py:298 msgid "Invalid option" msgstr "Geçersiz seçenek" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Varsayılan uygulama politikası '%s' olarak değiştirildi" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Uygulama profili için hiç kural bulunamadı" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "'%s' profili için kurallar güncellendi" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Uygulama kuralları güncellenemedi" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "'%s' için birden fazla eşleşme var. Lütfen tam profil adını kullanın" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "'%s' ile eşleşen bir profil bulunamadı" #: src/backend.py:575 msgid "Logging: " msgstr "Günlük tutuluyor: " #: src/backend.py:579 msgid "unknown" msgstr "bilinmeyen" #: src/backend.py:606 msgid "Logging disabled" msgstr "Günlükleme kapalı" #: src/backend.py:608 msgid "Logging enabled" msgstr "Günlükleme açık" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Hatalı port '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Desteklenmeyen protokol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Hatalı kaynak adresi" #: src/common.py:290 msgid "Bad destination address" msgstr "Hatalı hedef adresi" #: src/common.py:298 msgid "Bad interface type" msgstr "Hatalı arayüz türü" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Hatalı arayüz adı: ayrılmış karaker: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Hatalı arayüz adı" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Hatalı arayüz adı: arayüz takma adı kullanılamaz" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "'%s' konumu geçerli bir konum değil" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Geçersiz günlükleme türü '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Desteklenmeyen yön %s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Kaynak adresi normalleştirilemedi" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Hedef adresi normalleştirilemedi" #: src/common.py:425 msgid "Found exact match" msgstr "Birebir eşleştirme bulundu" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Eylem-olmayan/günlükleme türü olmayan eşleşme türü bulundu (%(xa)s/%(ya)s " "%(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Kullanım: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s güvenlik duvarını etkinleştirir\n" " %(disable)-31s güvenlik duvarını devre dışı bırakır\n" " %(default)-31s öntanımlı ilkeyi ayarla\n" " %(logging)-31s günlük seviyesini %(level)s olarak ayarla\n" " %(allow)-31s izin ver %(rule)s ekle\n" " %(deny)-31s engelle %(rule)s ekle\n" " %(reject)-31s reddet %(rule)s ekle\n" " %(limit)-31s sınır %(rule)s ekle\n" " %(delete)-31s %(urule)s sil\n" " %(insert)-31s %(urule)s kuralını %(number)s konumuna ekle\n" " %(reload)-31s güvenlik duvarını yeniden yükle\n" " %(reset)-31s güvenlik duvarını sıfırla\n" " %(status)-31s güvenlik duvarı durumunu göster\n" " %(statusnum)-31s güvenlik duvarı durumunu numaralı listeli %(rules)s olarak " "göster\n" " %(statusverbose)-31s ayrıntılı güvenlik duvarı durumunu göster\n" " %(show)-31s güvenlik duvarı raporunu göster\n" " %(version)-31s sürüm bilgisini göster\n" "\n" "%(appcommands)s:\n" " %(applist)-31s uygulama profillerini listele\n" " %(appinfo)-31s %(profile)s üzerinde bilgiyi göster\n" " %(appupdate)-31s %(profile)s güncelle\n" " %(appdefault)-31s öntanımlı uygulama ilkesini ayarla\n" #: src/frontend.py:164 msgid "n" msgstr "h" #: src/frontend.py:165 msgid "y" msgstr "e" #: src/frontend.py:166 msgid "yes" msgstr "evet" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Güvenlik duvarı etkin ve sistem açılışında başlatılacak" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Güvenlik duvarı kapalı ve sistem açılışında başlatılmayacak" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Dinleme durumu alınamadı" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Kullanıcı kuralları eklendi (çalışan güvenlik duvarı için 'ufw status' " "komutuna bakın):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Hiç)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Geçersiz IP sürümü '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Geçersiz konum '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6 desteği etkin değil" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Normalleştirme sonrası kural değişti" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "'%s' kuralı geri alınamadı" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Uygulama kuralları uygulanırken hata oluştu." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Bazı kurallar uygulanmamış olamaz." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Kurallar başarıyla uygulanmamış hale getirildi." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "'%s' kural dosyası bulunamadı" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "'%d' kuralı bulunamadı" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Siliniyor:\n" " %(rule)s\n" "İşleme devam et (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Desteklenmeyen varsayılan politika" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Güvenlik duvarı yeniden yüklendi" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Güvenlik duvarı etkin değil (yeniden yükleme atlanıyor)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Geçersiz profil adı" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Desteklenmeyen '%s' eylemi" #: src/frontend.py:700 msgid "Available applications:" msgstr "Kullanılabilir uygulamalar:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "'%s' profili bulunamadı" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Geçersiz profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Başlık: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Tanımlama: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Bağlantı Noktaları:" #: src/frontend.py:741 msgid "Port:" msgstr "Bağlantı Noktası:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Güvenlik duvarının yeniden yüklenmesi atlandı" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "'--add-new' ile birlikte 'all' kullanılamaz" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Bilinmeyen politika '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Bu komut mevcut ssh bağlantılarını bozabilir. İşleme devam et " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Tüm kurallar kurulum varsayılanlara sıfırlanıyor. İşleme devam edilsin mi " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Tüm kurallar kurulum varsayılanlara sıfırlanıyor. Bu mevcut ssh " "bağlantılarını bozabilir. İşleme devam edilsin mi (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "'%s' konumuna kural eklenemez" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Geçersiz arayüz ifadesi" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "'log' seçeneğine burada izin verilmiyor" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "'log-all' seçeneğine burada izin verilmiyor" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Hatalı port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Port aralıkları sayısal olmalıdır" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "'%s' protokolünde geçersiz port" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Hatalı argüman sayısı" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "'to' veya 'from' ifadesi gerekli" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Uygunsuz kural sözdizimi" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Geçersiz jeton '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Geçersiz 'proto' ifadesi" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Geçersiz '%s' ifadesi" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Geçersiz 'from' ifadesi" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Geçersiz 'to' ifadesi" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "'%s' ile 'from' veya 'to' ifadesi gerekli" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Geçersiz 'port' ifadesi" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "'from' ve 'to' için karışık IP sürümleri" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Protokol bulunamadı" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protokol uyuşmazlığı (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Belirtilen %s protokolüyle protokol uyuşmazlığı" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Uygunsuz kural sözdizimi ('%s' uygulama kuralında belirtilmiş)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "'%s' protokolüyle geçersiz IPv6 adresi" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Yönlendirme kuralı için geçersiz arayüz ifadesi" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "'%s' komutu halihazırda var" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Pid bulunamadı (/proc dizini bağlı mı?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "'%s' için üst sürece ait pid bulunamadı" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "'%s' bulunamadı" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "'%s' için çalıştırılabilir dosya bulunamadı" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "'%s' için istatistikler getirilemedi" ufw-0.36/locales/po/cs.po0000644000175000017500000006554613257507473014241 0ustar jamiejamie# Czech translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2013-12-18 12:21+0000\n" "Last-Translator: Tadeáš Pařík \n" "Language-Team: Czech \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ":Vyžaduje alespoň python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Zrušeno" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Adresář profilů neexistuje" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Přeskakuji '%s': nelze kopírovat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "'%s' se přeskakuje: příliš velké" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Přeskakuji '%s': přečteno příliš mnoho souborů" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Přeskakuji '%s': nelze zpracovat" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Přeskakuji '%s': příliš dlouhý název" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Přeskakuje se '%s': neplatné jméno" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Přeskakuji '%s': je také v /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Přeskakuji '%s': příliš dlouhé pole" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Přeskakuji '%(value)s': hodnota je pro '%(field)s' příliš dlouhá" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Kopíruji profil '%s', používám poslední nalezený" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profilu '%(fn)s' chybí vyžadované pole '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profil '%(fn)s' má prázdné požadované pole '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "V profilu '%s' nebyly nalezeny žádné porty" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Nesprávné porty v profilu '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nové profily:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Nepodporovaná politika „%s”" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Nepodporovaná politika pro směr '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Výchozí politika %(direction)s změněna na '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(ujistěte se, že patřičně upravíte svá pravidla)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Kontroluje se řádek tabulky IP\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Kontroluje se řádek tabulky IP6\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Kontroluje se tabulka IP\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Kontroluje se tabulka IP6\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problém při spouštění" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Stav: neaktivní" #: src/backend_iptables.py:432 msgid "To" msgstr "Do" #: src/backend_iptables.py:433 msgid "From" msgstr "Od" #: src/backend_iptables.py:434 msgid "Action" msgstr "Akce" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Výchozí: %(in)s (příchozí), %(out)s (odchozí), %(routed)s (směrované)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Stav: aktivní\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Stav: aktivní%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "spouští se ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problém spuštěného ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Nelze nastavit LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Nelze načíst pravidla pro logování" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Nepodařilo se otevřít „%s” pro čtení" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Přeskakuji nesprávnou dvojici (špatná velikost): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Přeskoční chybné n-tice (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Přeskakuji nesprávnou dvojici: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "Do '%s' nelze zapisovat" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Přidání pravidla IPv6 selhalo: IPv6 není povoleno" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Přeskakuje se nepodporované pravidlo IPv6 „%s”" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Přeskočení nepodporovaného pravidla IPv4 '%s'" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Je třeba zvolit 'tcp' nebo 'udp' s více porty" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Přeskočení aplikačního pravdila IPv6. Je potřeba alespoň iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Špatná pozice '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Nelze specifikovat vložení a mazání" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Nelze vložit pravidlo na pozici '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Přeskakuje se vkládání již existujícího pravidla" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Nelze odstranit neexistující pravidlo" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Přeskakuje se přidání již existujícího pravidla" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Nelze aktualizovat soubor pravidel" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Pravidla aktualizována" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Pravidla aktualizována (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Pravidlo vloženo" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Pravidlo aktualizováno" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (přeskočeno znovunačtení firewallu)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Pravidlo smazáno" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Pravidlo přidáno" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Nepodařilo se aktualizovat běžící firewall" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Nelze provést '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Nelze aktualizovat soubor pravidel pro přihlašování" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Neplatná úroveň logu '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "'%s' nebylo nalezeno. Probíhá zrušení" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' již existuje. Probíhá zrušení" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Zálohování '%(old)s' do '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Nelze vykonat stat „%s”" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "VAROVÁNÍ: '%s' je veřejně zapisovatelný" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "VAROVÁNÍ: '%s' je veřejně přístupný ke čtení" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Nelze určit verzi iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problém při běhu sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroly vypnuty" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "CHYBA: tento skript nemá být SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "CHYBA: tento skript nemá být SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Abyste mohli spustit tento skript, musíte být root" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' neexistuje" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid je %(uid)s, ale '%(path)s' vlastní %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s je zapisovatelný pro všechny!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s je zapisovatelný pro skupinu!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' soubor '%(name)s' neexistuje" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Chybějící pravidlo pro '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Neplatné pravidlo '%(policy)s' pro '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Neplatná volba" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Výchozí politika aplikace změněna na '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Nebyla nalezena žádná pravidla pro profil aplikace" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Pravidla aktualizována pro profil '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Nelze aktualizovat pravidla aplikace" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Nalezeno několik shod pro '%s'. Prosím použijte přesné jméno profilu" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Nelze nálezt profil '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Přihlašování: " #: src/backend.py:579 msgid "unknown" msgstr "Neznámý" #: src/backend.py:606 msgid "Logging disabled" msgstr "Záznam vypnutý" #: src/backend.py:608 msgid "Logging enabled" msgstr "Záznam zapnutý" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Chybný port „%s”" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Nepodporovaný protokol „%s”" #: src/common.py:280 msgid "Bad source address" msgstr "Chybná zdrojová adresa" #: src/common.py:290 msgid "Bad destination address" msgstr "Chybná cílová adresa" #: src/common.py:298 msgid "Bad interface type" msgstr "Špatný typ rozhraní" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Špatný název rohraní: vyhrazený znak: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Špatné jméno rohraní" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Špatné jméno rozhraní: nelze použít alias prostředí" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Pozice pro vložení '%s' není platnou pozicí" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Neplatný typ logu '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Nepodporovaný směr '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Nelze normalizovat adresu zdroje" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Není možné normalizovat cílovou adresu" #: src/common.py:425 msgid "Found exact match" msgstr "Nalezena přesná shoda" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Nalezena shoda, která není akcí ani typem záznamu (%(xa)s/%(ya)s " "%(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Použití: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s povolí firewall\n" " %(disable)-31s zakáže firewall\n" " %(default)-31s nastaví výchozí zásady\n" " %(logging)-31s nastaví logování na %(level)s\n" " %(allow)-31s přidá allow %(rule)s\n" " %(deny)-31s přidá deny %(rule)s\n" " %(reject)-31s přidá reject %(rule)s\n" " %(limit)-31s přidá limit %(rule)s\n" " %(delete)-31s smaže %(urule)s\n" " %(insert)-31s vloží %(urule)s do %(number)s\n" " %(reload)-31s opětovné načtení firewall\n" " %(reset)-31s resetuje firewall\n" " %(status)-31s zobrazí stav firewallu\n" " %(statusnum)-31s zobrazí stav firewallu jako číselný seznam %(rules)s\n" " %(statusverbose)-31s zobrazí podrobný stav firewallu\n" " %(show)-31s zobrazí report firewallu\n" " %(version)-31s zobrazí informace o verzi\n" "\n" "%(appcommands)s:\n" " %(applist)-31s seznam aplikačních profilů\n" " %(appinfo)-31s zobrazí informaci o %(profile)s\n" " %(appupdate)-31s aktualizuje %(profile)s\n" " %(appdefault)-31s nastaví výchozí chování\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "a" #: src/frontend.py:166 msgid "yes" msgstr "ano" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall je aktivní a spouštění při startu systému povoleno" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall je zastaven a nebude se spouštět při startu systému" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Nelze spustit stav naslouchání" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Uživatelské pravidlo přidáno (viz 'ufw status' pro spuštěný firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Žádný)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Neplatná verze IP „%s”" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Chybná pozice '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Podpora IPv6 není zapnuta" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Pravidlo změněno po normalizaci" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Nelze stáhnout pravidlo '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Chyba v uplatňování pravidel aplikace" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Některá pravidla nebylo možno zrušit." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Požadovaná pravidla úspěšně zrušena." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Pravidlo '%s' nebylo nalezeno" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Pravidlo '%d' nebylo nalezeno" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Mazání:\n" " %(rule)s\n" "Pokračovat (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Nepodporovaná výchozí politika" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall znovunačten" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall není povolen (přeskakuje se znovunačtení)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Chybný název profilu" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Nepodporovaná akce '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Dostupné aplikace:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Nelze nálezt profil '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Chybný profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil : %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Titul: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Popis: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Porty:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Přeskakování znovunačtení firewallu" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Nelze upřesnit 'all' s '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Neznámé pravidlo '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Příkaz může přerušit stávající ssh připojení. Přesto pokračovat " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Obnovení všech pravidel na původní hodnoty. Pokračovat (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Všechna pravidla budou navrácena do výchozích hodnot. Toto může přerušit " "stávající ssh spojení. Chcete pokračovat (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Nelze vložit pravidlo na pozici '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Neplatná klauzule rozhraní" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Volba 'log' zde není povolena" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Volba 'log-all' zde není povolena" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Chybný port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Rozsah portů musí být číselný" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Chybný port s protokolem '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Chybný počet argumentů" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Vyžadována klauzule „od” nebo „do”" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Nesprávná syntaxe pravidla" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Neplatný token „%s”" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Neplatná klauzule „proto”" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Chybná klauzule '%s'" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Neplatná klauzule „od”" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Neplatná klauzule 'Komu'" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Je zapotřebí 'Od' či 'Komu' s '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Neplatná klauzule „port”" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Smíšené verze IP v „od” a „do”" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Nelze nalézt protokol" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Neshoda protokolů (od/do)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Neshoda protokolu s určeným protokolem %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Nesprávný syntax pravidla ('%s' uvedené s pravidlem aplikace)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Chybná IPv6 adresa s protokolem '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Neplatné ustanovení pro pravidla trasování rozhraní" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Příkaz '%s' již existuje" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Nelze nalézt PID (je /proc připojen?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Nelze najít rodičovský PID pro '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Nelze nalézt '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Nelze najít spustitelný soubor pro '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Nelze získat statistiku pro '%s'" #~ msgid "--" #~ msgstr "--" #~ msgid "----" #~ msgstr "----" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Žádná shoda" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Použití: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Vyžaduje alespoň python 2.5)\n" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid je %s, ale „%s” vlastní %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "„%s” soubor „%s” neexistuje" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Výchozí politika byla změněna na „%s”\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Chybný příkaz '%s'" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Výchozí: %(in)s (příchozí), %(out)s (odchozí)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Použití: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s povolí firewall\n" #~ " %(disable)-31s zakáže firewall\n" #~ " %(default)-31s nastaví výchozí zásady\n" #~ " %(logging)-31s nastaví logování na %(level)s\n" #~ " %(allow)-31s přidá allow %(rule)s\n" #~ " %(deny)-31s přidá deny %(rule)s\n" #~ " %(reject)-31s přidá reject %(rule)s\n" #~ " %(limit)-31s přidá limit %(rule)s\n" #~ " %(delete)-31s smaže %(urule)s\n" #~ " %(insert)-31s vloží %(urule)s do %(number)s\n" #~ " %(reset)-31s resetuje firewall\n" #~ " %(status)-31s zobrazí stav firewallu\n" #~ " %(statusnum)-31s zobrazí stav firewallu jako číselný seznam %(rules)s\n" #~ " %(statusverbose)-31s zobrazí podrobný stav firewallu\n" #~ " %(show)-31s zobrazí report firewallu\n" #~ " %(version)-31s zobrazí informace o verzi\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s seznam aplikačních profilů\n" #~ " %(appinfo)-31s zobrazí informaci o %(profile)s\n" #~ " %(appupdate)-31s aktualizuje %(profile)s\n" #~ " %(appdefault)-31s nastaví výchozí chování\n" ufw-0.36/locales/po/sk.po0000644000175000017500000007150713257507473014243 0ustar jamiejamie# Slovak translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # Ivan Masár , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-09-18 00:47+0000\n" "Last-Translator: helix84 \n" "Language-Team: Slovak \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Vyžaduje najmenej python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Zrušené" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Adresár profilov neexistuje" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Preskakuje sa „%s“: nepodarilo sa stat()" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Preskakuje sa „%s“: príliš veľký" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Preskakuje sa „%s“: už bolo načítaných priveľa súborov" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Preskakuje sa „%s“: nepodarilo sa spracovať" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Preskakuje sa „%s“: názov príliš dlhý" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Preskakuje sa „%s“: neplatný názov" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Preskakuje sa „%s“: tiež v /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Preskakuje sa „%s“: pole príliš dlhé" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Preskakuje sa „%(value)s“: hodnota je príliš dlhá pre „%(field)s“" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Duplicitný profil „%s“, používa sa posledné nájdené" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profilu „%(fn)s“ chýba povinné pole „%(f)s“" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profil „%(fn)s“ nemá vyplnené povinné pole „%(f)s“" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "V profile „%s“ neboli nájdené žiadne porty" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Neplatné porty v profile „%s“" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nové profily:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Nepodporovaná politika „%s”" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Nepodporovaná politika pre smer „%s“" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Štandardná politika %(direction)s zmenená na „%(policy)s“\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(urobte príslušné aktualizácie vo vašich pravidlách)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Kontrolujú sa nespracované iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Kontrolujú sa nespracované ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Kontroluje sa iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Kontroluje sa ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problém pri spúšťaní" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Stav: neaktívny" #: src/backend_iptables.py:432 msgid "To" msgstr "Do" #: src/backend_iptables.py:433 msgid "From" msgstr "Od" #: src/backend_iptables.py:434 msgid "Action" msgstr "Operácia" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Statv: aktívny\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Stav: aktívny%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "spúšťa sa ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problém pri spúšťaní ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Nepodarilo sa nastaviť LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Nepodarilo sa načítať pravidlá zaznamenávania" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Nebolo možné otvoriť „%s” na čítanie" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Preskakuje sa chybná n-tica (chybná dĺžka): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Preskakuje sa chybná n-tica: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "„%s“ nie je prístupný na zápis" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Pridanie pravidla IPv6 zlyhalo: IPv6 nie je zapnutý" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Preskakuje sa nepodporované pravidlo IPv6 „%s”" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Preskakuje sa nepodporované pravidlo IPv4 „%s“" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Musíte uviesť „tcp“ alebo „udp“ s viacerými portami" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Preskakuje sa aplikačné pravidlo IPv6. Vyžaduje iptables aspoň verzie 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Neplatná pozícia „%d“" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Nie je možné špecifikovať vkladanie a zmazanie" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Nie je možné vložiť pravidlo na pozíciu „%d“" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Preskakuje sa vloženie existujúceho pravidla" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Nemožno zmazať neexistujúce pravidlo" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Preskakuje sa pridanie existujúceho pravidla" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Nebolo možné aktualizovať súbor pravidiel" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Pravidlá aktualizované" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Pravidlá aktualizované (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Pravidlo vložené" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Pravidlo aktualizované" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (preskočené opätovné načítanie firewallu)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Pravidlo zmazané" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Pravidlo pridané" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Nebolo možné aktualizovať bežiaci firewall" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Nebolo možné vykonať „%s“" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Nepodarilo sa aktualizovať súbor pravidiel na záznam" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Neplatná úroveň zaznamenávania „%s“" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Nebolo možné nájsť „%s“. Ruší sa" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "„%s“ už existuje. Ruší sa" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Zálohuje sa „%(old)s“ do „%(new)s“\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Nie je možné vykonať stat „%s”" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "UPOZ: do „%s“ môžu zapisovať všetci používatelia" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "UPOZ: „%s“ je prístupný na zápis všetkým používateľom" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Nebolo možné určiť verziu iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroly vypnuté" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "CHYBA: tento skript nemá byť SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "CHYBA: tento skript nemá byť SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Aby ste mohli spúšťať tento skript, musíte byť root" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "„%s“ neexistuje" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid je %(uid)s ale „%(path)s“ vlastní %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s je zapisovateľný pre všetkých!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s je zapisovateľný pre skupinu!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "„%(f)s“ súbor „%(name)s“ neexistuje" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Chýba politika pre „%s“" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Neplatná politika „%(policy)s“ pre „%(chain)s“" #: src/backend.py:298 msgid "Invalid option" msgstr "Neplatná voľba" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Štandardná politika aplikácie zmenená na „%s“" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Pre profil aplikácie neboli nájdené žiadne pravidlá" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Pravidlá profilu „%s“ aktualizované" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Nepodarilo sa aktualizovať pravidlá aplikácie" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Nájdené viaceré zhody pre „%s“. Prosím, použite presný názov profilu" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Nepodarilo sa násť profil zodpovedajúci „%s“" #: src/backend.py:575 msgid "Logging: " msgstr "Zaznamenávanie: " #: src/backend.py:579 msgid "unknown" msgstr "neznáme" #: src/backend.py:606 msgid "Logging disabled" msgstr "Záznam vypnutý" #: src/backend.py:608 msgid "Logging enabled" msgstr "Záznam zapnutý" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Chybný port „%s”" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "nepodporovaný protokol „%s”" #: src/common.py:280 msgid "Bad source address" msgstr "Chybná zdrojová adresa" #: src/common.py:290 msgid "Bad destination address" msgstr "Chybná cieľová adresa" #: src/common.py:298 msgid "Bad interface type" msgstr "Chybný typ rozhrania" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "Chybný názov rozhrania" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Chybný názov rozhrania: nemožno použiť aliasy rozhrania" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Pozícia na vloženie „%s“ nie je platná pozícia" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Neplatný typ záznamu „%s“" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Nepodporovaný smer „%s“" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Nebolo možné normalizovať zdrojovú adresu" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Nebolo možné normalizovať cieľovú adresu" #: src/common.py:425 msgid "Found exact match" msgstr "Nájdená presná zhoda" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Nájdená zhoda, ktorá nie je akcia ani typ záznamu (%(xa)s/%(ya)s " "%(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "a" #: src/frontend.py:166 msgid "yes" msgstr "ano" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall je aktívny a zapnutý pri štarte systému" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall je zastavený a nespustí sa pri štarte systému" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Nepodarilo sa zistiť stav počúvania" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Pridané používateľské pravidlá (bežiaci firewall zobrazíte pomocou „ufw " "status“):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Žiadne)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Neplatná verzia IP „%s”" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Neplatná pozícia '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Podpora IPv6 nie je zapnutá" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Pravidlo sa zmenilo po normalizácii" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Nepodarilo sa stiahnuť pravidlo „%s“" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Chyba pri pokuse použiť pravidlá aplikácie." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Niektoré pravidlá nebolo možné zrušiť." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Požadované pravidlá úspešne zrušené." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Nenájdené pravidlo „%s“" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Nebolo nájdené pravidlo „%d“" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Zmaže sa:\n" " %(rule)s\n" "Pokračovať (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Nepodporovaná štandardná politika" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall znovu načítaný" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall nie je zapnutý (preskakuje sa opätovné načítanie)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Neplatný názov profilu" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Nepodaporovaná operácia „%s“" #: src/frontend.py:700 msgid "Available applications:" msgstr "Dostupné aplikácie:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Nebolo možné násť profil „%s“" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Neplatný profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Názov: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Popis: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Porty:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Preskočené opätovné načítanie firewallu" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Nemožno zadť „all“ spolu s „--add-new“" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Neznáma politika „%s“" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Príkaz môže narušiť prebiehajúce spojenia ssh. Pokračovať (%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Všetky pravidlá sa vrátia na predinštalované hodnoty. Pokračovať " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Všetky pravidlá sa vrátia na predinštalované hodnoty. Príkaz môže narušiť " "prebiehajúce spojenia ssh. Pokračovať (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Nemožno vložiť pravidlo na pozíciu „%s“" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Neplatná klauzula rozhrania" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Tu nie je voľba „log“ povolená" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Tu nie je voľba „log-all“ povolená" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Chybný port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Rozsahy portov musia byť číselné" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Neplatný port s protokolom „%s“" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Chybný počet argumentov" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Vyžaduje sa klauzula „od” alebo „do”" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Nesprávna syntax pravidla" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Neplatný token „%s”" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Neplatná kluzula „proto”" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Nepodporovaná klauzula „%s“" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Neplatná kluzula „from”" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Neplatná kluzula „to”" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "„%s“ vyžaduje „from“ alebo „to“" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Neplatná kluzula „port”" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Zmiešané verzie IP „od” a „do”" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Nepodarilo sa nájsť protokol" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Nezhoda protokolov (od/do)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Nezhoda protokolov s určeným protokolom %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Neplatná syntax pravidla („%s“ uvedené s pravidlom aplikácie)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Neplatná IPv6 adresa s protokolom „%s“" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Príkaz „%s“ už existuje" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Nenájdený PID (je /proc pripojený?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Nenájdený PID rodiča „%s“" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Nenájdený „%s“" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Nenájdený spustiteľný súbor „%s“" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Nepodarilo sa získať štatistiku „%s“" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid je %s, ale „%s” vlastní %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "„%s” súbor „%s” neexistuje" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Štandardná politika sa zmenila na „%s”\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Bez zhody" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Použitie: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Vyžaduje aspoň Python 2.5)\n" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Preskakuje sa „%s“: hodnota príliš dlhá na „%s“" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Profilu „%s“ chýba povinné pole „%s“" #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "Profil „%s“ má prázdne povinné pole „%s“" #~ msgid "Status: active" #~ msgstr "Stav: aktívny" #, python-format #~ msgid "Default: %s" #~ msgstr "Štandardne: %s" #~ msgid "Found non-action/non-logtype match (%s/%s %s/%s)" #~ msgstr "Nájdená zhoda, ktorá nie je operácia ano typ záznamu (%s/%s %s/%s)" #~ msgid "" #~ " COMMAND\n" #~ "\n" #~ "Commands:\n" #~ " enable\t\t\t\tenables the firewall\n" #~ " disable\t\t\tdisables the firewall\n" #~ " default ARG\t\t\tset default policy to ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tset logging to OFF, ON or LEVEL\n" #~ " allow|deny|reject ARG\t\tadd allow, deny or reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgstr "" #~ " PRÍKAZ\n" #~ "\n" #~ "Príkazy:\n" #~ " enable\t\t\t\tzapne firewall\n" #~ " disable\t\t\tvypne firewall\n" #~ " default ARG\t\t\tnastaví štandardnú politiku ALLOW, DENY alebo REJECT\n" #~ " logging ARG\t\t\tnastaví vedenie záznamu na OFF, ON alebo ÚROVEŃ\n" #~ " allow|deny|reject ARG\t\tpridať allow, deny alebo reject PRAVIDLO\n" #~ " delete PRAVIDLO\t\t \tzmazať PRAVIDLO\n" #~ " insert POZ PRAVIDLO\t \tvložiť PRAVIDLO na POZ\n" #~ " status \t\t\tzobraziť stav firewallu\n" #~ " status numbered\t\tzobraziť stav firewallu ako očísloaný zoznam PRAVIDIEL\n" #~ " show ARG\t\t\tzobraziť správu firewallu\n" #~ " version\t\t\tzobraziť informácie o verzii\n" #~ "\n" #~ "Príkazy profilu aplikácie:\n" #~ " app list\t\t\tvypísať profily aplikácie\n" #~ " app info PROFIL\t\tzobraziť informácie o PROFILE\n" #~ " app update PROFIL\t\taktualizovať PROFIL\n" #~ " app default ARG\t\tnastaviť politiku profilu na ALLOW, DENY, REJECT alebo\n" #~ "\t\t\t\tSKIP\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Príkaz môže narušiť existujúce pripojenia ssh." #~ msgid " Proceed with operation (%s|%s)? " #~ msgstr " Pokračovať (%s|%s)? " #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Štandardne: %(in)s (prichádzajúce), %(out)s (odchádzajúce)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Použitie: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s zapne firewall\n" #~ " %(disable)-31s vypne firewall\n" #~ " %(default)-31s nastaví predvolenú politiku\n" #~ " %(logging)-31s nastaví záznam na %(level)s\n" #~ " %(allow)-31s pridá povolenie %(rule)s\n" #~ " %(deny)-31s pridá deny %(rule)s\n" #~ " %(reject)-31s pridá reject %(rule)s\n" #~ " %(limit)-31s pridá limit %(rule)s\n" #~ " %(delete)-31s zmaže %(urule)s\n" #~ " %(insert)-31s vloží %(urule)s na %(number)s\n" #~ " %(reset)-31s reštartuje firewall\n" #~ " %(status)-31s zobrazí stav firewallu\n" #~ " %(statusnum)-31s zobrazí stav firewallu ako číslovaný zoznam %(rules)s\n" #~ " %(statusverbose)-31s zobrazí podrobný výpis stavu firewallu\n" #~ " %(show)-31s zobrazí správu firewallu\n" #~ " %(version)-31s zobrazí informácie o verzii\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s zobrazí zoznam profilov aplikácií\n" #~ " %(appinfo)-31s zobrazí informácie o %(profile)s\n" #~ " %(appupdate)-31s aktualizuje %(profile)s\n" #~ " %(appdefault)-31s nastaví predvolenú politiku aplikácií\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Neplatný príkaz „%s“" ufw-0.36/locales/po/en_GB.po0000644000175000017500000006337513257507473014604 0ustar jamiejamie# English (United Kingdom) translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-08-17 23:21+0000\n" "Last-Translator: Anthony Harrington \n" "Language-Team: English (United Kingdom) \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Need at least python 3.2)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Aborted" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profiles directory does not exist" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Skipping '%s': couldn't stat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Skipping '%s': too big" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Skipping '%s': too many files read already" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Skipping '%s': couldn't process" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Skipping '%s': name too long" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Skipping '%s': invalid name" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Skipping '%s': also in /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Skipping '%s': field too long" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Skipping '%(value)s': value too long for '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Duplicate profile '%s', using last found" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profile '%(fn)s' missing required field '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profile '%(fn)s' has empty required field '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "No ports found in profile '%s'" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Invalid ports in profile '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "New profiles:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Unsupported policy '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Unsupported policy for direction '%s'" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Default %(direction)s policy changed to '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(be sure to update your rules accordingly)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Checking raw iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Checking raw ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Checking iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Checking ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problem running" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status: inactive" #: src/backend_iptables.py:432 msgid "To" msgstr "To" #: src/backend_iptables.py:433 msgid "From" msgstr "From" #: src/backend_iptables.py:434 msgid "Action" msgstr "Action" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: active%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "running ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problem running ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Could not set LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Could not load logging rules" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Couldn't open '%s' for reading" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Skipping malformed tuple (bad length): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Skipping malformed tuple (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Skipping malformed tuple: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' is not writable" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Adding IPv6 rule failed: IPv6 not enabled" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Skipping unsupported IPv6 '%s' rule" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Skipping unsupported IPv4 '%s' rule" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Must specify 'tcp' or 'udp' with multiple ports" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "Skipping IPv6 application rule. Need at least iptables 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Invalid position '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Cannot specify insert and delete" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Cannot insert rule at position '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Skipping inserting existing rule" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Could not delete non-existent rule" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Skipping adding existing rule" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Couldn't update rules file" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Rules updated" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Rules updated (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Rule inserted" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Rule updated" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (skipped reloading firewall)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Rule deleted" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Rule added" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Could not update running firewall" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Could not perform '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Couldn't update rules file for logging" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Invalid log level '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Could not find '%s'. Aborting" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' already exists. Aborting" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Backing up '%(old)s' to '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Couldn't stat '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "WARN: '%s' is world writable" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "WARN: '%s' is world readable" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Could not determine iptables version" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problem running sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Checks disabled" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERROR: This script should not be SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERROR: This script should not be SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "In order to run this script, you need to be root" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' does not exist" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s is world writable!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s is group writable!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' file '%(name)s' does not exist" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Missing policy for '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Invalid policy '%(policy)s' for '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Invalid option" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Default application policy changed to '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "No rules found for application profile" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Rules updated for profile '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Couldn't update application rules" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "Found multiple matches for '%s'. Please use exact profile name" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Could not find a profile matching '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Logging: " #: src/backend.py:579 msgid "unknown" msgstr "unknown" #: src/backend.py:606 msgid "Logging disabled" msgstr "Logging disabled" #: src/backend.py:608 msgid "Logging enabled" msgstr "Logging enabled" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Bad port '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Unsupported protocol '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Bad source address" #: src/common.py:290 msgid "Bad destination address" msgstr "Bad destination address" #: src/common.py:298 msgid "Bad interface type" msgstr "Bad interface type" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Bad interface name: reserved character: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Bad interface name" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Bad interface name: can't use interface aliases" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Insert position '%s' is not a valid position" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Invalid log type '%s'" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Unsupported direction '%s'" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Could not normalise source address" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Could not normalise destination address" #: src/common.py:425 msgid "Found exact match" msgstr "Found exact match" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "yes" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall is active and enabled on system startup" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall stopped and disabled on system startup" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Could not get listening status" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Added user rules (see 'ufw status' for running firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(None)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Invalid IP version '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Invalid position '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6 support not enabled" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Rule changed after normalisation" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Could not back out rule '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Error applying application rules." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Some rules could not be unapplied." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Attempted rules successfully unapplied." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Could not find rule '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Could not find rule '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Unsupported default policy" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall reloaded" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall not enabled (skipping reload)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Invalid profile name" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Unsupported action '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Available applications:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Could not find profile '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Invalid profile" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profile: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Title: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Description: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Ports:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Skipped reloading firewall" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Cannot specify 'all' with '--add-new'" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Unknown policy '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Cannot insert rule at position '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Invalid interface clause" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Option 'log' not allowed here" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Option 'log-all' not allowed here" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Bad port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Port ranges must be numeric" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Invalid port with protocol '%s'" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Wrong number of arguments" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Need 'to' or 'from' clause" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Improper rule syntax" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Invalid token '%s'" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Invalid 'proto' clause" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Invalid '%s' clause" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Invalid 'from' clause" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Invalid 'to' clause" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Need 'from' or 'to' with '%s'" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Invalid 'port' clause" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Mixed IP versions for 'from' and 'to'" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Could not find protocol" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protocol mismatch (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protocol mismatch with specified protocol %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Improper rule syntax ('%s' specified with app rule)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Invalid IPv6 address with protocol '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Invalid interface clause for route rule" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Command '%s' already exists" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Could not find pid (is /proc mounted?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Could not find parent pid for '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Could not find '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Could not find executable for '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Could not get statistics for '%s'" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid is %s but '%s' is owned by %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' file '%s' does not exist" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Default policy changed to '%s'\n" #~ msgid "------" #~ msgstr "------" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "No match" #~ msgstr "No match" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Usage: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Need at least python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Default: %(in)s (incoming), %(out)s (outgoing)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Invalid command '%s'" ufw-0.36/locales/po/tl.po0000644000175000017500000004126313257507473014241 0ustar jamiejamie# Tagalog translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:31+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Tagalog \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/id.po0000644000175000017500000004127113257507473014215 0ustar jamiejamie# Indonesian translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:21+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Indonesian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/it.po0000644000175000017500000007017213257507473014237 0ustar jamiejamie# Italian translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2013-08-12 08:23+0000\n" "Last-Translator: Claudio Arseni \n" "Language-Team: Italian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": necessario almeno Python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Terminato" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "La directory dei profili non esiste" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Omesso \"%s\": impossibile eseguire stat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Omesso \"%s\": troppo grande" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Omesso \"%s\": già troppe letture di file" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Omesso \"%s\": impossibile elaborare" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Omesso \"%s\": nome troppo lungo" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Omesso \"%s\": nome non valido" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Omesso \"%s\": anche in /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Omesso \"%s\": campo troppo lungo" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Omesso \"%(value)s\": valore troppo lungo per \"%(field)s\"" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Profilo \"%s\" duplicato, usato l'ultimo trovato" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Al profilo \"%(fn)s\" manca il campo necessario \"%(f)s\"" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Il profilo \"%(fn)s\" presenta il campo richiesto \"%(f)s\" vuoto" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Nessuna porta trovata nel profilo \"%s\"" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Porte non valide nel profilo \"%s\"" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nuovi profili:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Politica \"%s\" non supportata" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Politica non supportata per la direzione \"%s\"" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Politica %(direction)s predefinita cambiata in \"%(policy)s\"\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(assicurarsi di aggiornare le proprie regole di conseguenza)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Controllo grezzo iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Controllo grezzo ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Controllo di iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Controllo di ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema nell'esecuzione" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Stato: inattivo" #: src/backend_iptables.py:432 msgid "To" msgstr "A" #: src/backend_iptables.py:433 msgid "From" msgstr "Da" #: src/backend_iptables.py:434 msgid "Action" msgstr "Azione" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Predefinito: %(in)s (in entrata), %(out)s (in uscita), %(routed)s " "(instradato)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Stato: attivo\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Stato: attivo%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "esecuzione di ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "problema nell'eseguire ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Impossibile impostare LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Impossibile caricare le regole di registro" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Impossibile aprire \"%s\" in lettura" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Omissione tuple malformate (lunghezza errata): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Saltare tuple malformate (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Omissione tuple malformate: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "\"%s\" non è scrivibile" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Aggiunta regola IPv6 non riuscita: IPv6 non abilitato" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Omissione regola IPv6 \"%s\" non supportata" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Saltata regola IPv4 «%s» non supportata" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "È necessario specificare \"tcp\" o \"upd\" con porte multiple" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Omessa regola di applicazione IPv6. Necessario iptables 1.4 o superiore" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Posizione \"%d\" non valida" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Impossibile specificare \"insert\" e \"delete\"" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Impossibile inserire la regola alla posizione \"%d\"" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Omesso l'inserimento di regola esistente" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Impossibile eliminare una regola inesistente" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Omessa l'aggiunto di regola esistente" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Impossibile aggiornare il file delle regole" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regole aggiornate" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regole aggiornate (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regola inserita" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regola aggiornata" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (omesso aggiornamento firewall)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regola eliminata" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regola aggiunta" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Impossibile aggiornare il firewall in esecuzione" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Impossibile eseguire \"%s\"" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Impossibile aggiornare il file delle regole per la registrazione" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Livello di registro \"%s\" non valido" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Impossibile trovare \"%s\". Interrotto" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "\"%s\" esiste già. Interrotto" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Copia di sicurezza di «%(old)s» in «%(new)s»\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Impossibile eseguire stat su \"%s\"" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "ATTENZIONE: \"%s\" è scrivibile da tutti" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "ATTENZIONE: \"%s\" è leggibile a chiunque" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Impossibile determinare la versione di iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "Problema nell'esecuzione di sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Controlli disabilitati" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERRORE: questo script non dovrebbe essere SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERRORE: questo script non dovrebbe essere SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "È necessario essere root per eseguire questo script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "\"%s\" non esiste" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "UID è %(uid)s, ma \"%(path)s\" è posseduto da %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s è scrivibile da tutti." #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s è scrivibile dal gruppo." #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "\"%(f)s\" il file \"%(name)s\" non esiste" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Politica mancante per \"%s\"" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Politica \"%(policy)s\" non valida per \"%(chain)s\"" #: src/backend.py:298 msgid "Invalid option" msgstr "Opzione non valida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Politica predefinita dell'applicazione cambiata a \"%s\"" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Nessuna regola trovata per il profilo dell'applicazione" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regole aggiornate per il profilo \"%s\"" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Impossibile aggiornare le regole di applicazione" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Trovate corrispondenze multiple per \"%s\". Usare il nome di profilo esatto" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Impossibile trovare un profilo che corrisponda a \"%s\"" #: src/backend.py:575 msgid "Logging: " msgstr "Registrazione: " #: src/backend.py:579 msgid "unknown" msgstr "sconosciuta" #: src/backend.py:606 msgid "Logging disabled" msgstr "Registazione disabilitata" #: src/backend.py:608 msgid "Logging enabled" msgstr "Registrazione abilitata" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Porta \"%s\" errata" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocollo \"%s\" non supportato" #: src/common.py:280 msgid "Bad source address" msgstr "Indirizzo sorgente errato" #: src/common.py:290 msgid "Bad destination address" msgstr "Indirizzo di destinazione errato" #: src/common.py:298 msgid "Bad interface type" msgstr "Tipo di interfaccia errato" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Nome interfaccia inappropriato: carattere riservato: \"!\"" #: src/common.py:306 msgid "Bad interface name" msgstr "Nome di interfaccia errato" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Nome di interfaccia errata: impossibile usare gli alias di interfaccia" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "La posizione di inserimento \"%s\" non è una posizione valida" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Tipo di registrazione \"%s\" non valido" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Direzione \"%s\" non supportata" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Impossibile normalizzare l'indirizzo sorgente" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Impossibile normalizzare l'indirizzo di destinazione" #: src/common.py:425 msgid "Found exact match" msgstr "Trovata corrispondenza esatta" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Trovata corrispondenza non-azione/non-logtype (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Uso: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s Abilita il firewall\n" " %(disable)-31s Disabilita il firewall\n" " %(default)-31s Imposta la politica predefinita\n" " %(logging)-31s Imposta la registrazione a %(level)s\n" " %(allow)-31s Aggiunge la %(rule)s allow\n" " %(deny)-31s Aggiunge la %(rule)s deny\n" " %(reject)-31s Aggiunge la %(rule)s reject\n" " %(limit)-31s Aggiunge la %(rule)s limit\n" " %(delete)-31s Elimina %(urule)s\n" " %(insert)-31s Inserisce %(urule)s a %(number)s\n" " %(reload)-31s Ricarica il firewall\n" " %(reset)-31s Azzera il firewall\n" " %(status)-31s Mostra lo stato del firewall\n" " %(statusnum)-31s Mostra lo stato del firewall come elenco numerato di " "%(rules)s\n" " %(statusverbose)-31s Mostra lo stato del firewall in modo prolisso\n" " %(show)-31s Mostra il rapporto del firewall\n" " %(version)-31s Mostra le informazioni di versioni\n" "\n" "%(appcommands)s:\n" " %(applist)-31s Elenca i profili di applicazione\n" " %(appinfo)-31s Mostra le informazioni su %(profile)s\n" " %(appupdate)-31s Aggiorna %(profile)s\n" " %(appdefault)-31s Imposta la politica di applicazione predefinita\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "s" #: src/frontend.py:166 msgid "yes" msgstr "sì" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Firewall attivo e abilitato all'avvio del sistema" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Firewall fermato e disabilitato all'avvio del sistema" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Impossibile ottenere lo stato come elenco" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Aggiunte regole utente (consultare «ufw status» per eseguire il firewall):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Nessuna)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Versione IP \"%s\" non valida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Posizione non valida '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Supporto a IPv6 non abilitato" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regola cambiata dopo la normalizzazione" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Impossibile annullare le modifiche apportate alla regola \"%s\"" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Errore nell'applicare le regole di applicazione." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Alcune regole non possono essere disattivate." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Regole di prova disattivate con successo." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Impossibile trovare la regola \"%s\"" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Impossibile trovare la regola %d" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Eliminazione:\n" " %(rule)s\n" "Procedere con l'operazione (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Politica predefinita non supportata" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Firewall ricaricato" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Firewall non abilitato (omesso aggiornamento)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Nome di profilo non valido" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Azione \"%s\" non supportata" #: src/frontend.py:700 msgid "Available applications:" msgstr "Applicazioni disponibili:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Impossibile trovare il profilo \"%s\"" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Profilo non valido" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profilo: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Titolo: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Descrizione: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Porte:" #: src/frontend.py:741 msgid "Port:" msgstr "Porta:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Omesso aggiornamento firewall" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Impossibile specificare \"all\" con \"--add-new\"" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Politica \"%s\" sconosciuta" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Il comando potrebbe interrompere le connessioni SSH esistenti. Procedere con " "l'operazione (%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Si sta per azzerare tutte le regole a quelle predefinite. Procedere con " "l'operazione (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Si sta per azzerare tutte le regole a quelle predefinite. Ciò potrebbe " "interrompere le connessioni SSH esistenti. Procedere con l'operazione " "(%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Impossibile inserire la regola alla posizione \"%s\"" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Clausola di intefaccia non valida" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Opzione \"log\" non ammessa qui" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Opzione \"log-all\" non ammessa qui" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Porta errata" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Gli intervalli di porta devono essere numerici" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Porta non valida col protocollo \"%s\"" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Numero di argomenti errato" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Necessaria clausola \"to\" o \"from\"" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Sintassi di regola impropria" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Token \"%s\" non valido" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Clausola \"proto\" non valida" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Clausola \"%s\" non valida" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Clausola \"from\" non valida" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Clausola \"to\" non valida" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Necessario \"from\" o \"to\" assieme a \"%s\"" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Clausola \"port\" non valida" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Versioni di IP eterogenee per \"from\" e \"to\"" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Impossibile trovare il protocollo" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Discrepanza di protocollo (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Discrepanza di protocollo con il protocollo %s specificato" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "Sintassi di regola impropria (\"%s\" specificata con regola di applicazione)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Indirizzo IPv6 non valido col protocollo \"%s\"" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Clausola interfaccia non valida per la regola di instradamento" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Il comando \"%s\" esiste già" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Impossibile trovare il PID (forse /proc non è montato)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Impossibile trovare il PID genitore per \"%s\"" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Impossibile trovare \"%s\"" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Impossibile trovare l'eseguibile per \"%s\"" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Impossibile ottenere le statistiche per \"%s\"" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "l'UID è %s, ma \"%s\" è posseduto da %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "\"%s\" file \"%s\" non esiste" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Politica predefinita cambiata in \"%s\"\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Nessuna corrispondenza" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Uso: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": necessario python versione 2.5 o superiore)\n" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Omesso \"%s\": valore troppo lungo per \"%s\"" #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "Profilo \"%s\" con il campo richiesto \"%s\" vuoto" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Profilo \"%s\" senza il campo richiesto \"%s\"" #~ msgid "Status: active" #~ msgstr "Stato: attivo" #, python-format #~ msgid "Default: %s" #~ msgstr "Predefinito: %s" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Il comando potrebbe far cadere le connessioni ssh esistenti." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Predefinito: %(in)s (in entrata), %(out)s (in uscita)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Uso: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s abilita il firewall\n" #~ " %(disable)-31s disabilita il firewall\n" #~ " %(default)-31s imposta la politica predefinita\n" #~ " %(logging)-31s imposta la registrazione a %(level)s\n" #~ " %(allow)-31s aggiunge la %(rule)s allow\n" #~ " %(deny)-31s aggiunge la %(rule)s deny\n" #~ " %(reject)-31s aggiunge la %(rule)s reject\n" #~ " %(limit)-31s aggiunge la %(rule)s limit\n" #~ " %(delete)-31s elimina %(urule)s\n" #~ " %(insert)-31s inserisce %(urule)s a %(number)s\n" #~ " %(reset)-31s azzera il firewall\n" #~ " %(status)-31s mostra lo stato del firewall\n" #~ " %(statusnum)-31s mostra lo stato del firewall come elenco numerato di " #~ "%(rules)s\n" #~ " %(statusverbose)-31s mostra lo stato del firewall in modo prolisso\n" #~ " %(show)-31s mostra il rapporto del firewall\n" #~ " %(version)-31s mostra le informazioni di versioni\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s elenca i profili di applicazione\n" #~ " %(appinfo)-31s mostra le informazioni su %(profile)s\n" #~ " %(appupdate)-31s aggiorna %(profile)s\n" #~ " %(appdefault)-31s imposta la politica di applicazione predefinita\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Comando \"%s\" non valido" ufw-0.36/locales/po/ar.po0000644000175000017500000004166113257507473014226 0ustar jamiejamie# Arabic translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:15+0000\n" "Last-Translator: Nizar Kerkeni \n" "Language-Team: Arabic \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "إلى" #: src/backend_iptables.py:433 msgid "From" msgstr "من" #: src/backend_iptables.py:434 msgid "Action" msgstr "الإجراء" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "التسجيل معطّل" #: src/backend.py:608 msgid "Logging enabled" msgstr "التسجيل مفعّل" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "وجدتُ مطابقة تامة" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "--" #~ msgstr "--" #~ msgid "----" #~ msgstr "----" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "لا تطابق" ufw-0.36/locales/po/pl.po0000644000175000017500000004136513257507473014240 0ustar jamiejamie# Polish translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-08-28 01:01+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Polish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Niewspierana polityka '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Skrypt wymaga uprawnień administracyjnych" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/ca.po0000644000175000017500000004557213257507473014214 0ustar jamiejamie# Catalan translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:14+0000\n" "Last-Translator: Xan \n" "Language-Team: Catalan \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "S'ha avortat" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "El directori de perfils no existeix" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "S'omet «%s»: no s'ha pogut veure l'estat" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "S'omet «%s»: és massa gran" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "S'omet «%s»: massa fitxers per llegir" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "S'omet «%s»: no s'ha pogut processar" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "S'omet «%s»: nom massa llarg" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "S'omet «%s»: nom no vàlid" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "S'omet «%s»: també és a /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "S'omet «%s»: camp massa llarg" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "S'omet «%(value)s»: valor massa llarg per a «%(field)s»" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Perfil duplicat «%s», s'utilitza l'últim trobat" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Al perfil «%(fn)s» falta el camp requerit «%(f)s»" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "El perfil «%(fn)s» té buit el camp requerit «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "No s'han trobat ports al perfil «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Ports no vàlids al perfil «%s»" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Perfils nous:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "La política «%s» no és admesa" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Política no admesa per a l'adreça «%s»" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" "La política %(direction)s per omissió ha estat canviada a «%(policy)s»\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(aneu amb compte d'actualitzar les vostres regles consegüentment)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "S'està comprovant iptables en brut (raw)\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "S'està comprovant ip6tables en brut (raw)\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "S'està verificant iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "S'està verificant ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema executant-se" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Estat: inactiu" #: src/backend_iptables.py:432 msgid "To" msgstr "A" #: src/backend_iptables.py:433 msgid "From" msgstr "Des de" #: src/backend_iptables.py:434 msgid "Action" msgstr "Acció" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "No es pot obrir '%s' per a llegir" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "No es pot actualitzar l'arxiu de regles" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regles actualitzades" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regles actualitzades (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regla actualitzada" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regla esborrada" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regla afegida" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "No es pot actualitzar el tallafocs en execució" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "No es pot fer estat %s" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Comprovació desactivada" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERROR: aquest script no hauria de ser SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERROR: aquest script no hauria de ser SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Necessiteu ser superusuari (root) per executar aquest script" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s es pot escriure per tothom" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s es pot escriure pel seu grup" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Opció invàlida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Port '%s' incorrecte" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocol '%s' no suportat" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "S'ha trobat una coincidència exacta" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "La versió de la IP '%s' no és vàlida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "El suport per a IPv6 no està habilitat" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "La clàusula 'from' és incorrecta" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "----" #~ msgstr "----" #~ msgid "No match" #~ msgstr "Cap coincidència" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "L'uid és %s però '%s' pertany a %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' arxiu '%s' no existeix" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "La política per defecte s'ha canviat a '%s'\n" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Almenys es necessita python 2.5)\n" ufw-0.36/locales/po/ko.po0000644000175000017500000004124513257507473014233 0ustar jamiejamie# Korean translation for ufw # Copyright (c) 2015 Rosetta Contributors and Canonical Ltd 2015 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2015. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2015-01-17 11:44+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Korean \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/uk.po0000644000175000017500000010075113257507473014237 0ustar jamiejamie# Ukrainian translation for ufw # Copyright (c) 2013 Rosetta Contributors and Canonical Ltd 2013 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2013. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2013-11-08 16:11+0000\n" "Last-Translator: Микола Ткач \n" "Language-Team: Ukrainian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Потрібен python версії не нижче 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Перервано" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Відсутня директорія профілів" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Пропуск «%s»: неможливо зібрати статистику" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Пропуск '%s': дуже великий" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Пропуск '%s': забагото файлів вже прочитано" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Пропуск '%s': неможливо опрацювати" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Пропуск '%s': ім'я завелике" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Пропуск '%s': неправильне ім'я" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Пропуск «%s»: інформація вже знаходиться у /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Пропуск '%s': задовгі поля" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Пропускання '%(value)s': значення задовге для '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Дублювання профілю '%s', використовуючи останній знайдений" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Профіль '%(fn)s' вимагається поле '%(f)s', яке відсутнє" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Профіль «%(fn)s» містить порожнє обов’язкове поле «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Не вказано портів у профілі «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Помилкові порти у профілі '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Нові профілі:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Непідтримуване правило «%s»" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Непідтримуване правило для напрямку «%s»" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Типова політика для %(direction)s змінена на '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(переконайтеся, що оновили ваші правила належним чином)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Перевірка рядів iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Перевірка рядів ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Перевірка iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Перевірка ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "проблема запуску" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Стан: неактивний" #: src/backend_iptables.py:432 msgid "To" msgstr "До" #: src/backend_iptables.py:433 msgid "From" msgstr "З" #: src/backend_iptables.py:434 msgid "Action" msgstr "Дія" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Стан: активний\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Стан: активний%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "виконання ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "проблема запуску ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Не вдається встановити LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Не вдається прочитати правила журналу" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Не вдається відкрити '%s' для читання" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Пропуск некоректних елементів (неправильна довжина): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Пропуск некоректних елементів: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "«%s» недоступний для запису" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Додавання правила IPv6 не вдалося: IPv6 не увімкнений" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Пропускання непідтримуване IPv6 '%s' правило" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Пропуск не підтримуваного правила «%s» для IPv4" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "При декількох портах має бути вказано «tcp» або «udp»" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Пропуск правила додатку IPv6. Вимагається iptables версії не нижче 1.4" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Некоректна позиція '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Не вдалося розпізнати вставку або вилучення" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Неможливо вставити правило у позицію '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Пропуск вставки правила що існує" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Неможливо вилучити правило якого не існує" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Пропуск додавання правила що існує" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Не вдається оновити файл правил" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Правила оновлено" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Правила оновлено (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Правило вставлено" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Правило оновлено" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (пропущено перезавантаження брандмауера)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Правило вилучено" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Правило додано" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Не вдається оновити запущений брандмауер" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Не вдалося виконати '%s'" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Не вдалося оновити файл правил журналювання" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Неправильний рівень журналювання '%s'" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Не вдається знайти '%s'. Переривання" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' вже існує. Переривання" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Резервне копіювання з '%(old)s' до '%(new)s'\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Не вдалося отримати статус «%s»" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "Попередження: '%s' доступний для запису усім" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "Попередження: '%s' доступний для читання усім" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Не вдалося визначити версію iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "проблема при виконанні sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Перевірки вимкнено" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ПОМИЛКА: цей скрипт не має бути SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ПОМИЛКА: цей скрипт не має бути SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Ви маєте бути супер-користувачем, щоб запустити цей скрипт" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' не існує." #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid %(uid)s, але «%(path)s» зайнятий %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s доступний для запису усім!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s доступний для запису групі!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' файл '%(name)s' не існує" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Відсутнє правило для '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Неправильне правило '%(policy)s' для '%(chain)s'" #: src/backend.py:298 msgid "Invalid option" msgstr "Некоректний параметр" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Типова політика програми змінена на '%s'" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Не знайдено жодних правил для профілю програми" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Правила оновлено для профілю '%s'" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Не вдається оновити правила програми" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Знайдено багато схожого на '%s'. Будь ласка, використовуйте точну назву " "профілю" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Не знайдено профілю подібного до '%s'" #: src/backend.py:575 msgid "Logging: " msgstr "Ведення журналу: " #: src/backend.py:579 msgid "unknown" msgstr "невідомий" #: src/backend.py:606 msgid "Logging disabled" msgstr "Ведення журналу вимкнено" #: src/backend.py:608 msgid "Logging enabled" msgstr "Ведення журналу увімкнено" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Поганий порт '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Непідтримуваний протокол '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Погана адреса джерела" #: src/common.py:290 msgid "Bad destination address" msgstr "Погана адреса призначення" #: src/common.py:298 msgid "Bad interface type" msgstr "Поганий тип інтерфейсу" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Невірне ім’я інтерфейсу: зарезервований символ: '!'" #: src/common.py:306 msgid "Bad interface name" msgstr "Погана назва інтерфейсу" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" "Неправильне ім’я інтерфейсу: неможливо використовувати псевдоніми інтерфейсу" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "Неправильна позиція вставки «%s»" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Неправильний тип '%s' журналу" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Непідтримуваний напрям «%s»" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Не вдається виправити адресу джерела" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Не вдалося привести адресу призначення до стандартного вигляду" #: src/common.py:425 msgid "Found exact match" msgstr "Знайдено точний збіг" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "Знайдено non-action/non-logtype збіг (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Використання: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s увімкнути брандмауер\n" " %(disable)-31s вимкнути брандмауер\n" " %(default)-31s встановити типову політику\n" " %(logging)-31s вказати рівень журналювання %(level)s\n" " %(allow)-31s додати allow %(rule)s\n" " %(deny)-31s додати deny %(rule)s\n" " %(reject)-31s додати reject %(rule)s\n" " %(limit)-31s додати limit %(rule)s\n" " %(delete)-31s вилучити %(urule)s\n" " %(insert)-31s вставити %(urule)s у позиції %(number)s\n" " %(reload)-31s перезавантажити брандмауер\n" " %(reset)-31s скинути брандмауер\n" " %(status)-31s показати статус брандмауера\n" " %(statusnum)-31s показати статус брандмауера як нумерований перелік " "%(rules)s\n" " %(statusverbose)-31s показати детальний стан брандмауера\n" " %(show)-31s показати звіт брандмауера\n" " %(version)-31s показати інформацію про версію\n" "\n" "%(appcommands)s:\n" " %(applist)-31s показати профілі додатку\n" " %(appinfo)-31s показати інформацію про %(profile)s\n" " %(appupdate)-31s оновити %(profile)s\n" " %(appdefault)-31s встановити типову політику додатку\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "так" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Брандмауер є активним і буде запускатися разом з системою" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Брандмауер зупинено і не буде запускатися з системою" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Не вдалося отримати стан прослуховування" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Додані правила користувача (див. 'ufw status' міжмережевого екрану):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Відсутній)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "Неправильна версія IP '%s'" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Неправильна позиція '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Підтримку IPv6 не увімкнено" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Правило змінено після нормалізації" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Не вдалося відновити правило '%s'" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Помилка при застосуванні правил програми." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Деякі правила не може бути скасовано." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Пробні правила скасовано успішно." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Не вдається знайти правило '%s'" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Не вдається знайти правило '%d'" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Вилучення:\n" " %(rule)s\n" "Продовжити (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Непідтримувана типова політика" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Брандмауер перезавантажено" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Брандмауер не увімкнено (перезавантаження пропущено)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Неправильна назва профілю" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Непідтримувана дія '%s'" #: src/frontend.py:700 msgid "Available applications:" msgstr "Доступні програми:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Не вдається знайти профіль '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Некоректний профіль" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Профіль: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Заголовок: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Опис: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Порти:" #: src/frontend.py:741 msgid "Port:" msgstr "Порт:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Пропущено перезавантаження брандмауера" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Неможна вказувати «all» разом з «--add-new»" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Невідоме правило '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Команда може розірвати ssh з'єднання що існують. Продовжити " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Відновлення усіх правил до типово встановлених. Продовжити (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Відновлення усіх правил до типово встановлених. Команда може розірвати ssh " "з'єднання що існують. Продовжити (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Не вдалося додати правило у позицію «%s»" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Неправильне розташування інтерфейсу" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Параметр 'log'' не дозволений тут" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Параметр 'log-all' не дозволений тут" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Поганий порт" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Портовий діапазон має бути числовим" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Неправильний порт для протоколу «%s»" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Неправильне число аргументів" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Необхідна умова «to» або «from»" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Неприпустимий синтаксис правила" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "Некоректний символ «%s»" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Неправильна умова «proto»" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Неправильна умова «%s»" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Неправильна умова «from»" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Неправильна умова «to»" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Потрібно вказати «from» або «to» для «%s»" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Неправильна умова «port»" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Вказано різні версії IP для «from» та «to»" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Не вдається знайти протокол" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Невідповідність протоколу (з/у)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Невідповідність протоколу з вказаним протоколом %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Неправильний синтаксис правила («%s» вказано з правилом для додатку)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Недійсна IPv6 адреса з протоколом '%s'" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Команда '%s' вже існує" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Неможливо знайти ідентифікатора процесу ( /proc змонтовано?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Незнайдено батьківського ід. процесу для '%s'" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Незнайдено '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Не вдається знайти виконуваний файл для '%s'" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Не вдається отримати статистику для '%s'" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Потрібнен принаймні python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Типово: %(in)s (вхідні), %(out)s (вихідні)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Використання: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s увімкне брандмауер\n" #~ " %(disable)-31s вимкне брандмауер\n" #~ " %(default)-31s введе типову політику\n" #~ " %(logging)-31s введе рівень журналювання %(level)s\n" #~ " %(allow)-31s додасть дозвіл %(rule)s\n" #~ " %(deny)-31s додасть відмову %(rule)s\n" #~ " %(reject)-31s додасть відкидання %(rule)s\n" #~ " %(limit)-31s додасть ліміт %(rule)s\n" #~ " %(delete)-31s вилучить %(urule)s\n" #~ " %(insert)-31s введе %(urule)s на %(number)s\n" #~ " %(reset)-31s відновить брандмауер\n" #~ " %(status)-31s показати стан брандмауера\n" #~ " %(statusnum)-31s показати стан брандмауера, як нумерований список " #~ "%(rules)s\n" #~ " %(statusverbose)-31s показати розширений стан брандмауера\n" #~ " %(show)-31s показати звіт брандмауера\n" #~ " %(version)-31s показати інформацію про версію\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s список профілів програми\n" #~ " %(appinfo)-31s показати інформацію %(profile)s\n" #~ " %(appupdate)-31s оновити %(profile)s\n" #~ " %(appdefault)-31s встановити типову політику для програми\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Неправильна команда '%s'" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' файл '%s' не існує" #~ msgid "Status: active" #~ msgstr "Стан: активний" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Типову політику змінено на '%s'\n" #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "Профіль '%s' має порожнє обов’язкове поле '%s'" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Пропуск '%s': значення задовге для '%s'" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Профіль '%s' відсутнє обов’язкове поле '%s'" #~ msgid "------" #~ msgstr "------" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #, python-format #~ msgid "Default: %s" #~ msgstr "Типово: %s" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Використання: " #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Команда може порушити існуючі з'єднання ssh." #~ msgid " Proceed with operation (%s|%s)? " #~ msgstr " Приступити до операції (%s|%s)? " ufw-0.36/locales/po/es.po0000644000175000017500000007411313257507473014231 0ustar jamiejamie# Spanish translation for ufw # Copyright (c) 2008 Rosetta Contributors and Canonical Ltd 2008 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2008. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-08-25 12:16+0000\n" "Last-Translator: Jose Luis Tirado \n" "Language-Team: Spanish \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Necesita al menos python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Interrumpido" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "No existe el directorio de perfiles" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Omitiendo «%s»: no se puede leer" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Omitiendo «%s»: demasiado grande" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Omitiendo «%s»: ya se han leído demasiados archivos" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Omitiendo «%s»: no se puede procesar" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Omitiendo «%s»: nombre demasiado largo" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Omitiendo «%s»: nombre incorrecto" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Omitiendo «%s»: está también en /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Omitiendo «%s»: campo demasiado largo" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Omitiendo «%(value)s»: valor demasiado largo para «%(field)s»" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Perfil «%s» duplicado; se usará el último encontrado" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "En el perfil «%(fn)s» falta el campo obligatorio «%(f)s»" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "El perfil «%(fn)s» tiene vacío el campo obligatorio «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "No se han encontrado puertos en el perfil «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Hay puertos incorrectos en el perfil «%s»" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Perfiles nuevos:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Política «%s» no permitida" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Politica para dirección «%s» no permitida" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "La política %(direction)s predeterminada cambió a «%(policy)s»\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(asegúrese de actualizar sus reglas consecuentemente)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Comprobando iptables en bruto\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Comprobando ip6tables en bruto\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Comprobar iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Comprobar ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema ejecutando" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Estado: inactivo" #: src/backend_iptables.py:432 msgid "To" msgstr "Hasta" #: src/backend_iptables.py:433 msgid "From" msgstr "Desde" #: src/backend_iptables.py:434 msgid "Action" msgstr "Acción" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Predeterminado: %(in)s (entrantes), %(out)s (salientes), %(routed)s " "(enrutados)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Estado: activo\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Estado: activo%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "ejecutando ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "error al ejecutar ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "No se pudo establecer LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "No se han podido cargar las reglas de registro" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "No se puede abrir «%s» para su lectura" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" "Omitiendo regla errónea (longitud errónea): %s. Verifique su cortafuegos" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Omitida tupla malformada (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Omitiendo línea erróna: %s. Verifique su cortafuegos" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "«%s» no se puede escribir" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Fallo al agregar la regla IPv6: IPv6 no habilitado" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Omitiendo regla IPv6 «%s» no soportada" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Omitiendo regla «%s» IPv4 no permitida" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Se debe especificar «tcp» o «udp» al indicar varios puertos" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Omitiendo las reglas de aplicación IPv6. Se necesita iptables 1.4 como mínimo" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Posición «%d» incorrecta" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "No se puede especificar insertar y borrar" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "No se pudo insertar la regla en la posición «%d»" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Saltando la inserción de regla ya existente" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "No se puede borrar una regla inexistente" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Omitiendo adición de regla ya existente" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "No se pudo actualizar el archivo de reglas" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Reglas actualizadas" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Reglas actualizadas (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regla insertada" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regla actualizada" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (se omite la recarga del cortafuegos)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regla eliminada" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regla agregada" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "No se pudo actualizar el cortafuegos activo" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "No se puede hacer «%s»" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "No se puede actualizar el archivo de reglas para el registro" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Nivel de registro «%s» incorrecto" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "No se pudo encontrar «%s». Cancelando." #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "«%s» ya existe. Cancelando." #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Respaldando «%(old)s» en «%(new)s»\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "No se pudo hacer stat «%s»" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "AVISO: «%s» tiene permiso de escritura para todo el mundo" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "AVISO: «%s» tiene permiso de lectura para todo el mundo" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "No se pudo determinar la versión de iptables" #: src/backend.py:143 msgid "problem running sysctl" msgstr "problema al ejecutar sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Verificación desactivada" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERROR: este guión no debería ser SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERROR: este guión no debería ser SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Debe ser root (administrador) para ejecutar este guión" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "«%s» no existe" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "El uid es %(uid)s pero «%(path)s» pertenece a %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "¡todo el mundo posee permiso de escritura sobre %s!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "¡El grupo posee permiso de escritura sobre %s!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "«%(f)s» el archivo «%(name)s» no existe" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Falta política para «%s»" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Política «%(policy)s» incorrecta para «%(chain)s»" #: src/backend.py:298 msgid "Invalid option" msgstr "Opción no valida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Directivas de aplicación predeterminadas cambiadas a «%s»" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "No se han encontrado reglas para el perfil de la aplicación" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Se han actualizado las reglas para el perfil «%s»" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "No se han podido actualizar las reglas de la aplicación" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Se encontraron varias coincidencias para «%s». Use un nombre de perfil exacto" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "No se pudo encontrar un perfil que coincida con «%s»" #: src/backend.py:575 msgid "Logging: " msgstr "Acceso: " #: src/backend.py:579 msgid "unknown" msgstr "desconocido" #: src/backend.py:606 msgid "Logging disabled" msgstr "Registro desactivado" #: src/backend.py:608 msgid "Logging enabled" msgstr "Registro activado" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Puerto erróneo «%s»" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocolo «%s» no permitido" #: src/common.py:280 msgid "Bad source address" msgstr "Dirección de orígen errónea" #: src/common.py:290 msgid "Bad destination address" msgstr "Dirección de destino errónea" #: src/common.py:298 msgid "Bad interface type" msgstr "Tipo de interfaz incorrecto" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Nombre de interfaz incorrecto: caracter reservado: «!»" #: src/common.py:306 msgid "Bad interface name" msgstr "Nombre de interfaz incorrecto" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Nombre de interfaz erróneo: no se puede usar alias de interfaz" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "La posición «%s» insertada no es una posición válida" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Tipo de registro «%s» incorrecto" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Dirección «%s» no permitida" #: src/common.py:350 msgid "Could not normalize source address" msgstr "No se pudo normalizar la dirección de origen" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "No se pudo normalizar la dirección de destino" #: src/common.py:425 msgid "Found exact match" msgstr "Se ha encontrado una coincidencia exacta" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Coincidencia encontrada non-action/non-logtype (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Uso: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s activa el cortafuegos\n" " %(disable)-31s desactiva el cortafuegos\n" " %(default)-31s establece política por defecto\n" " %(logging)-31s establece trazas a %(level)s\n" " %(allow)-31s añadir permitir %(rule)s\n" " %(deny)-31s añadir denegar %(rule)s\n" " %(reject)-31s añadir rechazar %(rule)s\n" " %(limit)-31s añadir límite %(rule)s\n" " %(delete)-31s borrar %(urule)s\n" " %(insert)-31s insertar %(urule)s en %(number)s\n" " %(reload)-31s recargar cortafuegos\n" " %(reset)-31s reiniciar cortafuegos\n" " %(status)-31s mostrar estado del cortafuegos\n" " %(statusnum)-31s mostrar estado del cortafuegos como una lista numerada de " "%(rules)s\n" " %(statusverbose)-31s mostrar estado ampliado del cortafuegos\n" " %(show)-31s mostrar informe del cortafuegos\n" " %(version)-31s mostrar información de la versión\n" "\n" "%(appcommands)s:\n" " %(applist)-31s mostrar perfiles de aplicación\n" " %(appinfo)-31s mostrar información sobre %(profile)s\n" " %(appupdate)-31s actualizar %(profile)s\n" " %(appdefault)-31s establecer política de aplicación por defecto\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "s" #: src/frontend.py:166 msgid "yes" msgstr "sí" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "El cortafuegos está activo y habilitado en el arranque del sistema" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" "El cortafuegos está detenido y deshabilitado en el arranque del sistema" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "No se pudo obtener el estado de escuchas" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Reglas añadidas del usuario (vea «ufw status» para ejecutar el cortafuegos):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Ninguno)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "La versión de IP «%s» no es válida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Posición ' incorrecta" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "El soporte para IPv6 no está activado" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Se cambió una regla tras la normalización" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "No se pudo revertir la regla «%s»" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Se produjo un error al aplicar las reglas de la aplicación." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Es posible que algunas reglas no se hayan podido revertir." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Las reglas se han podido revertir correctamente." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "No se pudo encontrar la regla «%s»" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "No se pudo encontrar la regla «%d»" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Borrando:\n" " %(rule)s\n" "¿Continuar con la operación (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Política predeterminada no permitida" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "El cortafuegos se ha recargado" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "El cortafuegos no está activado (omitiendo recarga)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "El nombre del perfil es incorrecto" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Acción «%s» no soportada" #: src/frontend.py:700 msgid "Available applications:" msgstr "Aplicaciones disponibles:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "No se pudo encontrar el perfil «%s»" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Perfil incorrecto" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Perfil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Título: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Descripción: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Puertos:" #: src/frontend.py:741 msgid "Port:" msgstr "Puerto:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Se omite la recarga del cortafuegos" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "No se puede especificar «all» con «--add-new»" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "La política «%s» es desconocida" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "El comando puede interrumpir las conexiones ssh existentes. ¿Continuar con " "la operación (%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Reiniciando todas las reglas a sus valores predeterminados instalados. " "¿Continuar con la operación (%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Reiniciando todas las reglas a sus valores predeterminados instalados. Esto " "puede interrumpir las conexiones ssh existentes. ¿Continuar con la operación " "(%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "No se pudo insertar la regla en la posición «%s»" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Cláusula de interfaz incorrecta" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Opción «log» no permitida aquí" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Opción «log-all» no permitida aquí" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Puerto erróneo" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Los rangos de puertos deben ser numéricos" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "Puerto incorrecto con el protocolo «%s»" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Número incorrecto de argumentos" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Se necesita la cláusula «to» o «from»" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Error de sintáxis en la regla" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "El token «%s» es incorrecto" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "La cláusula «proto» es incorrecta" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Cláusula «%s» no válida" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "La cláusula «from» es incorrecta" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "La cláusula «to» es incorrecta" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Se necesita usar «from» o «to» con «%s»" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "La cláusula «port» es incorrecta" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Las versiones IP de «from» y «to» están mezcladas" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "No se pudo encontrar el protocolo" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Discordancia en el uso de los argumentos (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "El protocolo no concuerda con el especificado («%s»)" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "Sintaxis inapropiada para la regla (se especificó «%s» con una regla de " "aplicación)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Dirección IPv6 incorrecta con el protocolo «%s»" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Clausula de interfaz no válida para regla de enrutado" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "La orden «%s» ya existe" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "No se ha podido encontrar el PID (¿está montado /proc?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "No se ha podido encontrar el PID del padre de «%s»" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "No se pudo encontrar «%s»" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "No se pudo encontrar el ejecutable para «%s»" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "No se pudieron obtener estadísticas de «%s»" #~ msgid "No match" #~ msgstr "Ninguna coincidencia" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "El UID es %s pero '%s' pertenece a %s" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' archivo '%s' no existe" #~ msgid "------" #~ msgstr "------" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "La política predeterminada se cambió a '%s'\n" #~ msgid ": Need at least python 2.5)\n" #~ msgstr "(Se necesita como mínimo Python 2.5)\n" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Ejemplo de uso: " #, python-format #~ msgid "Default: %s" #~ msgstr "Predeterminado: %s" #~ msgid "Status: active" #~ msgstr "Estado: activo" #~ msgid "" #~ " COMMAND\n" #~ "\n" #~ "Commands:\n" #~ " enable\t\t\t\tenables the firewall\n" #~ " disable\t\t\tdisables the firewall\n" #~ " default ARG\t\t\tset default policy to ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tset logging to OFF, ON or LEVEL\n" #~ " allow|deny|reject ARG\t\tadd allow, deny or reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgstr "" #~ " ORDEN\n" #~ "\n" #~ "Órdenes:\n" #~ "enable\t\t\t\thabilitar el cortafuegos\n" #~ "disable\t\t\tdesactivar el cortafuegos\n" #~ "default ARG\t\t\testablecer política por defecto ALLOW, DENY o REJECT\n" #~ "logging ARG\t\t\testablecer acceso a OFF, ON o LEVEL\n" #~ "allow|deny|reject ARG\t\tañadir REGLA allow, deny o reject\n" #~ "delete RULE\t\t \teliminar la REGLA\n" #~ "insert NUM RULE\t \tinsertar REGLA en NUM\n" #~ "status \t\t\tmostrar estatus del cortafuegos\n" #~ "status numbered\t\tmostrar el estado de seguridad como lista numerada de las " #~ "normas\n" #~ "show ARG\t\t\tmostrar reporte del cortafuegos\n" #~ "version\t\t\tmostrar información de la versión\n" #~ "\n" #~ "Perfil de comandos de aplicación:\n" #~ "app list\t\t\tlista de perfil de aplicación\n" #~ "app info PROFILE\t\tmuestra información del perfil\n" #~ "app update PROFILE\t\tactualiza PERFIL\n" #~ "app default ARG\t\tcoloca política del perfil a ALLOW, DENY, REJECT o\n" #~ "\t\t\t\tOMITIR\n" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Ese comando puede afectar a las conexiones SSH en curso." #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Por defecto: %(in)s (Entrada), %(out)s (Salida)" #, python-format #~ msgid "" #~ "\n" #~ "Usage: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s enables the firewall\n" #~ " %(disable)-31s disables the firewall\n" #~ " %(default)-31s set default policy\n" #~ " %(logging)-31s set logging to %(level)s\n" #~ " %(allow)-31s add allow %(rule)s\n" #~ " %(deny)-31s add deny %(rule)s\n" #~ " %(reject)-31s add reject %(rule)s\n" #~ " %(limit)-31s add limit %(rule)s\n" #~ " %(delete)-31s delete %(urule)s\n" #~ " %(insert)-31s insert %(urule)s at %(number)s\n" #~ " %(reset)-31s reset firewall\n" #~ " %(status)-31s show firewall status\n" #~ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" #~ " %(statusverbose)-31s show verbose firewall status\n" #~ " %(show)-31s show firewall report\n" #~ " %(version)-31s display version information\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s list application profiles\n" #~ " %(appinfo)-31s show information on %(profile)s\n" #~ " %(appupdate)-31s update %(profile)s\n" #~ " %(appdefault)-31s set default application policy\n" #~ msgstr "" #~ "\n" #~ "Uso: %(progname)s %(command)s\n" #~ "\n" #~ "%(commands)s:\n" #~ " %(enable)-31s activa el cortafuegos\n" #~ " %(disable)-31s desactiva el cortafuegos\n" #~ " %(default)-31s establece la política predeterminada\n" #~ " %(logging)-31s establece el acceso a %(level)s\n" #~ " %(allow)-31s añade %(rule)s de permiso\n" #~ " %(deny)-31s añade %(rule)s denegación\n" #~ " %(reject)-31s añade %(rule)s de rechazo\n" #~ " %(limit)-31s añade %(rule)s de límite\n" #~ " %(delete)-31s borra %(urule)s\n" #~ " %(insert)-31s inserta %(urule)s en %(number)s\n" #~ " %(reset)-31s restablece el cortafuegos\n" #~ " %(status)-31s muestra el estado del cortafuegos\n" #~ " %(statusnum)-31s muestra el estado del cortafuegos como una lista numerada " #~ "de %(rules)s\n" #~ " %(statusverbose)-31s muestra el estado del cortafuegos de manera detallada\n" #~ " %(show)-31s muestra un informe del cortafuegos\n" #~ " %(version)-31s muestra información de la versión\n" #~ "\n" #~ "%(appcommands)s:\n" #~ " %(applist)-31s lista perfiles de aplicación\n" #~ " %(appinfo)-31s muestra información de %(profile)s\n" #~ " %(appupdate)-31s actualiza %(profile)s\n" #~ " %(appdefault)-31s establece la política determinada de aplicación\n" #, python-format #~ msgid "Invalid command '%s'" #~ msgstr "Orden inválida «%s»" ufw-0.36/locales/po/ce.po0000644000175000017500000004124713257507473014213 0ustar jamiejamie# Chechen translation for ufw # Copyright (c) 2014 Rosetta Contributors and Canonical Ltd 2014 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2014. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-08-13 07:15+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Chechen \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/ast.po0000644000175000017500000005543513257507473014417 0ustar jamiejamie# Asturian translation for ufw # Copyright (c) 2010 Rosetta Contributors and Canonical Ltd 2010 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2010. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2010-04-08 14:07+0000\n" "Last-Translator: costales \n" "Language-Team: Asturian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Albortáu" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Nun esiste'l direutoriu de perfiles" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Saltando «%s»: nun puede llese" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Saltando «%s»: enforma grande" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Saltando «%s»: yá se lleeron abondos ficheros" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Saltando «%s»: nun puede procesase" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Saltando «%s»: nome enforma llargu" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Saltando «%s»: nome incorreutu" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Saltando «%s»: ta tamién en /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Saltando «%s»: campu enforma llargu" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Saltando '%(value)s': valor enforma llargu pa '%(field)s'" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Perfil «%s» duplicáu; usaráse l'últimu alcontráu" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Nel perfil «%(fn)s» falta'l campu obligatoriu '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "El perfil «%(fn)s» tienn ermu'l campu obligatoriu «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Nun s'alcontraron puertos nel perfil «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Hai puertos incorreutos nel perfil «%s»" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Perfiles nuevos:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Política «%s» non sofitada" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Politica pa direición '%s' non sofitada" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "La política %(direction)s predeterminada camudó a '%(policy)s'\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(asegúrate d'anovar les regles consecuentemente)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Comprobando iptables en bruto\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Comprobando ip6tables en bruto\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Verificando les regles d'iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Verificando les regles d'ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "problema executando" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Estáu: inactivu" #: src/backend_iptables.py:432 msgid "To" msgstr "A" #: src/backend_iptables.py:433 msgid "From" msgstr "Dende" #: src/backend_iptables.py:434 msgid "Action" msgstr "Aición" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Estáu: activu\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Estáu: activu%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "executando ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Nun pudo afitase LOGLEVEL" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Nun pudieron cargase les regles de rexistru" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Nun puede abrise «%s» pa llectura" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" "Saltando regla errónea (llonxitú errónea): %s. Verifica'l to tornafueos" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Saltando llínia erróna: %s. Verifica'l to tornafueos" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Fallu al amestar la regla IPv6: IPv6 nun activao" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Saltando regla IPv6 «%s» non sofitada" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "Tien d'especificase «tcp» o «udp» con varios puertos" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Saltando les regles d'aplicación IPv6. Necesitase iptables 1.4 como mínimo" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Posición «%d» incorreuta" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Nun puede especificase inxertar y desaniciar" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Nun pudo inxertase la regla na posición «%d»" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Saltando l'inxertáu de regla ya existente" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Nun puede desaniciase una regla inesistente" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Saltando l'añader d'una regla ya existente" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Nun pudo anovase'l ficheru de regles" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regles anovaes" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regles anovaes (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regla inxertada" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regla anovada" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (saltando la recarga del tornafueos)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regla desaniciada" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regla amestada" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "El tortafueos NON foi anováu" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Nun puedes facer «%s»" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "Nivel de rexistru «%s» incorreutu" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Nun se pudo facer stat «%s»" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Verificación desactivada" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "ERROR: esti guión nun tendría de ser SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "ERROR: esti guión nun tendría de ser SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Necesita permisos d'alministrador pa executar esti guión" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "«%s» nun esiste" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "l'uid ye %(uid)s pero «%(path)s» pertenez a %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "¡%s tien concedíos permisos d'escritura pa tol mundu!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "¡El grupu tien drechu d'escritura en %s!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "'%(f)s' el ficheru '%(name)s' nun esiste" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Falta política pa '%s'" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "Política «%(policy)s» incorreuta pa «%(chain)s»" #: src/backend.py:298 msgid "Invalid option" msgstr "Opción inválida" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Directives d'aplicación predeterminaes camudaes a «%s»" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Nun s'alcontraron regles pal perfil de l'aplicación" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Anovaronse les regles pal perfil «%s»" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Nun pudieron anovase les regles de la aplicación" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" "Alcontraronse varies coincidencise pa «%s». Usa un nome de perfil esautu" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Nun pudo alcontrase un perfil que concase con «%s»" #: src/backend.py:575 msgid "Logging: " msgstr "Accesu: " #: src/backend.py:579 msgid "unknown" msgstr "desconocíu" #: src/backend.py:606 msgid "Logging disabled" msgstr "Rexistru desactiváu" #: src/backend.py:608 msgid "Logging enabled" msgstr "Registru activáu" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Puertu incorreutu «%s»" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protocolu «%s» nun sofitáu" #: src/common.py:280 msgid "Bad source address" msgstr "Direición de oríxe errónea" #: src/common.py:290 msgid "Bad destination address" msgstr "Direición de destín errónea" #: src/common.py:298 msgid "Bad interface type" msgstr "Triba d'interface incorreuta" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "Nome d'interface incorreutu" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Nome d'interface erróneu: nun puede usase un nomatu d'interface" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "La posición «%s» inxertada nun ye una posición válida" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "Triba de rexistru «%s» incorreuta" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "Direición '%s' non sofitada" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Nun pudo normalizase la direición d'orixe" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Nun pudo normalizase la direición de destín" #: src/common.py:425 msgid "Found exact match" msgstr "Alcontrada una coincidencia esauta" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Coincidencia alcontrada non-action/non-logtype (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "y" #: src/frontend.py:166 msgid "yes" msgstr "sí" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "El tornafueos ta activo y activáu nel arranque del sistema" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "El tornafueos ta paráu y desactiváu nel arranque del sistema" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "La versión d'IP «%s» nun ye válida" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Posición ' incorreuta" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "El sofitu pa IPv6 nun ta activao" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Camudóse una regla tres la normalización" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Nun pudo revertise la regla «%s»" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Hebo un fallu al aplicar les regles de l'aplicación." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Ye posible que dalgunes regles nun s'heban revertío." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Les regles pudieron revertise." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Política predeterminada non sofitada" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "El tornafueos reaniciose" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "El tornafueos nun ta activáu (nun puede recargase)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "El nome del perfil ye incorreutu" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Aición «%s» non sofitada" #: src/frontend.py:700 msgid "Available applications:" msgstr "Aplicaciones disponibles:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Nun pudo alcontrase'l perfil «%s»" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Perfil incorreutu" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Perfil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Títulu: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Descripción: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Puertos:" #: src/frontend.py:741 msgid "Port:" msgstr "Puertu:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Saltase la recarga del tornafueos" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Nun puede especificase «all» con «--add-new»" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "La política «%s» ye desconocida" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Nun pudo inxertase la regla na posición «%s»" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Cláusula d'interface incorreuta" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Opción «log» non permitida equí" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Opción 'log-all' non permitida equí" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Puertu erróneu" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Los rangos de puertos deben ser numbéricos" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Númberu incorreutu d'argumentos" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Necesitase la cláusula «to» o «from»" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Fallu de sintáxis na regla" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "El token «%s» ye incorreutu" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "La cláusula «proto» ye incorreuta" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Cláusula '%s' non válida" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "La cláusula «from» ye incorreuta" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "La cláusula «to» ye incorreuta" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Necesitase usar «from» o «to» con «%s»" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "La cláusula «port» ye incorreuta" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Les versiones IP de «from» y «to» tan amestaes" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Nun pudo alcontrase'l protocolu" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Nun concasa l'usu del protocolu (from/to)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "El protocolu nun concasa col especificáu («%s»)" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" "Sintaxis inapropiada pa la regla (especificóse «%s» con una regla " "d'aplicación)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Nun alcontráu'l PID (¿ta montáu /proc?)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Nun alcontráu'l PID del padre de «%s»" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Nun alcontráu «%s»" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Nun alcontráu l'executable pa «%s»" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "Skipping '%s': value too long for '%s'" #~ msgstr "Saltando «%s»: valor enforma llargu pa «%s»" #~ msgid "Profile '%s' missing required field '%s'" #~ msgstr "Al perfil «%s» fálta-y el campu necesariu «%s»" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' ficheru '%s' nun esiste" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "El UID ye %s pero «%s» pertenez a %s" #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Necesitase como mínimo Python 2.5)\n" #, python-format #~ msgid "Default: %(in)s (incoming), %(out)s (outgoing)" #~ msgstr "Por defeuto: %(in)s (Entrada), %(out)s (Salida)" #~ msgid "No match" #~ msgstr "Nun concasa" #~ msgid "Command may disrupt existing ssh connections." #~ msgstr "Esa orden puede afectar a les conexones SSH en cursu." #~ msgid "Profile '%s' has empty required field '%s'" #~ msgstr "El perfil «%s» tien baleru el campu necesariu «%s»" ufw-0.36/locales/po/se.po0000644000175000017500000004126313257507473014231 0ustar jamiejamie# Northern Sami translation for ufw # Copyright (c) 2012 Rosetta Contributors and Canonical Ltd 2012 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2012. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2012-08-15 22:05+0000\n" "Last-Translator: FULL NAME \n" "Language-Team: Northern Sami \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr "" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "" #: src/backend.py:608 msgid "Logging enabled" msgstr "" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "" #: src/common.py:280 msgid "Bad source address" msgstr "" #: src/common.py:290 msgid "Bad destination address" msgstr "" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/et.po0000644000175000017500000004455213257507473014236 0ustar jamiejamie# Estonian translation for ufw # Copyright (c) 2014 Rosetta Contributors and Canonical Ltd 2014 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2014. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2014-11-09 04:28+0000\n" "Last-Translator: Marko Silluste \n" "Language-Team: Estonian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Vajab vähemalt python 2.6)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Tühistatud" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profiili asukohta ei eksisteeri" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Jäetud vahele '%s': liiga suur" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profiilil '%(fn)s' puuduvad vajalikud väljad '%(f)s'" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profiilil '%(fn)s' on tühjad vajalikud väljad '%(f)s'" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Profiilis '%s' porte ei leitud" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Vigased pordid profiilil '%s'" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Uued profiilid:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Toetamata poliis '%s'" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "iptables'i kontrollimine\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "probleem töötamisel" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Staatus: väljas" #: src/backend_iptables.py:432 msgid "To" msgstr "" #: src/backend_iptables.py:433 msgid "From" msgstr "" #: src/backend_iptables.py:434 msgid "Action" msgstr "Tegevus" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Staatus: aktiivne\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Staatus: aktiivne%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "probleem ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Ei suuda laadida logi reegleid" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Ei saa avada '%s' lugemiseks" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "'%s' ei ole kirjutatav" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "Vigane positsioon '%d'" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Ei saa sisestada reegleid positsioonile '%d'" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Ei saa uuendada reeglite faili" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Reeglid on uuendatud" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Reeglid on uuendatud (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Reegel on lisatud" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Reegel uuendatud" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Reegel on kustutatud" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Reegel lisatud" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Ei saa uuendada töös olevat tulemüüri" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Ei suuda leida '%s'. Tühistamine" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "'%s' on juba olemas. Tühistamine" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "" #: src/backend.py:143 msgid "problem running sysctl" msgstr "" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroll väljas" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Sa pead olema juure õigustes, et jooksutada seda skripti" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "'%s' ei eksisteeri" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s ei ole kirjutatav!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Vigane valik" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Reeglid on uuendatud proffili '%s' jaoks" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Ei saa uuendada reeglite faili" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "Logid: " #: src/backend.py:579 msgid "unknown" msgstr "tundmatu" #: src/backend.py:606 msgid "Logging disabled" msgstr "Logimine väljas" #: src/backend.py:608 msgid "Logging enabled" msgstr "Logimine sees" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Halb port '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Toetamata protokoll '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Halb lähteaadress" #: src/common.py:290 msgid "Bad destination address" msgstr "Halb sihtkoha aadress" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "Leiti täpne sobivus" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "jah" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Tulemüür on aktiivne ja sisselülitatud süsteemis käivitamiseks" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "Tulemüür on peatatud ja välja lülitatud süsteemis käivitamiseks" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Lisatud kasutaja reegeid (vaata 'ufw status' tulemüüril):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Mitte)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "" #: src/frontend.py:429 msgid "Invalid position '" msgstr "Vigane positsioon '" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Tulemüür on uuendatud" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "Saadaval olevad rakendused:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Ei suuda leida '%s'" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Vigane profiil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profiil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Tiitel: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Kirjeldus: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Pordid:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "Tundmatu poliis '%s'" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Ei saa sisestada reegleid positsioonile '%s'" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Halb port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Vigane argumentide arv" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Ei suuda leida protokolli" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Ei leia '%s'" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" ufw-0.36/locales/po/hu.po0000644000175000017500000005145613257507473014243 0ustar jamiejamie# Hungarian translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:19+0000\n" "Last-Translator: Hrotkó Gábor \n" "Language-Team: Hungarian \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": Python 2.6 vagy későbbi verzió szükséges)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "" #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "" #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "" #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "" #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "" #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "" #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "" #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "" #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "A(z) '%s' biztonsági beállítás nem támogatott" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "" "(győződjön meg arról, hogy az alkalmazásszabályai megfelelően rögzítésre " "kerültek-e)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Iptables ellenőrzése\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Ip6tables ellenőrzése\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "Probléma futás közben" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "" #: src/backend_iptables.py:432 msgid "To" msgstr "Címzett" #: src/backend_iptables.py:433 msgid "From" msgstr "Feladó" #: src/backend_iptables.py:434 msgid "Action" msgstr "Művelet" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "" "Alapértelmezett: %(in)s (bejövő), %(out)s (kimenő), %(routed)s (route-olt)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "hiba történt az ufw-init futtatásakor\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "A(z) '%s' fájl nem nyitható meg olvasásra" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "A következő kihagyása: '%s' (érvénytelen hossz)" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Rosszul formázott tuple (iface) kihagyása: %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "A következő kihagyása:' %s'" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "IPv6 szabály hozzáadása nem sikerült: az IPv6 nincs engedélyezve" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Nem támogatott '%s' IPv6 szabály kihagyása" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Nem támogatott IPv4 szabály („%s”) kihagyása" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "A szabályokat tartalmazó fájl nem frissíthető" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Szabályok frissítve" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Szabályok frissítve (v6)" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Szabály frissítve" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr "" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Szabály törölve" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Szabály hozzáadva" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "A futó tűzfal nem frissíthető" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Nem található a(z) '%s'" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Nem sikerült meghatározni az iptables verzióját" #: src/backend.py:143 msgid "problem running sysctl" msgstr "Probléma a sysctl futtatásako" #: src/backend.py:182 msgid "Checks disabled" msgstr "Ellenőrzések kikapcsolva" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "HIBA: ehhez a parancsfájlhoz nem állítható SUID jelző" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "HIBA: ehhez a parancsfájlhoz nem állítható SGID jelző" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "A parancsfájl futtatásához rendszergazdai jogosultságok szükségesek" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "A(z) '%s' mindenki által írható!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "A(z) '%s' a csoport által írható!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "" #: src/backend.py:298 msgid "Invalid option" msgstr "Helytelen opció" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "" #: src/backend.py:575 msgid "Logging: " msgstr "" #: src/backend.py:579 msgid "unknown" msgstr "" #: src/backend.py:606 msgid "Logging disabled" msgstr "Naplózás kikapcsolva" #: src/backend.py:608 msgid "Logging enabled" msgstr "Naplózás bekapcsolva" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "Rossz port: '%s'" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Nem támogatott protokol: '%s'" #: src/common.py:280 msgid "Bad source address" msgstr "Rossz forrás cím" #: src/common.py:290 msgid "Bad destination address" msgstr "Rossz cél cím" #: src/common.py:298 msgid "Bad interface type" msgstr "" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Hibás csatolónév: fenntartott karakter: „!”" #: src/common.py:306 msgid "Bad interface name" msgstr "" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "" #: src/common.py:350 msgid "Could not normalize source address" msgstr "" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "" #: src/common.py:425 msgid "Found exact match" msgstr "Pontosan illeszkedő találat van" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Használat: %(progname)s %(command)s\n" "%(commands)s:\n" "\n" " %(enable)-31s engedélyezi a tűzfalat\n" " %(disable)-31s letiltja a tűzfalat\n" " %(default)-31s beállítja az alapértelmezett szabályokat\n" " %(logging)-31s %(level)s értékre állítja a naplózást\n" " %(allow)-31s engedélyezi a(z) %(rule)s szabályt\n" " %(deny)-31s letiltja a(z) %(rule)s szabályt\n" " %(reject)-31s visszautasítja a(z) %(rule)s szabályt\n" " %(limit)-31s korlátozza a(z) %(rule)s szabályt\n" " %(delete)-31s törli a(z) %(urule)s szabályt\n" " %(insert)-31s %(urule)s szabály hozzáfűzése %(number)s számmal\n" " %(reload)-31s újratölti a tűzfalat\n" " %(reset)-31s újraindítja a tűzfalat\n" " %(status)-31s kiírja a tűzfal állapotát\n" " %(statusnum)-31s kiírja a tűzfal állapotát számozott listaként a(z) " "%(rules)s szabályokról\n" " %(statusverbose)-31s kiírja a tűzfal állapotát bővebben\n" " %(show)-31s kiírja a tűzfal jelentését\n" " %(version)-31s kiírja a verziószámot\n" "\n" "%(appcommands)s:\n" " %(applist)-31s alkalmazásprofilok listája\n" " %(appinfo)-31s kiírja a(z) %(profile)s adatait\n" " %(appupdate)-31s frissíti a(z) %(profile)s profilt\n" " %(appdefault)-31s beállítja az alapértelmezett alkalmazásszabályokat\n" #: src/frontend.py:164 msgid "n" msgstr "" #: src/frontend.py:165 msgid "y" msgstr "" #: src/frontend.py:166 msgid "yes" msgstr "" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" "A tűzfalat leállította és elindulását letiltotta a rendszer elindulásakor" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "" "Felhasználói szabályok hozzáadva (a futó tűzfalhoz lásd: „ufw status”):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Nincs)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "A(z) '%s' érvénytelen IP változat" #: src/frontend.py:429 msgid "Invalid position '" msgstr "" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "Az IPv6 támogatás nem engedélyezett" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr "" #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr "" #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "" #: src/frontend.py:700 msgid "Available applications:" msgstr "" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "" #: src/frontend.py:726 msgid "Invalid profile" msgstr "" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" #: src/frontend.py:739 msgid "Ports:" msgstr "" #: src/frontend.py:741 msgid "Port:" msgstr "" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Rossz port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Hibás számú argumentumok" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "Szükség van a 'honnan' vagy 'hová' szavakra" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Nem megfelelő szabály szintaktika" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Érvénytelen 'protokol' kifejezés" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "Érvénytelen 'honnan' kifejezés" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Érvénytelen 'hová' kifejezés" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Érvénytelen 'port' kifejezés" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Kevert Ip változatok a 'honnan' és 'hová' értékekhez" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Nincs egyezés a protokolnál (honnan/hová)" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "A protokol nem egyezik a megadott '%s' protokollal" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Érvénytelen interface utasítás a route szabályhoz" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "a felhasználó azonosító %s, de '%s' %s tulajdona" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "A(z) '%s' '%s' fájl nem létezik" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Az alapértelmezett szabály megváltozott erre: '%s'\n" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "No match" #~ msgstr "Nincs találat" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Használat: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Legalább python 2.5 szükséges)\n" ufw-0.36/locales/po/nb.po0000644000175000017500000006544613257507473014232 0ustar jamiejamie# Norwegian Bokmal translation for ufw # Copyright (c) 2009 Rosetta Contributors and Canonical Ltd 2009 # This file is distributed under the same license as the ufw package. # FIRST AUTHOR , 2009. # msgid "" msgstr "" "Project-Id-Version: ufw\n" "Report-Msgid-Bugs-To: FULL NAME \n" "POT-Creation-Date: 2014-02-20 14:16-0600\n" "PO-Revision-Date: 2009-08-26 19:23+0000\n" "Last-Translator: Jamie Strandboge \n" "Language-Team: Norwegian Bokmal \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "X-Launchpad-Export-Date: 2015-01-26 20:08+0000\n" "X-Generator: Launchpad (build 17306)\n" #: src/ufw:56 msgid ": Need at least python 2.6)\n" msgstr ": dette krever python 2.6 eller nyere)\n" #: src/ufw:109 src/frontend.py:596 src/frontend.py:898 msgid "Aborted" msgstr "Avbrutt" #: src/applications.py:36 msgid "Profiles directory does not exist" msgstr "Profilmappe finnes ikke" #: src/applications.py:68 #, python-format msgid "Skipping '%s': couldn't stat" msgstr "Hopper over «%s». Klarte ikke å samle inn informasjon." #: src/applications.py:73 #, python-format msgid "Skipping '%s': too big" msgstr "Hopper over «%s». Fila er for stor." #: src/applications.py:78 #, python-format msgid "Skipping '%s': too many files read already" msgstr "Hopper over «%s». Programmet leser allerede for mange filer." #: src/applications.py:92 #, python-format msgid "Skipping '%s': couldn't process" msgstr "Hopper over «%s». Behandling mislyktes." #: src/applications.py:99 #, python-format msgid "Skipping '%s': name too long" msgstr "Hopper over «%s». Navnet er for langt." #: src/applications.py:104 #, python-format msgid "Skipping '%s': invalid name" msgstr "Hopper over «%s». Ugyldig navn." #: src/applications.py:110 #, python-format msgid "Skipping '%s': also in /etc/services" msgstr "Hopper over «%s». Dette finnes også i /etc/services" #: src/applications.py:119 #, python-format msgid "Skipping '%s': field too long" msgstr "Hopper over «%s». Feltet er for langt." #: src/applications.py:124 #, python-format msgid "Skipping '%(value)s': value too long for '%(field)s'" msgstr "Hopper over «%(value)s». Verdien er for lang for «%(field)s»" #: src/applications.py:134 #, python-format msgid "Duplicate profile '%s', using last found" msgstr "Profilen «%s» er en duplikat. Bruker profilen som ble funnet sist." #: src/applications.py:171 #, python-format msgid "Profile '%(fn)s' missing required field '%(f)s'" msgstr "Profil «%(fn)s» mangler obligatorisk felt «%(f)s»" #: src/applications.py:176 #, python-format msgid "Profile '%(fn)s' has empty required field '%(f)s'" msgstr "Profil «%(fn)s» har tomt obligatorisk felt «%(f)s»" #: src/applications.py:182 #, python-format msgid "No ports found in profile '%s'" msgstr "Fant ingen porter i profilen «%s»" #: src/applications.py:195 #, python-format msgid "Invalid ports in profile '%s'" msgstr "Ugyldige porter i profilen «%s»" #: src/backend_iptables.py:77 msgid "New profiles:" msgstr "Nye profiler:" #: src/backend_iptables.py:93 src/backend.py:351 #, python-format msgid "Unsupported policy '%s'" msgstr "Regelsettet «%s» støttes ikke" #: src/backend_iptables.py:98 #, python-format msgid "Unsupported policy for direction '%s'" msgstr "Regelsett for retning «%s» støttes ikke" #: src/backend_iptables.py:158 #, python-format msgid "Default %(direction)s policy changed to '%(policy)s'\n" msgstr "Standard regler for %(direction)s er endret til «%(policy)s»\n" #: src/backend_iptables.py:160 msgid "(be sure to update your rules accordingly)" msgstr "(pass på å oppdatere alle regler deretter)" #: src/backend_iptables.py:167 msgid "Checking raw iptables\n" msgstr "Kontrollerer iptables\n" #: src/backend_iptables.py:168 msgid "Checking raw ip6tables\n" msgstr "Kontrollerer ip6tables\n" #: src/backend_iptables.py:261 msgid "Checking iptables\n" msgstr "Kontrollerer iptables\n" #: src/backend_iptables.py:263 msgid "Checking ip6tables\n" msgstr "Kontrollerer ip6tables\n" #: src/backend_iptables.py:266 src/backend_iptables.py:541 msgid "problem running" msgstr "det oppstod et problem under kjøring" #: src/backend_iptables.py:272 msgid "Status: inactive" msgstr "Status: inaktiv" #: src/backend_iptables.py:432 msgid "To" msgstr "Til" #: src/backend_iptables.py:433 msgid "From" msgstr "Fra" #: src/backend_iptables.py:434 msgid "Action" msgstr "Handling" #: src/backend_iptables.py:450 src/backend_iptables.py:454 msgid "\n" msgstr "\n" #: src/backend_iptables.py:462 #, python-format msgid "Default: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)" msgstr "Standard: %(in)s (inngående), %(out)s (utgående), %(routed)s (rutet)" #: src/backend_iptables.py:470 #, python-format msgid "" "Status: active\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" msgstr "" "Status: aktiv\n" "%(log)s\n" "%(pol)s\n" "%(app)s%(status)s" #: src/backend_iptables.py:474 #, python-format msgid "Status: active%s" msgstr "Status: aktiv%s" #: src/backend_iptables.py:479 src/backend_iptables.py:489 msgid "running ufw-init" msgstr "kjører ufw-init" #: src/backend_iptables.py:483 src/backend_iptables.py:493 #, python-format msgid "" "problem running ufw-init\n" "%s" msgstr "" "det oppstod et problem under kjøring av ufw-init\n" "%s" #: src/backend_iptables.py:502 msgid "Could not set LOGLEVEL" msgstr "Klarte ikke å velge terskel for loggføring (LOGLEVEL)" #: src/backend_iptables.py:508 msgid "Could not load logging rules" msgstr "Klarte ikke å laste inn loggføringsregler" #: src/backend_iptables.py:663 src/backend.py:273 #, python-format msgid "Couldn't open '%s' for reading" msgstr "Klarte ikke å åpne «%s» for lesing" #: src/backend_iptables.py:674 #, python-format msgid "Skipping malformed tuple (bad length): %s" msgstr "Hopper over feilformatert tuppel (feil lengde): %s" #: src/backend_iptables.py:685 #, python-format msgid "Skipping malformed tuple (iface): %s" msgstr "Hopper over feilformatert tuppel (iface): %s" #: src/backend_iptables.py:731 #, python-format msgid "Skipping malformed tuple: %s" msgstr "Hopper over feilformatert tuppel: %s" #: src/backend_iptables.py:753 src/backend.py:304 #, python-format msgid "'%s' is not writable" msgstr "«%s» kan ikke overskrives" #: src/backend_iptables.py:925 msgid "Adding IPv6 rule failed: IPv6 not enabled" msgstr "Registrering av IPv6-regel mislyktes. IPv6 er ikke i bruk" #: src/backend_iptables.py:929 #, python-format msgid "Skipping unsupported IPv6 '%s' rule" msgstr "Hopper over ustøttet IPv6-regel «%s»" #: src/backend_iptables.py:933 #, python-format msgid "Skipping unsupported IPv4 '%s' rule" msgstr "Hopper over ustøttet IPv4-regel «%s»" #: src/backend_iptables.py:936 msgid "Must specify 'tcp' or 'udp' with multiple ports" msgstr "" "Du må velge «tcp» eller «udp» når regler skal gjelde et spenn av flere porter" #: src/backend_iptables.py:948 msgid "Skipping IPv6 application rule. Need at least iptables 1.4" msgstr "" "Hopper over IPv6-regel. Du må ha iptables versjon 1.4 eller nyere for at " "dette skal fungere" #: src/backend_iptables.py:953 #, python-format msgid "Invalid position '%d'" msgstr "«%d» er en ugyldig posisjon" #: src/backend_iptables.py:957 msgid "Cannot specify insert and delete" msgstr "Du kan ikke sette inn og slette en regel samtidig" #: src/backend_iptables.py:960 #, python-format msgid "Cannot insert rule at position '%d'" msgstr "Klarte ikke å sette inn regel i posisjon «%d»" #: src/backend_iptables.py:1018 msgid "Skipping inserting existing rule" msgstr "Lar være å sette inn regel som finnes allerede" #: src/backend_iptables.py:1029 src/frontend.py:403 msgid "Could not delete non-existent rule" msgstr "Regelen finnes ikke, og kan derfor ikke slettes" #: src/backend_iptables.py:1034 msgid "Skipping adding existing rule" msgstr "Lar være å legge til regel som finnes allerede" #: src/backend_iptables.py:1050 msgid "Couldn't update rules file" msgstr "Klarte ikke å oppdatere regelfil" #: src/backend_iptables.py:1055 msgid "Rules updated" msgstr "Regler er oppdatert" #: src/backend_iptables.py:1057 msgid "Rules updated (v6)" msgstr "Regler (IPv6) er oppdatert" #: src/backend_iptables.py:1065 msgid "Rule inserted" msgstr "Regel satt inn" #: src/backend_iptables.py:1067 msgid "Rule updated" msgstr "Regel oppdatert" #: src/backend_iptables.py:1077 msgid " (skipped reloading firewall)" msgstr " (lot være å laste inn brannmur på nytt)" #: src/backend_iptables.py:1080 msgid "Rule deleted" msgstr "Regel slettet" #: src/backend_iptables.py:1083 msgid "Rule added" msgstr "Regel lagt til" #: src/backend_iptables.py:1100 src/backend_iptables.py:1191 msgid "Could not update running firewall" msgstr "Klarte ikke å oppdatere kjørende brannmur" #: src/backend_iptables.py:1155 #, python-format msgid "Could not perform '%s'" msgstr "Klarte ikke å utføre «%s»" #: src/backend_iptables.py:1182 msgid "Couldn't update rules file for logging" msgstr "Klarte ikke å oppdatere regelfil for loggføring" #: src/backend_iptables.py:1240 src/backend.py:591 #, python-format msgid "Invalid log level '%s'" msgstr "«%s» er et ugyldig loggføringsnivå" #: src/backend_iptables.py:1337 #, python-format msgid "Could not find '%s'. Aborting" msgstr "Fant ikke «%s». Avbryter" #: src/backend_iptables.py:1349 #, python-format msgid "'%s' already exists. Aborting" msgstr "«%s» finnes allerede. Avbryter" #: src/backend_iptables.py:1355 #, python-format msgid "Backing up '%(old)s' to '%(new)s'\n" msgstr "Sikkerhetskopierer «%(old)s» til «%(new)s»\n" #: src/backend_iptables.py:1371 src/backend.py:229 #, python-format msgid "Couldn't stat '%s'" msgstr "Klarte ikke å hente informasjon om «%s»" #: src/backend_iptables.py:1376 #, python-format msgid "WARN: '%s' is world writable" msgstr "ADVARSEL: «%s» kan overskrives av alle" #: src/backend_iptables.py:1378 #, python-format msgid "WARN: '%s' is world readable" msgstr "ADVARSEL: «%s» kan leses av alle" #: src/backend.py:69 msgid "Couldn't determine iptables version" msgstr "Klarte ikke å finne ut hvilken iptables-versjon som er installert" #: src/backend.py:143 msgid "problem running sysctl" msgstr "det oppstod et problem under kjøring av sysctl" #: src/backend.py:182 msgid "Checks disabled" msgstr "Kontroller er slått av" #: src/backend.py:188 msgid "ERROR: this script should not be SUID" msgstr "FEIL: dette skriptet skal ikke være SUID" #: src/backend.py:191 msgid "ERROR: this script should not be SGID" msgstr "FEIL: dette skriptet skal ikke være SGID" #: src/backend.py:196 msgid "You need to be root to run this script" msgstr "Du må være rotbruker for å kjøre dette skriptet" #: src/backend.py:206 #, python-format msgid "'%s' does not exist" msgstr "«%s» finnes ikke" #: src/backend.py:235 #, python-format msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s" msgstr "uid er %(uid)s, men «%(path)s» eies av %(st_uid)s" #: src/backend.py:242 #, python-format msgid "%s is world writable!" msgstr "%s kan overskrives av hvem som helst!" #: src/backend.py:246 #, python-format msgid "%s is group writable!" msgstr "%s kan overskrives av tilhørende brukergruppe!" #: src/backend.py:262 #, python-format msgid "'%(f)s' file '%(name)s' does not exist" msgstr "«%(f)s»-fil «%(name)s» finnes ikke" #: src/backend.py:287 #, python-format msgid "Missing policy for '%s'" msgstr "Mangler regelsett for «%s»" #: src/backend.py:291 #, python-format msgid "Invalid policy '%(policy)s' for '%(chain)s'" msgstr "«%(policy)s» er en ugyldig regel for «%(chain)s»" #: src/backend.py:298 msgid "Invalid option" msgstr "Ugyldig valg" #: src/backend.py:354 #, python-format msgid "Default application policy changed to '%s'" msgstr "Standard programregelsett er endret til «%s»" #: src/backend.py:421 msgid "No rules found for application profile" msgstr "Fant ingen regler for programprofil" #: src/backend.py:477 #, python-format msgid "Rules updated for profile '%s'" msgstr "Regler for profilen «%s» er oppdatert" #: src/backend.py:483 msgid "Couldn't update application rules" msgstr "Klarte ikke å oppdatere programregler" #: src/backend.py:505 #, python-format msgid "Found multiple matches for '%s'. Please use exact profile name" msgstr "«%s» ga flere treff. Bruk nøyaktig profilnavn" #: src/backend.py:508 #, python-format msgid "Could not find a profile matching '%s'" msgstr "Fant ingen profil som samsvarer med «%s»" #: src/backend.py:575 msgid "Logging: " msgstr "Loggføring: " #: src/backend.py:579 msgid "unknown" msgstr "ukjent" #: src/backend.py:606 msgid "Logging disabled" msgstr "Loggføring slått av" #: src/backend.py:608 msgid "Logging enabled" msgstr "Loggføring slått på" #: src/common.py:191 #, python-format msgid "Bad port '%s'" msgstr "«%s» er en ugyldig port" #: src/common.py:252 #, python-format msgid "Unsupported protocol '%s'" msgstr "Protokollen «%s» støttes ikke" #: src/common.py:280 msgid "Bad source address" msgstr "Ugyldig kildeadresse" #: src/common.py:290 msgid "Bad destination address" msgstr "Ugyldig måladresse" #: src/common.py:298 msgid "Bad interface type" msgstr "Ugyldig grensesnitt-type" #: src/common.py:302 msgid "Bad interface name: reserved character: '!'" msgstr "Ugyldig grensesnitt-navn. Tegnet «!» er reservert" #: src/common.py:306 msgid "Bad interface name" msgstr "Ugyldig grensesnittnavn" #: src/common.py:310 msgid "Bad interface name: can't use interface aliases" msgstr "Ugyldig grensesnittnavn. Du kan ikke bruke alias for grensesnitt her" #: src/common.py:321 #, python-format msgid "Insert position '%s' is not a valid position" msgstr "«%s» er en ugyldig posisjon" #: src/common.py:331 #, python-format msgid "Invalid log type '%s'" msgstr "«%s» er en ugyldig loggtype" #: src/common.py:339 #, python-format msgid "Unsupported direction '%s'" msgstr "«%s» er en ugyldig retning" #: src/common.py:350 msgid "Could not normalize source address" msgstr "Klarte ikke å normalisere kildeadresse" #: src/common.py:361 msgid "Could not normalize destination address" msgstr "Klarte ikke å normalisere måladresse" #: src/common.py:425 msgid "Found exact match" msgstr "Fant nøyaktig treff" #: src/common.py:429 #, python-format msgid "Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)" msgstr "" "Fant søketreff som ikke er handling/loggtype: (%(xa)s/%(ya)s %(xl)s/%(yl)s)" #: src/frontend.py:90 #, python-format msgid "" "\n" "Usage: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s enables the firewall\n" " %(disable)-31s disables the firewall\n" " %(default)-31s set default policy\n" " %(logging)-31s set logging to %(level)s\n" " %(allow)-31s add allow %(rule)s\n" " %(deny)-31s add deny %(rule)s\n" " %(reject)-31s add reject %(rule)s\n" " %(limit)-31s add limit %(rule)s\n" " %(delete)-31s delete %(urule)s\n" " %(insert)-31s insert %(urule)s at %(number)s\n" " %(reload)-31s reload firewall\n" " %(reset)-31s reset firewall\n" " %(status)-31s show firewall status\n" " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n" " %(statusverbose)-31s show verbose firewall status\n" " %(show)-31s show firewall report\n" " %(version)-31s display version information\n" "\n" "%(appcommands)s:\n" " %(applist)-31s list application profiles\n" " %(appinfo)-31s show information on %(profile)s\n" " %(appupdate)-31s update %(profile)s\n" " %(appdefault)-31s set default application policy\n" msgstr "" "\n" "Bruk: %(progname)s %(command)s\n" "\n" "%(commands)s:\n" " %(enable)-31s slå på brannmur\n" " %(disable)-31s slå av brannmur\n" " %(default)-31s velg standard regelsett\n" " %(logging)-31s velg %(level)s som loggføringsnivå\n" " %(allow)-31s legg til %(rule)s for tillatt tilkobling\n" " %(deny)-31s legg til %(rule)s for nektet tilkobling\n" " %(reject)-31s legg til %(rule)s for avvisning av tilkobling\n" " %(limit)-31s legg til %(rule)s for begrensning av tilkobling\n" " %(delete)-31s slett %(urule)s\n" " %(insert)-31s sett inn %(urule)s ved %(number)s\n" " %(reload)-31s last inn brannmur på nytt\n" " %(reset)-31s tilbakestill brannmur\n" " %(status)-31s viss brannmur-status\n" " %(statusnum)-31s vis brannmur-status i form av nummerert liste over " "%(rules)s\n" " %(statusverbose)-31s vis detaljert brannmur-status\n" " %(show)-31s vis brannmur-rapport\n" " %(version)-31s vis versjonsinformasjon\n" "\n" "%(appcommands)s:\n" " %(applist)-31s vis programprofiler\n" " %(appinfo)-31s vis informasjon om %(profile)s\n" " %(appupdate)-31s oppdater %(profile)s\n" " %(appdefault)-31s velg standard regelsett for programmer\n" #: src/frontend.py:164 msgid "n" msgstr "n" #: src/frontend.py:165 msgid "y" msgstr "j" #: src/frontend.py:166 msgid "yes" msgstr "ja" #: src/frontend.py:211 msgid "Firewall is active and enabled on system startup" msgstr "Brannmuren er nå i bruk, og slås på automatisk ved systemoppstart" #: src/frontend.py:218 msgid "Firewall stopped and disabled on system startup" msgstr "" "Brannmuren er nå slått av, og slås ikke på automatisk ved systemoppstart" #: src/frontend.py:270 msgid "Could not get listening status" msgstr "Klarte ikke å hente lyttestatus" #: src/frontend.py:339 msgid "Added user rules (see 'ufw status' for running firewall):" msgstr "Lagt til brukerregler (se «ufw status» for kjørende brannmur):" #: src/frontend.py:342 msgid "" "\n" "(None)" msgstr "" "\n" "(Ingen)" #: src/frontend.py:398 src/frontend.py:496 src/frontend.py:506 #, python-format msgid "Invalid IP version '%s'" msgstr "«%s» er en ugyldig IP-versjon" #: src/frontend.py:429 msgid "Invalid position '" msgstr "' er en ugyldig posisjon" #: src/frontend.py:503 msgid "IPv6 support not enabled" msgstr "IPv6-støtte er slått av" #: src/frontend.py:514 msgid "Rule changed after normalization" msgstr "Regel endret etter normalisering" #: src/frontend.py:538 #, python-format msgid "Could not back out rule '%s'" msgstr "Klarte ikke å ta ut regelen «%s»" #: src/frontend.py:542 msgid "" "\n" "Error applying application rules." msgstr "" "\n" "Det oppstod en feil da programregler skulle tas i bruk." #: src/frontend.py:544 msgid " Some rules could not be unapplied." msgstr " Noen regler ble ikke tatt bort." #: src/frontend.py:546 msgid " Attempted rules successfully unapplied." msgstr " Reglene ble tatt bort." #: src/frontend.py:557 #, python-format msgid "Could not find rule '%s'" msgstr "Fant ikke regelen «%s»" #: src/frontend.py:562 src/frontend.py:567 #, python-format msgid "Could not find rule '%d'" msgstr "Fant ikke regelen «%d»" #: src/frontend.py:583 #, python-format msgid "" "Deleting:\n" " %(rule)s\n" "Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Sletter:\n" " %(rule)s\n" "Vil du fortsette (%(yes)s|%(no)s)? " #: src/frontend.py:614 msgid "Unsupported default policy" msgstr "Standard regelsett støttes ikke" #: src/frontend.py:643 src/frontend.py:788 msgid "Firewall reloaded" msgstr "Brannmuren er lastet inn på nytt" #: src/frontend.py:645 msgid "Firewall not enabled (skipping reload)" msgstr "Brannmuren er ikke slått på (lar være å laste inn på nytt)" #: src/frontend.py:662 src/frontend.py:676 src/frontend.py:713 msgid "Invalid profile name" msgstr "Ugyldig profilnavn" #: src/frontend.py:681 src/frontend.py:863 #, python-format msgid "Unsupported action '%s'" msgstr "Handlinga «%s» støttes ikke" #: src/frontend.py:700 msgid "Available applications:" msgstr "Tilgjengelige programmer:" #: src/frontend.py:721 #, python-format msgid "Could not find profile '%s'" msgstr "Fant ikke profilen «%s»" #: src/frontend.py:726 msgid "Invalid profile" msgstr "Ugyldig profil" #: src/frontend.py:729 #, python-format msgid "Profile: %s\n" msgstr "Profil: %s\n" #: src/frontend.py:730 #, python-format msgid "Title: %s\n" msgstr "Tittel: %s\n" #: src/frontend.py:733 #, python-format msgid "" "Description: %s\n" "\n" msgstr "" "Beskrivelse: %s\n" "\n" #: src/frontend.py:739 msgid "Ports:" msgstr "Porter:" #: src/frontend.py:741 msgid "Port:" msgstr "Port:" #: src/frontend.py:790 msgid "Skipped reloading firewall" msgstr "Lot være å laste inn brannmur på nytt" #: src/frontend.py:800 msgid "Cannot specify 'all' with '--add-new'" msgstr "Du kan ikke velge både «all» og «--add-new» samtidig" #: src/frontend.py:815 #, python-format msgid "Unknown policy '%s'" msgstr "«%s» er et ukjent regelsett" #: src/frontend.py:872 #, python-format msgid "" "Command may disrupt existing ssh connections. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Denne kommandoen kan forstyrre pågående ssh-tilkoblinger. Vil du fortsette " "(%(yes)s|%(no)s)? " #: src/frontend.py:885 #, python-format msgid "" "Resetting all rules to installed defaults. Proceed with operation " "(%(yes)s|%(no)s)? " msgstr "" "Tilbakestiller alle regler til installerte standardverdier. Vil du fortsette " "(%(yes)s|%(no)s)? " #: src/frontend.py:889 #, python-format msgid "" "Resetting all rules to installed defaults. This may disrupt existing ssh " "connections. Proceed with operation (%(yes)s|%(no)s)? " msgstr "" "Tilbakestiller alle regler til installerte standardverdier. Dette kan " "forstyrre pågående ssh-tilkoblinger. Vil du fortsette (%(yes)s|%(no)s)? " #: src/parser.py:108 #, python-format msgid "Cannot insert rule at position '%s'" msgstr "Klarte ikke å sette inn regel i posisjon «%s»" #: src/parser.py:142 msgid "Invalid interface clause" msgstr "Ugyldig grensesnitt-klausul" #: src/parser.py:168 msgid "Option 'log' not allowed here" msgstr "Valget «log» tillates ikke her" #: src/parser.py:172 msgid "Option 'log-all' not allowed here" msgstr "Valget «log-all» tillates ikke her" #: src/parser.py:205 src/parser.py:219 msgid "Bad port" msgstr "Ugyldig port" #: src/parser.py:210 src/parser.py:342 msgid "Port ranges must be numeric" msgstr "Portrekkevidde må angis i tallformat" #: src/parser.py:224 src/parser.py:441 #, python-format msgid "Invalid port with protocol '%s'" msgstr "«%s» er en ugyldig port/protokoll" #: src/parser.py:228 msgid "Wrong number of arguments" msgstr "Feil antall argumenter" #: src/parser.py:232 msgid "Need 'to' or 'from' clause" msgstr "«til»- eller «fra»-klausul mangler" #: src/parser.py:247 msgid "Improper rule syntax" msgstr "Feilaktig regelsyntaks" #: src/parser.py:254 #, python-format msgid "Invalid token '%s'" msgstr "«%s» er et ugyldig symbol" #: src/parser.py:266 msgid "Invalid 'proto' clause" msgstr "Ugyldig «proto»-klausul" #: src/parser.py:281 #, python-format msgid "Invalid '%s' clause" msgstr "Ugyldig «%s»-klausul" #: src/parser.py:303 msgid "Invalid 'from' clause" msgstr "InUgyldig «fra»-klausul" #: src/parser.py:325 msgid "Invalid 'to' clause" msgstr "Ugyldig «til»-klausul" #: src/parser.py:330 #, python-format msgid "Need 'from' or 'to' with '%s'" msgstr "Du må angi «fra» eller «til»-klausul med «%s»" #: src/parser.py:357 msgid "Invalid 'port' clause" msgstr "Ugyldig «port»-klausul" #: src/parser.py:366 msgid "Mixed IP versions for 'from' and 'to'" msgstr "Du må holde deg til én IP-versjon i både «fra»- og «til»-klausul" #: src/parser.py:383 src/parser.py:393 src/parser.py:402 msgid "Could not find protocol" msgstr "Fant ikke protokoll" #: src/parser.py:409 msgid "Protocol mismatch (from/to)" msgstr "Protokollene (fra/til) stemmer ikke overens" #: src/parser.py:416 #, python-format msgid "Protocol mismatch with specified protocol %s" msgstr "Protokoll stemmer ikke med spesifikk protokoll %s" #: src/parser.py:423 #, python-format msgid "Improper rule syntax ('%s' specified with app rule)" msgstr "Feilaktig regelsyntaks (brukt «%s» med programregel)" #: src/parser.py:430 #, python-format msgid "Invalid IPv6 address with protocol '%s'" msgstr "Ugyldig IPv6-adresse med protokoll «%s»" #: src/parser.py:563 msgid "Invalid interface clause for route rule" msgstr "Ugyldig grensesnitt-klausul for rute-regel" #: src/parser.py:849 #, python-format msgid "Command '%s' already exists" msgstr "Kommandoen «%s» finnes allerede" #: src/util.py:434 msgid "Couldn't find pid (is /proc mounted?)" msgstr "Fant ikke PID (kontroller at «/proc» er montert)" #: src/util.py:438 #, python-format msgid "Couldn't find parent pid for '%s'" msgstr "Fant ikke forelder-PID for «%s»" #: src/util.py:448 #, python-format msgid "Couldn't find '%s'" msgstr "Fant ikke «%s»" #: src/util.py:454 #, python-format msgid "Could not find executable for '%s'" msgstr "Fant ingen kjørbar fil for «%s»" #: src/util.py:1006 #, python-format msgid "Could not get statistics for '%s'" msgstr "Klarte ikke å hente statistikk for «%s»" #~ msgid "----" #~ msgstr "----" #~ msgid "--" #~ msgstr "--" #~ msgid "------" #~ msgstr "------" #~ msgid "'%s' file '%s' does not exist" #~ msgstr "'%s' fil '%s' eksisterer ikke" #~ msgid "No match" #~ msgstr "Ingen treff" #~ msgid "" #~ "\n" #~ "Usage: " #~ msgstr "" #~ "\n" #~ "Anvendelse: " #~ msgid ": Need at least python 2.5)\n" #~ msgstr ": Trenger i det minste python 2.5)\n" #~ msgid "uid is %s but '%s' is owned by %s" #~ msgstr "uid er %s men '%s' er eiet av %s" #, python-format #~ msgid "Default policy changed to '%s'\n" #~ msgstr "Standard policy byttet til '%s'\n" #, python-format #~ msgid "Default: %s" #~ msgstr "Standard: %s" #~ msgid "Status: active" #~ msgstr "Status: aktiv" #~ msgid "" #~ " COMMAND\n" #~ "\n" #~ "Commands:\n" #~ " enable\t\t\t\tenables the firewall\n" #~ " disable\t\t\tdisables the firewall\n" #~ " default ARG\t\t\tset default policy to ALLOW, DENY or REJECT\n" #~ " logging ARG\t\t\tset logging to OFF, ON or LEVEL\n" #~ " allow|deny|reject ARG\t\tadd allow, deny or reject RULE\n" #~ " delete RULE\t\t \tdelete the RULE\n" #~ " insert NUM RULE\t \tinsert RULE at NUM\n" #~ " status \t\t\tshow firewall status\n" #~ " status numbered\t\tshow firewall status as numbered list of RULES\n" #~ " show ARG\t\t\tshow firewall report\n" #~ " version\t\t\tdisplay version information\n" #~ "\n" #~ "Application profile commands:\n" #~ " app list\t\t\tlist application profiles\n" #~ " app info PROFILE\t\tshow information on PROFILE\n" #~ " app update PROFILE\t\tupdate PROFILE\n" #~ " app default ARG\t\tset profile policy to ALLOW, DENY, REJECT or\n" #~ "\t\t\t\tSKIP\n" #~ msgstr "" #~ " KOMMANDO\n" #~ "\n" #~ "Kommandoer:\n" #~ " aktiver\t\t\t\taktiverer brannmuren\n" #~ " deaktiver\t\t\tdeaktiverer brannmuren\n" #~ " standard ARG\t\t\tsett standard policy til TILLATT, NEKTE or AVVISE\n" #~ " logging ARG\t\t\tselisttt logging til AV, PÅ eller NIVÅ\n" #~ " tillatt|nekt|avvis ARG\t\tlegg til tillatt, nekt eller avvis REGEL\n" #~ " slett REGEL\t\t \tslett REGELEN\n" #~ " sett-inn NUM REGEL\t \tsett inn REGEL til NUM\n" #~ " status \t\t\tvis brannmur status\n" #~ " status nummerert\t\tvis brannmur status som nummererte lister av REGLER\n" #~ " show ARG\t\t\tvis brannmur repport\n" #~ " versjon\t\t\tvis versjon informasjon\n" #~ "\n" #~ "Applikasjon profilkommandoer :\n" #~ " app liste\t\t\tapplikasjons profiler liste\n" #~ " app info PROFILE\t\tvis informasjon om PROFIL\n" #~ " app oppdater PROFIL\t\toppdater PROFIL\n" #~ " app standard ARG\t\tsett profil policy til TILLATT, NEKT, AVVIS eller\n" #~ "\t\t\t\tHOPP OVER\n" ufw-0.36/examples/0000755000175000017500000000000013226727543013030 5ustar jamiejamieufw-0.36/examples/dovecot0000644000175000017500000000120013226727543014407 0ustar jamiejamie[Dovecot POP3] title=Secure mail server (POP3) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=110/tcp [Dovecot Secure POP3] title=Secure mail server (POP3S) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=995/tcp [Dovecot IMAP] title=Secure mail server (IMAP) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=143/tcp [Dovecot Secure IMAP] title=Secure mail server (IMAPS) description=Dovecot is a mail server whose major goals are security and extreme reliability. ports=993/tcp ufw-0.36/examples/webapp0000644000175000017500000000020013226727543014221 0ustar jamiejamie[Custom Web App] title=Example profile for a custom web application description=Some nice descriptive text here ports=8080/tcp ufw-0.36/examples/apache0000644000175000017500000000062713226727543014201 0ustar jamiejamie[Apache] title=Web Server description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80/tcp [Apache Secure] title=Web Server (HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=443/tcp [Apache Full] title=Web Server (HTTP,HTTPS) description=Apache v2 is the next generation of the omnipresent Apache web server. ports=80,443/tcp ufw-0.36/examples/bind90000644000175000017500000000043413226727543013761 0ustar jamiejamie[Bind9] title=Internet Domain Name Server description=The Berkeley Internet Name Domain (BIND) implements an Internet domain name server. BIND is the most widely-used name server software on the Internet, and is supportsed by the Internet Software Consortium, www.isc.org. ports=53 ufw-0.36/examples/samba0000644000175000017500000000057113226727543014041 0ustar jamiejamie[Samba] title=LanManager-like file and printer server for Unix description=The Samba software suite is a collection of programs that implements the SMB/CIFS protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. ports=137,138/udp|139,445/tcp ufw-0.36/ChangeLog0000644000175000017500000004717413404772663013002 0ustar jamiejamieufw (0.36) RELEASED; urgency=medium * doc/ufw-framework.8: - fix path for user[6].rules - reference nf_conntrack_sane - fix syntax error in example rule (LP: #1782384) * snap packaging: - adjust snappy packaging for series 16 and to use snapcraft - add bash completer to snap packaging - add ipset and conntrack * doc/ufw-on-snappy.8: update for series 16 * src/backend_iptables.py: properly calculate the path to state_dir when specifying --rootdir and --datadir (ie, fix regression in 0.35 final) * conf/before6.rules: - adjust ufw6-before-output rules for echo-reply and echo-request (LP: #1633698) - move echo-reply for ufw6-before-input before INVALID (LP: #1664133, LP: #1509725) * conf/ufw.defaults: mention nf_conntrack_sane * adjust runtime tests to use daytime/port 13 instead of ssh/port 22 everywhere and adjust to use daytime/port 13 instead of http/port 80 and https/port 443 in good/logging and ipv6/bad_args6 (Closes: 849628) * don't disable syncookies and instead use the system's value by default * Bittorrent can also use UDP (LP: #1695718) * doc/ufw.8: remove spurious apostrophes from man page. Thanks to Tom Spurling * common.py: - adjust regex to be more liberal with non-meta characters in interface names (LP: #1719211) - don't allow interfaces longer than 15 characters * shell-completion/bash: use _have() instead of have(). Thanks to Andrew Nowak and Paulo Marcel Coelho Aragao (LP: #1775043) * support concurrent updates (LP: #1204579, LP: #1652163, LP: #1377600, Closes: 686248) * add 'prepend' command to better support IPS (fail2ban, etc. LP: #1368411, LP: #1586258, Closes: 909163) * backend.py: only warn if initcaps() fails is disabled (Closes: 884932) * conf/before.rules: remove extraneous source quench rule (LP: #1558068) -- Jamie Strandboge Fri, 14 Dec 2018 12:01:29 -0600 ufw (0.35) RELEASED; urgency=medium * update check-requirements and README for python 3.5 * update unit tests to not fail when /proc/net/* has no useful information (Closes: 797020) * update rsyslog example to use 'stop' instead of the deprecated '~' (Closes: 798100) * add --rootdir and --datadir options to ufw and ufw-init to make relocatable * files owned by 'clickpkg' are ok too * add preliminary snappy packaging * add support for comments (LP: #448503) * don't allow 'route delete NUM' and suggest 'delete NUM' instead * move user[6].rules to /etc/ufw (LP: #728128) * update README: python3 < 3.4 is no longer supported -- Jamie Strandboge Sun, 07 Feb 2016 16:55:26 -0600 ufw (0.34) RELEASED; urgency=low * refactor capabilities checks and only call when needed * error out early instead of tracing back with iptables errors in get_netfilter_capabilities() (LP: #1044361) * fix TypeError which somehow only manifested itself when using zh_CN * add 'reload' to help (LP: #1059060) * check-requirements now gives iptables output on failure. Patch thanks to S. Nizio. * use conntrack instead of state module. Patch based on work by S. Nizio. (LP: #1065297) * don't use get_netfilter_capabilities() with ipv6 if ipv6 is disabled (LP: #1039729, LP: #1062521) * fix parse error when finding PPID (LP: #1101304) * implement before and after hooks in /etc/ufw/(before|after).init (LP: #1075975) TODO: add tests * add unit test framework and cleanup, remove dead and refactor some code * honor UFW_SKIP_CHECKS=1 environment variable with setup.py, which eases testing * tests/check-requirements: add a check for -m rt --rt-type 0 (LP: #1191197) * match simple rule syntax and don't allow ports with esp and ah protocols with extended rule syntax * when displaying extended rules via parser.get_command(), show "out" if the direction is "out" and there is no corresponding interface * fix return of various invalid extended rules in parser.get_command() * clarify 'limit' command in man page (LP: #1089262) * implement route rules (ie, manage FORWARD, LP: #262421). See man page for details. This change reworked interface parsing and we now allow interfaces with '_' in the name (LP: #1098472) * add state RELATED,ESTABLISHED rule to ufw-before-forward in before*.rules like we do with ufw-before-input. This will only affect systems with ip forwarding enabled via sysctl * add ufw[6]-track-forward chain and handle it the same as for ufw[6]track-input and ufw[6]-track-output * document ufw[6]-track-* in README (dropped in previous commit) * fix for 'status' not distingushing between some v4/v6 targets (LP: #1078665) * add safe icmp packets packets to ufw-before-forward in before*.rules like we do for ufw-before-input. This will only affect systems with ip forwarding enabled via sysctl * update check-requirements for python 3.3 and 3.4 * add 5269/tcp to XMPP (LP: #1327162) * fix traceback with forward rule * import new and updated Launchpad translations: - po/ar.po, po/ast.po, po/bg.po, po/bs.po, po/ca.po, po/ce.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/en_AU.po, po/en_GB.po, po/es.po, po/et.po, po/fi.po, po/fr.po, po/he.po, po/hu.po, po/id.po, po/it.po, po/ja.po, po/ko.po, po/lv.po, po/nb.po, po/nl.po, po/pl.po, po/pt_BR.po, po/pt.po, po/ru.po, po/se.po, po/sk.po, po/sl.po, po/sr.po, po/sv.po, po/tl.po, po/tr.po, po/uk.po, po/ur.po, po/zh_CN.po, po/zh_TW.po - thanks to all contributors: https://translations.launchpad.net/ufw * also use .lower() on translations for 'yes' (LP: #1438647) * adjust/rearrange before6.rules for rfc4890 'must not be blocked' and 'should not be blocked' (LP: #1434525, LP: #1030214) * doc/systemd.example: add service file from Ubuntu (LP: #1341083) * correctly spell qBittorrent (LP: #1273965) * update man page for app rules (LP: #1155292) * support igmp protocol (LP: #946322) * adjust testsuite for systems supporting smtp/udp (LP: #815982) * enforce that basic commands don't have arguments (LP: #1155250) * update command completion for --dry-run, --force, --help and route (LP: #1225666) * support gre protocol (LP: #1418879) * support ./setup.py build (LP: #819600) * doc/ufw.8: - clarify log level behavior (LP: #1461701) - add app profile syntax - add protocol support * skip profiles with invalid port declarations (LP: #1201934) * tests/check-locales: skip locales that fail to install or generate -- Jamie Strandboge Thu, 20 Aug 2015 11:48:13 -0500 ufw (0.33) RELEASED; urgency=low * conf/after6.rules: also use correct ports for DHCPv6. Thanks to Marco Davids (LP: #1007326) * src/util.py: add get_netfilter_capabilities() for getting the capabilities set for things we want to support but may not be in all kernels/iptables versions * add IPv6 limit support (LP: #951462) * import new and updated Launchpad translations: - po/ast.po, po/bs.po, po/cs.po, po/de.po, po/el.po, po/en_AU.po, po/en_GB.po, po/es.po, po/fi.po, po/fr.po, po/he.po, po/hu.po, po/it.po, po/nb.po, po/nl.po, po/pt_BR.po, po/pt.po, po/sk.po, po/sl.po, po/sv.po, po/zh_CN.po, po/zh_TW.po (new, LP: #868195) - thanks to all contributors: https://translations.launchpad.net/ufw * README.translations: updated for paths and testing * add 'show added' report (LP: #987784) * remove ACCEPT_NO_TRACK option since it never worked (LP: #787955) * src/backend_iptables.py: display output of ufw-init if it fails * don't traceback if can't determine iptables version -- Jamie Strandboge Sun, 12 Aug 2012 10:58:04 -0500 ufw (0.32) RELEASED; urgency=low * Obsolete python2.5 in preparation for python3 support * Adjust gettext initialization so that _() always returns unicode. Patch thanks to Barry Warsaw * Add python3 support (LP: #1001657) * profiles/ufw-directoryserver: use LDAPS key for LDAPS -- Jamie Strandboge Sat, 19 May 2012 08:48:15 -0500 ufw (0.31.1) RELEASED; urgency=low * src/util.py: revert revert r752 which introduced problems with other locales (LP: #953372) * add tests/check-locales. This is Debian/Ubuntu specific, but will help avoid commits like r752. -- Jamie Strandboge Mon, 12 Mar 2012 20:26:28 -0500 ufw (0.31) RELEASED; urgency=low * allow UPnP multicast for service discovery (LP: #764933) * conf/ufw.defaults: - remove IRC connection tracking, which is only required for DCC - allow nf_conntrack_netbios_ns (Samba) (LP: #360975) * enable IPv6 by default * fix 'allow to any ipv6' when IPv6 is enabled * update manpage references to ufw and ufw-framework to include the section * update check-requirements to prompt to continue with tests that may autoload modules. Add '-f' option to check-requirements and update test suite accordingly (LP: #782816) * don't fail when running 'show listening' under fakeroot (LP: #812516) * add syntax-check to Makefile * add man-check to Makefile * src/util.py: use codes.open(..., 'UTF-8') to better support non-english locales in third-party frontends. Analysis and patch suggestion thanks to S. Nizio. (LP: #921758) * conf/ufw.defaults and doc/ufw-framework.8: add info on tftp connection tracking modules * fix traceback when specifying '--dry-run' with no arguments (LP: #946332) * tests/testlib.sh: add 'http-or-www' argument to do_cmd() to try to account for /etc/services files with http/udp instead of www/udp. Adjust bad/apps and root/normalization for this (LP: #947224) * conf/before6.rules: use correct ports for DHCPv6 and limit source and destination addresses to autoconfiguration addresses (fe80::/10). Thanks to Mathieu Trudel-Lapierre (LP: #947416) * import new and updated Launchpad translations: - po/ar.po, po/ast.po (new), po/bg.po, po/bs.po (new), po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/en_AU.po, po/en_GB.po, po/es.po, po/fi.po, po/fr.po, po/he.po, po/hu.po, po/id.po, po/it.po, po/ja.po (new), po/nb.po, po/nl.po, po/pl.po, po/pt_BR.po, po/pt.po, po/ru.po, po/sk.po, po/sl.po, po/sr.po, po/sv.po, po/tl.po, po/ur.po (new), po/zh_CN.po - thanks to all contributors: https://translations.launchpad.net/ufw * allow multiple interface matching via '+'. Thanks to Oliver Hookins. (LP: #611838) * allow application profiles to start with a digit (LP: #663632) * don't traceback in show listening when a rule references a non-existent interface (LP: #840500) -- Jamie Strandboge Fri, 09 Mar 2012 14:24:24 -0600 ufw (0.30.1) RELEASED; urgency=low * allow for python 2.7 (verified to work with python 2.7.1) * fix improper display of error messages. Patch thanks to Serguey Basalaev (LP: #580032) * profiles/ufw-mailserver: remove Postfix reference * fix typo in warning (LP: #637876) * fix manpage reference to /etc/default/ufw (Closes: 601111) * mention quoting of application profile names with spaces (LP: #715676) * fix man-page hyphenation in ufw.8 * run_tests.sh: adjust PATH if iptables can't be found * adjust /etc/ufw/sysctl.conf to have commented out entries for ipv6 privacy addressing * profiles/ufw-fileserver: add svnserve profile (LP: #501140) * use 'UFW AUDIT INVALID' for INVALID packets in medium and higher * DROP packets with RH0 headers (LP: #740249) * update README to discuss the default ruleset * only allow mDNS multicast (LP: #740256) * allow ping replies from multicast (LP: #720605) -- Jamie Strandboge Tue, 22 Mar 2011 12:06:10 -0500 ufw (0.30) RELEASED; urgency=low * add example Upstart script * error out when filesystem is read-only (LP: #430053) * catch exception if can't find parent pid when refreshing application profiles (LP: #424528) * update manpage to clarify 'show' command (LP: #453083) * update setup.py to use sys.executable and cleanup required binaries * update test suite - better handle iptables < 1.4 (tested with 1.3.8) - allow alternate interpreter * write loglevel rules to user rules (LP: #459925) * properly log INVALID packets for medium and higher (LP: #480789) * Makefile: clean up POTFILES target * generate binary translations in setup.py rather than shipping them in source (LP: #490366) * src/ufw-init-functions: don't run 'already started' check unless ENABLED. This should improve boot speed such that iptables is not needlessly called which results in an unneeded modprobe. * manpage fixes thanks to Loic Minier * set "default" sysctl values before "all" values. Thanks to Loic Minier * clean up parser to make it easier to add new functionality * don't log LIMIT rules if logging is off (LP: #512131) * fix for noisy services getting logged. Added new 'skip-to-policy' chains that are now used in after*.rules (LP: #488032) * add rsyslog example configuration and update README * add reset command (LP: #436608) * add --force option to enable (LP: #496267) * decode("utf-8") some strings in 'status' to correct formatting errors with with multibyte characters * add more reports * add delete by rule number (LP: #367571) * add support for IPv6 tunnels and 6to4 (LP: #502655) * fix occasional ufw errors during boot with upstart (/tmp not available) (LP: #521359) * normalize IPv6 addresses to standard python shortened notation * follow iptables and don't require that an interface ends with a number (LP: #568877) * really allow IPv6 neighbor discovery (LP: #611982) * add support for IPSec via the esp and ah protocols (LP: #606997) * fix traceback in 'show listening' report (LP: #624199) * fix inaccuracies in 'show listening' report with IPv6 (LP: #625340) * update check-requirements to not check ip6tables modules needed for the 'limit' command * import updated Launchpad translations: - po/ar.po, po/bg.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/en_AU.po, po/en_GB.po, po/es.po, po/fi.po, po/fr.po, po/he.po, po/hu.po, po/id.po, po/it.po, po/nb.po, po/nl.po, po/pl.po, po/pt_BR.po, po/pt.po, po/ru.po, po/sk.po, po/sl.po, po/sr.po, po/sv.po, po/tl.po, po/zh_CN.po - thanks to all contributors: https://translations.launchpad.net/ufw -- Jamie Strandboge Fri, 27 Aug 2010 15:30:43 -0500 ufw (0.29) RELEASE; urgency=low * add egress filtering support: - CLI command allows specifying direction in simple and extended syntax - status reporting shows outgoing policy and outgoing rules - allow changing default outgoing policy - connection tracking rules for state NEW, when using a default policy of ACCEPT for INPUT and OUTPUT, are now put in their own chains, rather than configured in before*.rules - add state RELATED,ESTABLISHED rule to ufw-before-output in before*.rules like we do with ufw-before-input, to increase performance - DEFAULT_OUTPUT_POLICY and DEFAULT_INPUT_POLICY can now also be set to ACCEPT_NO_TRACK, which avoids adding connection tracking rules for state NEW - update documentation for the above * add tests/check-requirements and integrate into test suite. This script can be used to make sure that your system has all the required iptables and netfilter functionality as described in README * add doc/ufw-framework.8 * allow deletion of non-existent application rules introduced in 0.24. (LP: #407810) * import Launchpad translations: - po/ar.po, po/bg.po, po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/en_AU.po, po/en_GB.po, po/fi.po, po/fr.po, po/he.po, po/hu.po, po/id.po, po/it.po, po/nb.po, po/nl.po, po/pl.po, po/pt_BR.po, po/pt.po, po/ru.po, po/sk.po, po/sl.po, po/sr.po, po/sv.po, po/tl.po, po/zh_CN.po - thanks to all contributors: https://translations.launchpad.net/ufw - moved translations into locales/po and locales/mo. setup.py installs files in locales/mo - translations are now installed into ${prefix}/share/ufw/messages -- Jamie Strandboge Tue, 25 Aug 2009 09:12:10 -0500 ufw (0.28) RELEASE; urgency=low * translation fixes * add interface rules * update Makefile to fail if byte-compiling failed * install rules files 0640 (LP: #393187) * adjust help command for proper translation and bash completion support * add limit command to help (LP: #358964) * add shell-completion/bash. Based on work by Didier Roche * tests/*: updated with 'nostats' option so redundant tests are counted in test results. Update many root tests to use 'nostats' * look for location of iptables and set IPTABLES_DIR in common.py. Adjust calls to ip[6]tables* to use IPTABLES_DIR * fix harmless but annoying bug where multi-rule application rules ended up with ::/0 in the tuple line in user.rules (IPV4) when not specifying a destination or source address and IPV6 is enabled * make insert rule logic more robust * update setup.py to install user rules and init script helpers into /lib, rather than /var/lib and /usr/share/ufw. Update tests, backend_iptables.py, ufw-init and documentation accordingly. (LP: #400208) -- Jamie Strandboge Wed, 15 Jul 2009 09:30:25 -0500 ufw (0.27.1) RELEASE; urgency=low * update README for instructions on integrating ufw into the boot process * adjust strings to better conform with translation guidelines (LP: #353424) * adjust translation location to work with rosetta -- Jamie Strandboge Mon, 23 Mar 2009 12:06:27 -0500 ufw (0.27) RELEASE; urgency=low * don't do symlink check anymore (LP: #317700) * don't do hidden file check anymore (LP: #319226). Hidden application profiles are already skipped, so this check only bumps into revision control systems * add 'status numbered' command * more comments in conf/sysctl.conf * add insert rule support (LP: #260745) * read in rules from /var/lib/ufw/*.rules. This helps keep status inline with reality and fixes (LP: #262975) * add loglevel support. This also changed the default rules files * add per rule logging support * get rid of redundant RETURN rules * update LIMIT logging prefix * update setup.py to use subprocess instead of Popen3 -- Jamie Strandboge Sat, 17 Jan 2009 07:15:25 -0600 ufw (0.26) RELEASE; urgency=low * fix formatting when using 'app update all' (LP: #300726) * add runtime version check for iptables and warn if using IPv6 application rules with iptables < 1.4 * Makefile: depend on translations when making tarball * remove more useless newlines * man page updates * display interfaces and exact packet counters in 'status raw' * support REJECT for rules, default policy and default application policy (LP: #197322) * only flush and delete ufw chains * add a 'flush-all' command to ufw-init * add MANAGE_BUILTINS option to /etc/default/ufw, and when set to 'yes' flush the built-in chains too -- Jamie Strandboge Fri, 16 Jan 2009 07:01:38 -0600 ufw (0.25) RELEASE; urgency=low * new ChangeLog files for upstream tarballs. See ChangeLog.pre-0.25 for previous changes, including Ubuntu-specific changes * setup.py: don't install initscript anymore * add example (non-LSB) initscript to doc/initscript.example * split out initscript into ufw-init-functions, ufw-init (for use by ufw itself) and doc/initscript.example (for use by distributions). This makes ufw more robust and portable * don't stop the firewall via the initscripts if ufw is not enabled (LP: #311066) * rename skel-ui to skel-ui.example * README: - add Distributions section - update for initscript changes - update What's in a Name -- Jamie Strandboge Mon, 22 Dec 2008 08:53:14 -0600 ufw-0.36/doc/0000755000175000017500000000000013404772663011760 5ustar jamiejamieufw-0.36/doc/ufw.80000644000175000017500000005115013404772663012654 0ustar jamiejamie.TH UFW: "8" "" "February 2016" "February 2016" .SH NAME ufw \- program for managing a netfilter firewall .PP .SH DESCRIPTION This program is for managing a Linux firewall and aims to provide an easy to use interface for the user. .SH USAGE .TP ufw [\fB\-\-dry\-run\fR] \fBenable|disable|reload\fR .TP ufw [\fB\-\-dry\-run\fR] \fBdefault\fR allow|deny|reject [incoming|outgoing|routed] .TP ufw [\fB\-\-dry\-run\fR] \fBlogging\fR on|off|LEVEL .TP ufw [\fB\-\-dry\-run\fR] \fBreset\fR .TP ufw [\fB\-\-dry\-run\fR] \fBstatus\fR [verbose|numbered] .TP ufw [\fB\-\-dry\-run\fR] \fBshow\fR REPORT .TP ufw [\fB\-\-dry\-run\fR] [\fBdelete\fR] [\fBinsert\fR NUM] [\fBprepend\fR] \fBallow|deny|reject|limit\fR [\fBin|out\fR] [\fBlog|log\-all\fR] [ PORT[/PROTOCOL] | APPNAME ] [\fBcomment\fR COMMENT] .TP ufw [\fB\-\-dry\-run\fR] [\fBrule\fR] [\fBdelete\fR] [\fBinsert\fR NUM] [\fBprepend\fR] \fBallow|deny|reject|limit\fR [\fBin|out\fR [\fBon\fR INTERFACE]] [\fBlog|log\-all\fR] [\fBproto\fR PROTOCOL] [\fBfrom\fR ADDRESS [\fBport\fR PORT | \fBapp\fR APPNAME ]] [\fBto\fR ADDRESS [\fBport\fR PORT | \fBapp\fR APPNAME ]] [\fBcomment\fR COMMENT] .TP ufw [\fB\-\-dry\-run\fR] \fBroute\fR [\fBdelete\fR] [\fBinsert\fR NUM] [\fBprepend\fR] \fBallow|deny|reject|limit\fR [\fBin|out\fR \fBon\fR INTERFACE] [\fBlog|log\-all\fR] [\fBproto\fR PROTOCOL] [\fBfrom\fR ADDRESS [\fBport\fR PORT | \fBapp\fR APPNAME]] [\fBto\fR ADDRESS [\fBport\fR PORT | \fBapp\fR APPNAME]] [\fBcomment\fR COMMENT] .TP ufw [\fB\-\-dry\-run\fR] \fBdelete\fR NUM .TP ufw [\fB\-\-dry\-run\fR] \fBapp\fR \fBlist|info|default|update\fR .SH OPTIONS .TP \fB\-\-version\fR show program's version number and exit .TP \fB\-h\fR, \fB\-\-help\fR show help message and exit .TP \fB\-\-dry\-run\fR don't modify anything, just show the changes .TP \fBenable\fR reloads firewall and enables firewall on boot. .TP \fBdisable\fR unloads firewall and disables firewall on boot .TP \fBreload\fR reloads firewall .TP \fBdefault\fR allow|deny|reject DIRECTION change the default policy for traffic going DIRECTION, where DIRECTION is one of \fBincoming\fR, \fBoutgoing\fR or \fBrouted\fR. Note that existing rules will have to be migrated manually when changing the default policy. See \fBRULE SYNTAX\fR for more on \fBdeny\fR and \fBreject\fR. .TP \fBlogging\fR on|off|LEVEL toggle logging. Logged packets use the LOG_KERN syslog facility. Systems configured for rsyslog support may also log to /var/log/ufw.log. Specifying a LEVEL turns logging on for the specified LEVEL. The default log level is 'low'. See \fBLOGGING\fR for details. .TP \fBreset\fR Disables and resets firewall to installation defaults. Can also give the \fB\-\-force\fR option to perform the reset without confirmation. .TP \fBstatus\fR show status of firewall and ufw managed rules. Use \fBstatus verbose\fR for extra information. In the status output, 'Anywhere' is synonymous with 'any' and '0.0.0.0/0'. Note that when using \fBstatus\fR, there is a subtle difference when reporting interfaces. For example, if the following rules are added: ufw allow in on eth0 from 192.168.0.0/16 ufw allow out on eth1 to 10.0.0.0/8 ufw route allow in on eth0 out on eth1 to 10.0.0.0/8 from 192.168.0.0/16 ufw limit 2222/tcp comment 'SSH port' \fBufw status\fR will output: To Action From -- ------ ---- Anywhere on eth0 ALLOW 192.168.0.0/16 10.0.0.0/8 ALLOW OUT Anywhere on eth1 10.0.0.0/8 on eth1 ALLOW FWD 192.168.0.0/16 on eth0 Anywhere LIMIT Anywhere # SSH port For the input and output rules, the interface is reported relative to the firewall system as an endpoint, whereas with route rules, the interface is reported relative to the direction packets flow through the firewall. .TP \fBshow\fR REPORT display information about the running firewall. See \fBREPORTS\fR .TP \fBallow\fR ARGS add allow rule. See \fBRULE SYNTAX\fR .TP \fBdeny\fR ARGS add deny rule. See \fBRULE SYNTAX\fR .TP \fBreject\fR ARGS add reject rule. See \fBRULE SYNTAX\fR .TP \fBlimit\fR ARGS add limit rule. Currently only IPv4 is supported. See \fBRULE SYNTAX\fR .TP \fBdelete\fR RULE|NUM deletes the corresponding RULE .TP \fBinsert\fR NUM RULE insert the corresponding RULE as rule number NUM .TP \fBprepend\fR RULE prepend the corresponding RULE to the top of the ruleset .SH "RULE SYNTAX" .PP Users can specify rules using either a simple syntax or a full syntax. The simple syntax only specifies the port and optionally the protocol to be allowed or denied on the host. Both syntaxes support specifying a comment for the rule. For existing rules, specifying a different comment updates the comment and specifying '' removes the comment. Example rules using the simple syntax: ufw allow 53 This rule will allow tcp and udp port 53 to any address on this host. To specify a protocol, append '/protocol' to the port. For example: ufw allow 25/tcp This will allow tcp port 25 to any address on this host. \fBufw\fR will also check /etc/services for the port and protocol if specifying a service by name. Eg: ufw allow smtp \fBufw\fR supports both ingress and egress filtering and users may optionally specify a direction of either \fBin\fR or \fBout\fR for either incoming or outgoing traffic. If no direction is supplied, the rule applies to incoming traffic. Eg: ufw allow in http ufw reject out smtp ufw reject telnet comment 'telnet is unencrypted' .PP Users can also use a fuller syntax, specifying the source and destination addresses and ports. This syntax is loosely based on OpenBSD's PF syntax. For example: ufw deny proto tcp to any port 80 This will deny all traffic to tcp port 80 on this host. Another example: ufw deny proto tcp from 10.0.0.0/8 to 192.168.0.1 port 25 This will deny all traffic from the RFC1918 Class A network to tcp port 25 with the address 192.168.0.1. ufw deny proto tcp from 2001:db8::/32 to any port 25 This will deny all traffic from the IPv6 2001:db8::/32 to tcp port 25 on this host. IPv6 must be enabled in #CONFIG_PREFIX#/default/ufw for IPv6 firewalling to work. ufw deny in on eth0 to 224.0.0.1 proto igmp This will deny all igmp traffic to 224.0.0.1 on the eth0 interface. ufw allow in on eth0 to 192.168.0.1 proto gre This will allow all gre traffic to 192.168.0.1 on the eth0 interface. ufw allow proto tcp from any to any port 80,443,8080:8090 comment 'web app' The above will allow all traffic to tcp ports 80, 443 and 8080\-8090 inclusive and adds a comment for the rule. When specifying multiple ports, the ports list must be numeric, cannot contain spaces and must be modified as a whole. Eg, in the above example you cannot later try to delete just the '443' port. You cannot specify more than 15 ports (ranges count as 2 ports, so the port count in the above example is 4). \fBufw\fR supports several different protocols. The following are valid in any rule and enabled when the protocol is not specified: tcp udp The following have certain restrictions and are not enabled when the protocol is not specified: ah valid without port number esp valid without port number gre valid without port number ipv6 valid for IPv4 addresses and without port number igmp valid for IPv4 addresses and without port number Rules for traffic not destined for the host itself but instead for traffic that should be routed/forwarded through the firewall should specify the \fBroute\fR keyword before the rule (routing rules differ significantly from PF syntax and instead take into account netfilter FORWARD chain conventions). For example: ufw route allow in on eth1 out on eth2 This will allow all traffic routed to eth2 and coming in on eth1 to traverse the firewall. ufw route allow in on eth0 out on eth1 to 12.34.45.67 port 80 proto tcp This rule allows any packets coming in on eth0 to traverse the firewall out on eth1 to tcp port 80 on 12.34.45.67. In addition to routing rules and policy, you must also setup IP forwarding. This may be done by setting the following in #CONFIG_PREFIX#/ufw/sysctl.conf: net/ipv4/ip_forward=1 net/ipv6/conf/default/forwarding=1 net/ipv6/conf/all/forwarding=1 then restarting the firewall: ufw disable ufw enable Be aware that setting kernel tunables is operating system specific and \fBufw\fR sysctl settings may be overridden. See the \fBsysctl\fR manual page for details. .PP \fBufw\fR supports connection rate limiting, which is useful for protecting against brute\-force login attacks. When a limit rule is used, \fBufw\fR will normally allow the connection but will deny connections if an IP address attempts to initiate 6 or more connections within 30 seconds. See http://www.debian\-administration.org/articles/187 for details. Typical usage is: ufw limit ssh/tcp .PP Sometimes it is desirable to let the sender know when traffic is being denied, rather than simply ignoring it. In these cases, use \fBreject\fR instead of \fBdeny\fR. For example: ufw reject auth .PP By default, \fBufw\fR will apply rules to all available interfaces. To limit this, specify \fBDIRECTION on INTERFACE\fR, where DIRECTION is one of \fBin\fR or \fBout\fR (interface aliases are not supported). For example, to allow all new incoming http connections on eth0, use: ufw allow in on eth0 to any port 80 proto tcp .PP To delete a rule, simply prefix the original rule with \fBdelete\fR with or without the rule comment. For example, if the original rule was: ufw deny 80/tcp Use this to delete it: ufw delete deny 80/tcp You may also specify the rule by NUM, as seen in the \fBstatus numbered\fR output. For example, if you want to delete rule number '3', use: ufw delete 3 If you have IPv6 enabled and are deleting a generic rule that applies to both IPv4 and IPv6 (eg 'ufw allow 22/tcp'), deleting by rule number will delete only the specified rule. To delete both with one command, prefix the original rule with \fBdelete\fR. .PP To insert a rule, specify the new rule as normal, but prefix the rule with the rule number to insert. For example, if you have four rules, and you want to insert a new rule as rule number three, use: ufw insert 3 deny to any port 22 from 10.0.0.135 proto tcp Similarly, to add a rule before all other rules matching the rule's IP type, use the prepend rule: ufw prepend deny from 1.2.3.4 This is particularly useful for dynamic firewalls as found in an IPS. Importantly, if the specified rule is an IPv4 rule, it will be prepended before all other IPv4 rules. If it is an IPv6 rule, it will be prepended before any IPv6 rules. To see a list of numbered rules, use: ufw status numbered .PP \fBufw\fR supports per rule logging. By default, no logging is performed when a packet matches a rule. Specifying \fBlog\fR will log all new connections matching the rule, and \fBlog\-all\fR will log all packets matching the rule. For example, to allow and log all new ssh connections, use: ufw allow log 22/tcp See \fBLOGGING\fR for more information on logging. .SH EXAMPLES .PP Deny all access to port 53: ufw deny 53 .PP Allow all access to tcp port 80: ufw allow 80/tcp .PP Allow all access from RFC1918 networks to this host: ufw allow from 10.0.0.0/8 ufw allow from 172.16.0.0/12 ufw allow from 192.168.0.0/16 .PP Deny access to udp port 514 from host 1.2.3.4: ufw deny proto udp from 1.2.3.4 to any port 514 .PP Allow access to udp 1.2.3.4 port 5469 from 1.2.3.5 port 5469: ufw allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469 .SH REMOTE MANAGEMENT .PP When running \fBufw enable\fR or starting \fBufw\fR via its initscript, \fBufw\fR will flush its chains. This is required so \fBufw\fR can maintain a consistent state, but it may drop existing connections (eg ssh). \fBufw\fR does support adding rules before enabling the firewall, so administrators can do: ufw allow proto tcp from any to any port 22 before running '\fBufw enable\fR'. The rules will still be flushed, but the ssh port will be open after enabling the firewall. Please note that once ufw is 'enabled', \fBufw\fR will not flush the chains when adding or removing rules (but will when modifying a rule or changing the default policy). By default, \fBufw\fR will prompt when enabling the firewall while running under ssh. This can be disabled by using '\fBufw \-\-force enable\fR'. .SH APPLICATION INTEGRATION .PP \fBufw\fR supports application integration by reading profiles located in #CONFIG_PREFIX#/ufw/applications.d. To list the names of application profiles known to \fBufw\fR, use: ufw app list Users can specify an application name when adding a rule (quoting any profile names with spaces). For example, when using the simple syntax, users can use: ufw allow Or for the extended syntax: ufw allow from 192.168.0.0/16 to any app You should not specify the protocol with either syntax, and with the extended syntax, use \fBapp\fR in place of the \fBport\fR clause. Details on the firewall profile for a given application can be seen with: ufw app info where '' is one of the applications seen with the \fFapp list\fR command. Users may also specify \fBall\fR to see the profiles for all known applications. Syntax for the application profiles is a simple .INI format: [] title= description=<description> ports=<ports> The 'ports' field may specify a '|'-separated list of ports/protocols where the protocol is optional. A comma-separated list or a range (specified with 'start:end') may also be used to specify multiple ports, in which case the protocol is required. For example: [SomeService] title=Some title description=Some description ports=12/udp|34|56,78:90/tcp In the above example, 'SomeService' may be used in app rules and it specifies UDP port 12, TCP and UDP on port 34 and TCP ports 56 and 78-90 inclusive. After creating or editing an application profile, users can run: ufw app update <name> This command will automatically update the firewall with updated profile information. If specify 'all' for name, then all the profiles will be updated. To update a profile and add a new rule to the firewall automatically, users can run: ufw app update \-\-add\-new <name> The behavior of the \fBupdate \-\-add\-new\fR command can be configured using: ufw app default <policy> The default application policy is \fBskip\fR, which means that the \fBupdate \-\-add\-new\fR command will do nothing. Users may also specify a policy of \fBallow\fR or \fBdeny\fR so the \fBupdate \-\-add\-new\fR command may automatically update the firewall. \fBWARNING:\fR it may be a security to risk to use a default \fBallow\fR policy for application profiles. Carefully consider the security ramifications before using a default \fBallow\fR policy. .SH LOGGING .PP \fBufw\fR supports multiple logging levels. \fBufw\fR defaults to a loglevel of 'low' when a loglevel is not specified. Users may specify a loglevel with: ufw logging LEVEL LEVEL may be 'off', 'low', 'medium', 'high' and 'full'. Log levels are defined as: .TP \fBoff\fR disables ufw managed logging .TP \fBlow\fR logs all blocked packets not matching the defined policy (with rate limiting), as well as packets matching logged rules .TP \fBmedium\fR log level low, plus all allowed packets not matching the defined policy, all INVALID packets, and all new connections. All logging is done with rate limiting. .TP \fBhigh\fR log level medium (without rate limiting), plus all packets with rate limiting .TP \fBfull\fR log level high without rate limiting .PP Loglevels above medium generate a lot of logging output, and may quickly fill up your disk. Loglevel medium may generate a lot of logging output on a busy system. .PP Specifying 'on' simply enables logging at log level 'low' if logging is currently not enabled. .SH REPORTS .PP The following reports are supported. Each is based on the live system and with the exception of the \fBlistening\fR report, is in raw iptables format: raw builtins before\-rules user\-rules after\-rules logging\-rules listening added The \fBraw\fR report shows the complete firewall, while the others show a subset of what is in the \fBraw\fR report. .PP The \fBlistening\fR report will display the ports on the live system in the listening state for tcp and the open state for udp, along with the address of the interface and the executable listening on the port. An '*' is used in place of the address of the interface when the executable is bound to all interfaces on that port. Following this information is a list of rules which may affect connections on this port. The rules are listed in the order they are evaluated by the kernel, and the first match wins. Please note that the default policy is not listed and tcp6 and udp6 are shown only if IPV6 is enabled. .PP The \fBadded\fR report displays the list of rules as they were added on the command\-line. This report does not show the status of the running firewall (use '\fBufw status\fR' instead). Because rules are normalized by \fBufw\fR, rules may look different than the originally added rule. Also, \fBufw\fR does not record command ordering, so an equivalent ordering is used which lists IPv6\-only rules after other rules. .SH NOTES .PP On installation, \fBufw\fR is disabled with a default incoming policy of deny, a default forward policy of deny, and a default outgoing policy of allow, with stateful tracking for NEW connections for incoming and forwarded connections. In addition to the above, a default ruleset is put in place that does the following: .TP - DROP packets with RH0 headers .TP - DROP INVALID packets .TP - ACCEPT certain icmp packets (INPUT and FORWARD): destination-unreachable, source-quench, time-exceeded, parameter-problem, and echo-request for IPv4. destination-unreachable, packet-too-big, time-exceeded, parameter-problem, and echo-request for IPv6. .TP - ACCEPT icmpv6 packets for stateless autoconfiguration (INPUT) .TP - ACCEPT ping replies from IPv6 link-local (ffe8::/10) addresses (INPUT) .TP - ACCEPT DHCP client traffic (INPUT) .TP - DROP non-local traffic (INPUT) .TP - ACCEPT mDNS (zeroconf/bonjour/avahi 224.0.0.251 for IPv4 and ff02::fb for IPv6) for service discovery (INPUT) .TP - ACCEPT UPnP (239.255.255.250 for IPv4 and ff02::f for IPv6) for service discovery (INPUT) .PP Rule ordering is important and the first match wins. Therefore when adding rules, add the more specific rules first with more general rules later. .PP \fBufw\fR is not intended to provide complete firewall functionality via its command interface, but instead provides an easy way to add or remove simple rules. .PP The status command shows basic information about the state of the firewall, as well as rules managed via the \fBufw\fR command. It does not show rules from the rules files in #CONFIG_PREFIX#/ufw. To see the complete state of the firewall, users can \fBufw show raw\fR. This displays the filter, nat, mangle and raw tables using: iptables \-n \-L \-v \-x \-t <table> ip6tables \-n \-L \-v \-x \-t <table> See the \fBiptables\fR and \fBip6tables\fR documentation for more details. .PP If the default policy is set to REJECT, \fBufw\fR may interfere with rules added outside of the ufw framework. See README for details. .PP IPV6 is allowed by default. To change this behavior to only accept IPv6 traffic on the loopback interface, set IPV6 to 'no' in #CONFIG_PREFIX#/default/ufw and reload \fBufw\fR. When IPv6 is enabled, you may specify rules in the same way as for IPv4 rules, and they will be displayed with \fBufw status\fR. Rules that match both IPv4 and IPv6 addresses apply to both IP versions. For example, when IPv6 is enabled, the following rule will allow access to port 22 for both IPv4 and IPv6 traffic: ufw allow 22 .PP IPv6 over IPv4 tunnels and 6to4 are supported by using the 'ipv6' protocol ('41'). This protocol can only be used with the full syntax. For example: ufw allow to 10.0.0.1 proto ipv6 ufw allow to 10.0.0.1 from 10.4.0.0/16 proto ipv6 .PP IPSec is supported by using the 'esp' ('50') and 'ah' ('51') protocols. These protocols can only be used with the full syntax. For example: ufw allow to 10.0.0.1 proto esp ufw allow to 10.0.0.1 from 10.4.0.0/16 proto esp ufw allow to 10.0.0.1 proto ah ufw allow to 10.0.0.1 from 10.4.0.0/16 proto ah .PP In addition to the command\-line interface, \fBufw\fR also provides a framework which allows administrators to modify default behavior as well as take full advantage of netfilter. See the \fBufw\-framework\fR manual page for more information. .SH SEE ALSO .PP \fBufw\-framework\fR(8), \fBiptables\fR(8), \fBip6tables\fR(8), \fBiptables\-restore\fR(8), \fBip6tables\-restore\fR(8), \fBsysctl\fR(8), \fBsysctl.conf\fR(5) .SH AUTHOR .PP ufw is Copyright 2008-2014, Canonical Ltd. .PP ufw and this manual page was originally written by Jamie Strandboge <jamie@canonical\&.com> ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/ufw-framework.8������������������������������������������������������������������������0000644�0001750�0001750�00000024414�13404772663�014652� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "UFW FRAMEWORK" "8" "" "April 2014" "April 2014" .SH NAME ufw\-framework \- using the ufw framework .PP .SH DESCRIPTION \fBufw\fR provides both a command line interface and a framework for managing a netfilter firewall. While the \fBufw\fR command provides an easy to use interface for managing a firewall, the \fBufw\fR framework provides the administrator methods to customize default behavior and add rules not supported by the command line tool. In this way, \fBufw\fR can take full advantage of Linux netfilter's power and flexibility. .SH OVERVIEW .PP The framework provides boot time initialization, rules files for adding custom rules, a method for loading netfilter modules, configuration of kernel parameters and configuration of IPv6. The framework consists of the following files: .TP #STATE_PREFIX#/ufw\-init initialization script .TP #CONFIG_PREFIX#/ufw/before.init initialization customization script run before ufw is initialized .TP #CONFIG_PREFIX#/ufw/after.init initialization customization script run after ufw is initialized .TP #CONFIG_PREFIX#/ufw/before[6].rules rules file containing rules evaluated before UI added rules .TP #CONFIG_PREFIX#/ufw/user[6].rules rules file containing UI added rules (managed with the \fBufw\fR command) .TP #CONFIG_PREFIX#/ufw/after[6].rules rules file containing rules evaluated after UI added rules .TP #CONFIG_PREFIX#/default/ufw high level configuration .TP #CONFIG_PREFIX#/ufw/sysctl.conf kernel network tunables .TP #CONFIG_PREFIX#/ufw/ufw.conf additional high level configuration .SH "BOOT INITIALIZATION" .PP \fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a standard SysV style initscript used by the \fBufw\fR command and should not be modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init scripts may be used to perform any additional firewall configuration that is not yet supported in ufw itself and if they exist and are executable, ufw\-init will execute these scripts. ufw\-init will exit with error if either of these scripts exit with error. ufw\-init supports the following arguments: .TP start: loads the firewall .TP stop: unloads the firewall .TP restart: reloads the firewall .TP force\-reload: same as restart .TP status: basic status of the firewall .TP force\-stop: same as stop, except does not check if the firewall is already loaded .TP flush\-all: flushes the built\-in chains, deletes all non\-built\-in chains and resets the policy to ACCEPT .PP ufw\-init will call before.init and after.init with start, stop, status and flush\-all, but typically, if used, these scripts need only implement start and stop. .PP \fBufw\fR uses many user\-defined chains in addition to the built\-in iptables chains. If MANAGE_BUILTINS in #CONFIG_PREFIX#/default/ufw is set to 'yes', on stop and reload the built\-in chains are flushed. If it is set to 'no', on stop and reload the \fBufw\fR secondary chains are removed and the \fBufw\fR primary chains are flushed. In addition to flushing the \fBufw\fR specific chains, it keeps the primary chains in the same order with respect to any other user\-defined chains that may have been added. This allows for \fBufw\fR to interoperate with other software that may manage their own firewall rules. .PP To ensure your firewall is loading on boot, you must integrate this script into the boot process. Consult your distribution's documentation for the proper way to modify your boot process if \fBufw\fR is not already integrated. .SH "RULES FILES" .PP \fBufw\fR is in part a front\-end for \fBiptables\-restore\fR, with its rules saved in #CONFIG_PREFIX#/ufw/before.rules, #CONFIG_PREFIX#/ufw/after.rules and #CONFIG_PREFIX#/ufw/user.rules. Administrators can customize \fBbefore.rules\fR and \fBafter.rules\fR as desired using the standard \fBiptables\-restore\fR syntax. Rules are evaluated as follows: \fBbefore.rules\fR first, \fBuser.rules\fR next, and \fBafter.rules\fR last. IPv6 rules are evaluated in the same way, with the rules files named \fBbefore6.rules\fR, \fBuser6.rules\fR and \fBafter6.rules\fR. Please note that \fBufw status\fR only shows rules added with \fBufw\fR and not the rules found in the #CONFIG_PREFIX#/ufw rules files. .PP \fBImportant\fR: \fBufw\fR only uses the *filter table by default. You may add any other tables such as *nat, *raw and *mangle as desired. For each table a corresponding COMMIT statement is required. .PP After modifying any of these files, you must reload \fBufw\fR for the rules to take effect. See the EXAMPLES section for common uses of these rules files. .SH MODULES .PP Netfilter has many different connection tracking modules. These modules are aware of the underlying protocol and allow the administrator to simplify his or her rule sets. You can adjust which netfilter modules to load by adjusting IPT_MODULES in #CONFIG_PREFIX#/default/ufw. Some popular modules to load are: nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc nf_conntrack_netbios_ns nf_conntrack_pptp nf_conntrack_tftp nf_nat_tftp nf_conntrack_sane .SH "KERNEL PARAMETERS" .PP \fBufw\fR will read in #CONFIG_PREFIX#/ufw/sysctl.conf on boot when enabled. Please note that #CONFIG_PREFIX#/ufw/sysctl.conf overrides values in the system systcl.conf (usually #CONFIG_PREFIX#/sysctl.conf). Administrators can change the file used by modifying #CONFIG_PREFIX#/default/ufw. .SH IPV6 .PP IPv6 is enabled by default. When disabled, all incoming, outgoing and forwarded packets are dropped, with the exception of traffic on the loopback interface. To adjust this behavior, set IPV6 to 'yes' in #CONFIG_PREFIX#/default/ufw. See the \fBufw\fR manual page for details. .SH EXAMPLES .PP As mentioned, \fBufw\fR loads its rules files into the kernel by using the \fBiptables\-restore\fR and \fBip6tables\-restore\fR commands. Users wanting to add rules to the \fBufw\fR rules files manually must be familiar with these as well as the \fBiptables\fR and \fBip6tables\fR commands. Below are some common examples of using the \fBufw\fR rules files. All examples assume IPv4 only and that DEFAULT_FORWARD_POLICY in #CONFIG_PREFIX#/default/ufw is set to DROP. .SS IP Masquerading .PP To allow IP masquerading for computers from the 10.0.0.0/8 network on eth1 to share the single IP address on eth0: .TP Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: net.ipv4.ip_forward=1 .TP Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: *nat :POSTROUTING ACCEPT [0:0] \-A POSTROUTING \-s 10.0.0.0/8 \-o eth0 \-j MASQUERADE COMMIT .TP If your firewall is using IPv6 tunnels or 6to4 and is also doing NAT, then you should not usually masquerade protocol '41' (ipv6) packets. For example, instead of the above, #CONFIG_PREFIX#/ufw/before.rules can be adjusted to have: *nat :POSTROUTING ACCEPT [0:0] \-A POSTROUTING \-s 10.0.0.0/8 ! \-\-protocol 41 \-o eth0 \-j MASQUERADE COMMIT .TP Add the \fBufw route\fR to allow the traffic: ufw route allow in on eth1 out on eth0 from 10.0.0.0/8 .SS Port Redirections .PP To forward tcp port 80 on eth0 to go to the webserver at 10.0.0.2: .TP Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: net.ipv4.ip_forward=1 .TP Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: *nat :PREROUTING ACCEPT [0:0] \-A PREROUTING \-p tcp \-i eth0 \-\-dport 80 \-j DNAT \\ \-\-to\-destination 10.0.0.2:80 COMMIT .TP Add the \fBufw route\fR rule to allow the traffic: ufw route allow in on eth0 to 10.0.0.2 port 80 proto tcp .SS Egress filtering .PP To block RFC1918 addresses going out of eth0: .TP Add the \fBufw route\fR rules to reject the traffic: ufw route reject out on eth0 to 10.0.0.0/8 ufw route reject out on eth0 to 172.16.0.0/12 ufw route reject out on eth0 to 192.168.0.0/16 .SS Full example .PP This example combines the other examples and demonstrates a simple routing firewall. \fBWarning\fR: this setup is only an example to demonstrate the functionality of the \fBufw\fR framework in a concise and simple manner and should not be used in production without understanding what each part does and does not do. Your firewall will undoubtedly want to be less open. .PP This router/firewall has two interfaces: eth0 (Internet facing) and eth1 (internal LAN). Internal clients have addresses on the 10.0.0.0/8 network and should be able to connect to anywhere on the Internet. Connections to port 80 from the Internet should be forwarded to 10.0.0.2. Access to ssh port 22 from the administrative workstation (10.0.0.100) to this machine should be allowed. Also make sure no internal traffic goes to the Internet. .TP Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have: net.ipv4.ip_forward=1 .TP Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section: *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] \-A PREROUTING \-p tcp \-i eth0 \-\-dport 80 \-j DNAT \\ \-\-to\-destination 10.0.0.2:80 \-A POSTROUTING \-s 10.0.0.0/8 \-o eth0 \-j MASQUERADE COMMIT .TP Add the necessary \fBufw\fR rules: ufw route reject out on eth0 to 10.0.0.0/8 ufw route reject out on eth0 to 172.16.0.0/12 ufw route reject out on eth0 to 192.168.0.0/16 ufw route allow in on eth1 out on eth0 from 10.0.0.0/8 ufw route allow in on eth0 to 10.0.0.2 port 80 proto tcp ufw allow in on eth1 from 10.0.0.100 to any port 22 proto tcp .SH NOTES .PP When using ufw with libvirt and bridging, packets may be blocked. The libvirt team recommends that the following sysctl's be set to disable netfilter on the bridge: net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 Note that the bridge module must be loaded in to the kernel before these values are set. One way to ensure this works properly with ufw is to add 'bridge' to IPT_MODULES in #CONFIG_PREFIX#/default/ufw, and then add the above rules to #CONFIG_PREFIX#/ufw/sysctl.conf. Alternatively to disabling netfilter on the bridge, you can configure iptables to allow all traffic to be forwarded across the bridge. Eg, add to #CONFIG_PREFIX#/ufw/before.rules within the *filter section: -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT .SH SEE ALSO .PP \fBufw\fR(8), \fBiptables\fR(8), \fBip6tables\fR(8), \fBiptables\-restore\fR(8), \fBip6tables\-restore\fR(8), \fBsysctl\fR(8), \fBsysctl.conf\fR(5) .SH AUTHOR .PP ufw is Copyright 2008-2014, Canonical Ltd. .PP ufw and this manual page was originally written by Jamie Strandboge <jamie@canonical\&.com> ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/skel-ui.example������������������������������������������������������������������������0000644�0001750�0001750�00000002350�13257500346�014677� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#! /usr/bin/env python # # skel-ui: skeleton frontend for ufw # # Copyright 2008 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # import ufw.frontend from ufw.common import UFWError from ufw.util import error, warn ufw.common.programName = "skel-ui" import gettext kwargs = {} if sys.version_info[0] < 3: # In Python 2, ensure that the _() that gets installed into built-ins # always returns unicodes. This matches the default behavior under Python # 3, although that keyword argument is not present in the Python 3 API. kwargs['unicode'] = True gettext.install(ufw.common.programName, **kwargs) if __name__ == "__main__": print(ufw.frontend.get_command_help()) ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/rsyslog.example������������������������������������������������������������������������0000644�0001750�0001750�00000000467�13257511760�015041� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Log kernel generated UFW log messages to file :msg,contains,"[UFW " /var/log/ufw.log # Uncomment the following to stop logging anything that matches the last rule. # Doing this will no longer kernel generated UFW log messages to the file # normally containing kern.* messages (eg, /var/log/kern.log) #& stop ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/ufw-on-snappy.8������������������������������������������������������������������������0000644�0001750�0001750�00000005331�13404772663�014576� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "UFW ON SNAPPY" "8" "" "September 2015" "September 2015" .SH NAME ufw on snappy \- using ufw on Ubuntu Core .PP .SH DESCRIPTION This program is for managing a Linux firewall and aims to provide an easy to use interface for the admin user. This interface is targeted primarily towards administering a bastion firewall. \fBufw\fR packaged as a snap is very similar to \fBufw\fR packaged on a traditional Linux distribution. .SH COMMANDS .TP ufw.doc documentation for \fBufw\fR .TP ufw command line interface to \fBufw\fR .TP ufw.init lowlevel inititialization script .TP snap config ufw configuration directives exposed via \fBsnap config\fB .SH "GETTING STARTED" .PP When \fBufw\fR is installed it is disabled by default and not allowed to use the firewall-control interface. Before it can be enabled, you must first connect the firewall-control interface with: $ sudo snap connect ufw:firewall-control ubuntu-core:firewall-control This will give ufw the necessary permissions to manipulate the firewall and ensure the proper modules are loaded into the kernel. Now you can use \fBufw\fR like normal. For example, to enable the firewall, allow ssh access, enable logging, and check the status of the firewall, perform: $ sudo ufw allow ssh/tcp $ sudo ufw logging low $ sudo ufw enable $ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22/tcp ALLOW IN Anywhere 22/tcp (v6) ALLOW IN Anywhere (v6) \fBufw\fR integrates into the boot sequence by providing the \fBufw.src\fR service. It simply calls \fBufw.init start\fR during boot. Service logs can be seen with: $ sudo journalctl --unit snap.ufw.srv.service .SH UFW FRAMEWORK On a snappy\-based system apps have access to a read\-only area and a writable area. After initial install on service start, \fBufw\fR will copy the default configuration from the read\-only area in $SNAP_APP_PATH to the writable area in $SNAP_APP_DATA_PATH. If you need or want to modify the configuration files as described in the \fBufw\-framework\fB documentation, look for these files in $SNAP_APP_DATA_PATH. Upgrades are handled similarly to an traditional Ubuntu system, if the configuration files in $SNAP_APP_DATA_PATH match the previously shipped version, the files will be updated to the new version, otherwise the files that are different are logged to the service log (see above) so that the files may be merged manually. .SH AUTHOR .PP ufw is Copyright 2008-2016, Canonical Ltd. .PP ufw and this manual page was originally written by Jamie Strandboge <jamie@canonical\&.com> �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/initscript.example���������������������������������������������������������������������0000644�0001750�0001750�00000002630�13257465544�015531� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh set -e # # Example initscript for ufw # PATH="/sbin:/bin" config_prefix="/etc" [ -d /lib/ufw ] || exit 0 for s in "/lib/ufw/ufw-init-functions" "$config_prefix/ufw/ufw.conf" ; do if [ -s "$s" ]; then . "$s" else echo "Could not find $s (aborting)" exit 1 fi done error=0 case "$1" in start) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then echo "Starting firewall:" "ufw" output=`ufw_start` || error="$?" if [ ! -z "$output" ]; then /bin/echo -e "$output" fi else echo "Skip starting firewall:" "ufw (not enabled)" fi exit $error ;; stop) if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then echo "Stopping firewall:" "ufw" output=`ufw_stop` || error="$?" if [ ! -z "$output" ]; then /bin/echo -e "$output" fi else echo "Skip stopping firewall:" "ufw (not enabled)" fi exit $error ;; restart|force-reload) echo "Reloading firewall:" "ufw" output=`ufw_reload` || error="$?" if [ ! -z "$output" ]; then /bin/echo -e "$output" fi exit $error ;; status) output=`ufw_status` || error="$?" if [ ! -z "$output" ]; then /bin/echo -e "$output" fi exit $error ;; *) echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}" exit 1 ;; esac exit 0 ��������������������������������������������������������������������������������������������������������ufw-0.36/doc/upstart.example������������������������������������������������������������������������0000644�0001750�0001750�00000000560�13226727543�015037� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # Example Upstart script # # ufw - Uncomplicated Firewall # # The Uncomplicated Firewall is a front-end for iptables, to make managing a # Netfilter firewall easier. description "Uncomplicated firewall" start on net-device-added INTERFACE=lo stop on runlevel [!023456] console output pre-start exec /lib/ufw/ufw-init start post-stop exec /lib/ufw/ufw-init stop ������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/doc/systemd.example������������������������������������������������������������������������0000644�0001750�0001750�00000000416�13404772663�015026� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������[Unit] Description=Uncomplicated firewall DefaultDependencies=no Wants=network-pre.target Before=network-pre.target [Service] Type=oneshot RemainAfterExit=yes ExecStart=/lib/ufw/ufw-init start quiet ExecStop=/lib/ufw/ufw-init stop [Install] WantedBy=multi-user.target ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/setup.py�����������������������������������������������������������������������������������0000644�0001750�0001750�00000026332�13404772663�012733� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # ufw: front-end for Linux firewalling # # Copyright 2008-2016 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # # # Install with: # python ./setup.py install --root="/tmp/ufw" # # To specify a different interpreter for ufw: # python2.5 ./setup.py install --root="/tmp/ufw" # python2.6 ./setup.py install --root="/tmp/ufw" # python2.7 ./setup.py install --root="/tmp/ufw" # from __future__ import print_function from distutils.command.install import install as _install from distutils.core import setup import errno import os import re import sys import shutil import subprocess ufw_version = '0.36' def cmd(command): '''Try to execute the given command.''' try: sp = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) except OSError as e: return [127, str(e)] out = sp.communicate()[0] return [sp.returncode,out] class Install(_install, object): '''Override distutils to install the files where we want them.''' def run(self): if self.home != None and self.root != None: print("Don't specify --home and --root at same time") return real_confdir = os.path.join('/etc') real_statedir = os.path.join('/lib', 'ufw') real_prefix = self.prefix if self.home != None: real_confdir = self.home + real_confdir real_statedir = self.home + real_statedir real_prefix = self.home + '/usr' real_sharedir = os.path.join(real_prefix, 'share', 'ufw') # Update the modules' paths for fn in [ 'common.py' ]: # 'staging' is used with just 'install' but build_lib is used when # using 'build'. We could probably override 'def build()' but this # at least works for d in [os.path.join(self.build_lib, "ufw"), 'staging']: f = os.path.join(d, fn) if not os.path.exists(f): continue print("Updating " + f) subprocess.call(["sed", "-i", "s%#CONFIG_PREFIX#%" + real_confdir + "%g", f]) subprocess.call(["sed", "-i", "s%#STATE_PREFIX#%" + real_statedir + "%g", f]) subprocess.call(["sed", "-i", "s%#PREFIX#%" + real_prefix + "%g", f]) subprocess.call(["sed", "-i", "s%#IPTABLES_DIR#%" + iptables_dir + "%g", f]) subprocess.call(["sed", "-i", "s%#SHARE_DIR#%" + real_sharedir + "%g", f]) if fn == 'common.py' and 'UFW_SKIP_CHECKS' in os.environ and \ os.environ['UFW_SKIP_CHECKS'] != '': print("Updating do_checks") subprocess.call(["sed", "-i", "s%do_checks = True%do_checks = False%g", f]) # Now byte-compile everything super(Install, self).run() # Install script and data files prefix = real_prefix if self.root != None: prefix = self.root + real_prefix script = os.path.join(prefix, 'sbin', 'ufw') manpage = os.path.join(prefix, 'share', 'man', 'man8', 'ufw.8') manpage_f = os.path.join(prefix, 'share', 'man', 'man8', \ 'ufw-framework.8') for f in [ script, manpage, manpage_f ]: self.mkpath(os.path.dirname(f)) # update the interpreter to that of the one the user specified for setup print("Updating staging/ufw to use %s" % (sys.executable)) subprocess.call(["sed", "-i", "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g", 'staging/ufw']) self.copy_file('staging/ufw', script) self.copy_file('doc/ufw.8', manpage) self.copy_file('doc/ufw-framework.8', manpage_f) # Install state files and helper scripts statedir = real_statedir if self.root != None: statedir = self.root + real_statedir self.mkpath(statedir) init_helper = os.path.join(statedir, 'ufw-init') init_helper_functions = os.path.join(statedir, 'ufw-init-functions') self.copy_file('src/ufw-init', init_helper) self.copy_file('src/ufw-init-functions', init_helper_functions) # Install translations transdir = real_sharedir if self.root != None: transdir = self.root + real_sharedir i18ndir = os.path.join(transdir, 'messages') self.mkpath(i18ndir) if len(os.listdir('locales/mo')) == 0: subprocess.call(["make", "mo"]) self.copy_tree('locales/mo', i18ndir) # Install configuration files confdir = real_confdir if self.root != None: confdir = self.root + real_confdir defaults = os.path.join(confdir, 'default', 'ufw') ufwconf = os.path.join(confdir, 'ufw', 'ufw.conf') sysctl = os.path.join(confdir, 'ufw', 'sysctl.conf') before_rules = os.path.join(confdir, 'ufw', 'before.rules') after_rules = os.path.join(confdir, 'ufw', 'after.rules') before6_rules = os.path.join(confdir, 'ufw', 'before6.rules') after6_rules = os.path.join(confdir, 'ufw', 'after6.rules') user_rules = os.path.join(confdir, 'ufw', 'user.rules') user6_rules = os.path.join(confdir, 'ufw', 'user6.rules') apps_dir = os.path.join(confdir, 'ufw', 'applications.d') init_before_hook = os.path.join(confdir, 'ufw', 'before.init') init_after_hook = os.path.join(confdir, 'ufw', 'after.init') for f in [ defaults, ufwconf ]: self.mkpath(os.path.dirname(f)) self.mkpath(apps_dir) for f in os.listdir('profiles'): self.copy_file(os.path.join('profiles', f), apps_dir) self.copy_file('conf/ufw.defaults', defaults) self.copy_file('conf/ufw.conf', ufwconf) self.copy_file('conf/sysctl.conf', sysctl) self.copy_file('conf/before.rules', before_rules) self.copy_file('conf/after.rules', after_rules) self.copy_file('conf/before6.rules', before6_rules) self.copy_file('conf/after6.rules', after6_rules) self.copy_file('conf/user.rules', user_rules) self.copy_file('conf/user6.rules', user6_rules) self.copy_file('src/before.init', init_before_hook) self.copy_file('src/after.init', init_after_hook) # Update the installed rules files' permissions for f in [ before_rules, after_rules, before6_rules, after6_rules, \ user_rules, user6_rules, init_before_hook, \ init_after_hook ]: os.chmod(f, 0o640) # Update the installed files' paths for f in [ defaults, ufwconf, before_rules, after_rules, \ before6_rules, after6_rules, script, \ manpage, manpage_f, sysctl, init_helper, \ init_helper_functions, init_before_hook, \ init_after_hook ]: print("Updating " + f) subprocess.call(["sed", "-i", "s%#CONFIG_PREFIX#%" + real_confdir + "%g", f]) subprocess.call(["sed", "-i", "s%#PREFIX#%" + real_prefix + "%g", f]) subprocess.call(["sed", "-i", "s%#STATE_PREFIX#%" + real_statedir + "%g", f]) subprocess.call(["sed", "-i", "s%#VERSION#%" + ufw_version + "%g", f]) # Install pristine copies of rules files sharedir = real_sharedir if self.root != None: sharedir = self.root + real_sharedir rulesdir = os.path.join(sharedir, 'iptables') self.mkpath(rulesdir) for f in [ before_rules, after_rules, \ before6_rules, after6_rules, \ user_rules, user6_rules ]: self.copy_file(f, rulesdir) if sys.version_info[0] < 2 or \ (sys.version_info[0] == 2 and sys.version_info[1] < 6): print("ERROR: Need at least python 2.6", file=sys.stderr) sys.exit(1) if os.path.exists('staging'): shutil.rmtree('staging') shutil.copytree('src', 'staging') os.unlink(os.path.join('staging', 'ufw-init')) os.unlink(os.path.join('staging', 'ufw-init-functions')) iptables_exe = '' iptables_dir = '' for e in ['iptables']: for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \ '/usr/local/bin']: if e == "iptables": if os.path.exists(os.path.join(dir, e)): iptables_dir = dir iptables_exe = os.path.join(iptables_dir, "iptables") print("Found '%s'" % iptables_exe) else: continue if iptables_exe != "": break if iptables_exe == '': print("ERROR: could not find required binary 'iptables'", file=sys.stderr) sys.exit(1) for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']: if not os.path.exists(os.path.join(iptables_dir, e)): print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr) sys.exit(1) (rc, out) = cmd([iptables_exe, '-V']) if rc != 0: raise OSError(errno.ENOENT, "Could not find version for '%s'" % \ (iptables_exe)) version = re.sub('^v', '', re.split('\s', str(out))[1]) print("Found '%s' version '%s'" % (iptables_exe, version)) if version < "1.4": print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr) setup (name='ufw', version=ufw_version, description='front-end for Linux firewalling', long_description='front-end for Linux firewalling', author='Jamie Strandboge', author_email='jamie@canonical.com', url='https://launchpad.net/ufw', license='GPL-3', cmdclass={'install': Install}, package_dir={'ufw': 'staging'}, py_modules=['ufw.backend', 'ufw.backend_iptables', 'ufw.common', 'ufw.frontend', 'ufw.util', 'ufw.applications', 'ufw.parser'] ) shutil.rmtree('staging') ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/��������������������������������������������������������������������������������������0000755�0001750�0001750�00000000000�13404772663�012140� 5����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/user6.rules���������������������������������������������������������������������������0000644�0001750�0001750�00000000153�13226727543�014256� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������*filter :ufw6-user-input - [0:0] :ufw6-user-output - [0:0] :ufw6-user-forward - [0:0] ### RULES ### COMMIT ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/ufw.defaults��������������������������������������������������������������������������0000644�0001750�0001750�00000003407�13404772663�014476� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# /etc/default/ufw # # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback # accepted). You will need to 'disable' and then 'enable' the firewall for # the changes to take affect. IPV6=yes # Set the default input policy to ACCEPT, DROP, or REJECT. Please note that if # you change this you will most likely want to adjust your rules. DEFAULT_INPUT_POLICY="DROP" # Set the default output policy to ACCEPT, DROP, or REJECT. Please note that if # you change this you will most likely want to adjust your rules. DEFAULT_OUTPUT_POLICY="ACCEPT" # Set the default forward policy to ACCEPT, DROP or REJECT. Please note that # if you change this you will most likely want to adjust your rules DEFAULT_FORWARD_POLICY="DROP" # Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please # note that setting this to ACCEPT may be a security risk. See 'man ufw' for # details DEFAULT_APPLICATION_POLICY="SKIP" # By default, ufw only touches its own chains. Set this to 'yes' to have ufw # manage the built-in chains too. Warning: setting this to 'yes' will break # non-ufw managed firewall rules MANAGE_BUILTINS=no # # IPT backend # # only enable if using iptables backend IPT_SYSCTL=#CONFIG_PREFIX#/ufw/sysctl.conf # Extra connection tracking modules to load. Complete list can be found in # net/netfilter/Kconfig of your kernel source. Some common modules: # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support # nf_conntrack_netbios_ns: NetBIOS (samba) client support # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT # nf_conntrack_ftp, nf_nat_ftp: active FTP support # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side) # nf_conntrack_sane: sane support IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns" ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/before.rules��������������������������������������������������������������������������0000644�0001750�0001750�00000004751�13404772663�014465� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw-before-input # ufw-before-output # ufw-before-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw-before-input - [0:0] :ufw-before-output - [0:0] :ufw-before-forward - [0:0] :ufw-not-local - [0:0] # End required lines # allow all on loopback -A ufw-before-input -i lo -j ACCEPT -A ufw-before-output -o lo -j ACCEPT # quickly process packets for which we already have a connection -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # drop INVALID packets (logs these in loglevel medium and higher) -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP # ok icmp codes for INPUT -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT # ok icmp code for FORWARD -A ufw-before-forward -p icmp --icmp-type destination-unreachable -j ACCEPT -A ufw-before-forward -p icmp --icmp-type time-exceeded -j ACCEPT -A ufw-before-forward -p icmp --icmp-type parameter-problem -j ACCEPT -A ufw-before-forward -p icmp --icmp-type echo-request -j ACCEPT # allow dhcp client to work -A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT # # ufw-not-local # -A ufw-before-input -j ufw-not-local # if LOCAL, RETURN -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN # if MULTICAST, RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN # if BROADCAST, RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN # all other non-local packets are dropped -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP # allow MULTICAST mDNS for service discovery (be sure the MULTICAST line above # is uncommented) -A ufw-before-input -p udp -d 224.0.0.251 --dport 5353 -j ACCEPT # allow MULTICAST UPnP for service discovery (be sure the MULTICAST line above # is uncommented) -A ufw-before-input -p udp -d 239.255.255.250 --dport 1900 -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT �����������������������ufw-0.36/conf/before6.rules�������������������������������������������������������������������������0000644�0001750�0001750�00000015054�13404772663�014551� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # rules.before # # Rules that should be run before the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw6-before-input # ufw6-before-output # ufw6-before-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw6-before-input - [0:0] :ufw6-before-output - [0:0] :ufw6-before-forward - [0:0] # End required lines # allow all on loopback -A ufw6-before-input -i lo -j ACCEPT -A ufw6-before-output -o lo -j ACCEPT # drop packets with RH0 headers -A ufw6-before-input -m rt --rt-type 0 -j DROP -A ufw6-before-forward -m rt --rt-type 0 -j DROP -A ufw6-before-output -m rt --rt-type 0 -j DROP # quickly process packets for which we already have a connection -A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw6-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # multicast ping replies are part of the ok icmp codes for INPUT (rfc4890, # 4.4.1 and 4.4.2), but don't have an associated connection and are otherwise # be marked INVALID, so allow here instead. -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT # drop INVALID packets (logs these in loglevel medium and higher) -A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny -A ufw6-before-input -m conntrack --ctstate INVALID -j DROP # ok icmp codes for INPUT (rfc4890, 4.4.1 and 4.4.2) -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT # codes 0 and 1 -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT # codes 0-2 (echo-reply needs to be before INVALID, see above) -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT # IND solicitation -A ufw6-before-input -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT # IND advertisement -A ufw6-before-input -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT # MLD query -A ufw6-before-input -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT # MLD report -A ufw6-before-input -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT # MLD done -A ufw6-before-input -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT # MLD report v2 -A ufw6-before-input -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT # SEND certificate path solicitation -A ufw6-before-input -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT # SEND certificate path advertisement -A ufw6-before-input -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT # MR advertisement -A ufw6-before-input -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # MR solicitation -A ufw6-before-input -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # MR termination -A ufw6-before-input -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # ok icmp codes for OUTPUT (rfc4890, 4.4.1 and 4.4.2) -A ufw6-before-output -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT # codes 0 and 1 -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT # codes 0-2 -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT -A ufw6-before-output -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT # IND solicitation -A ufw6-before-output -p icmpv6 --icmpv6-type 141 -m hl --hl-eq 255 -j ACCEPT # IND advertisement -A ufw6-before-output -p icmpv6 --icmpv6-type 142 -m hl --hl-eq 255 -j ACCEPT # MLD query -A ufw6-before-output -p icmpv6 --icmpv6-type 130 -s fe80::/10 -j ACCEPT # MLD report -A ufw6-before-output -p icmpv6 --icmpv6-type 131 -s fe80::/10 -j ACCEPT # MLD done -A ufw6-before-output -p icmpv6 --icmpv6-type 132 -s fe80::/10 -j ACCEPT # MLD report v2 -A ufw6-before-output -p icmpv6 --icmpv6-type 143 -s fe80::/10 -j ACCEPT # SEND certificate path solicitation -A ufw6-before-output -p icmpv6 --icmpv6-type 148 -m hl --hl-eq 255 -j ACCEPT # SEND certificate path advertisement -A ufw6-before-output -p icmpv6 --icmpv6-type 149 -m hl --hl-eq 255 -j ACCEPT # MR advertisement -A ufw6-before-output -p icmpv6 --icmpv6-type 151 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # MR solicitation -A ufw6-before-output -p icmpv6 --icmpv6-type 152 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # MR termination -A ufw6-before-output -p icmpv6 --icmpv6-type 153 -s fe80::/10 -m hl --hl-eq 1 -j ACCEPT # ok icmp codes for FORWARD (rfc4890, 4.3.1) -A ufw6-before-forward -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT -A ufw6-before-forward -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT # codes 0 and 1 -A ufw6-before-forward -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT # codes 0-2 -A ufw6-before-forward -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT -A ufw6-before-forward -p icmpv6 --icmpv6-type echo-request -j ACCEPT -A ufw6-before-forward -p icmpv6 --icmpv6-type echo-reply -j ACCEPT # ok icmp codes for FORWARD (rfc4890, 4.3.2) # Home Agent Address Discovery Reques -A ufw6-before-input -p icmpv6 --icmpv6-type 144 -j ACCEPT # Home Agent Address Discovery Reply -A ufw6-before-input -p icmpv6 --icmpv6-type 145 -j ACCEPT # Mobile Prefix Solicitation -A ufw6-before-input -p icmpv6 --icmpv6-type 146 -j ACCEPT # Mobile Prefix Advertisement -A ufw6-before-input -p icmpv6 --icmpv6-type 147 -j ACCEPT # allow dhcp client to work -A ufw6-before-input -p udp -s fe80::/10 --sport 547 -d fe80::/10 --dport 546 -j ACCEPT # allow MULTICAST mDNS for service discovery -A ufw6-before-input -p udp -d ff02::fb --dport 5353 -j ACCEPT # allow MULTICAST UPnP for service discovery -A ufw6-before-input -p udp -d ff02::f --dport 1900 -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/after.rules���������������������������������������������������������������������������0000644�0001750�0001750�00000001754�13226727543�014323� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # rules.input-after # # Rules that should be run after the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw-after-input # ufw-after-output # ufw-after-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw-after-input - [0:0] :ufw-after-output - [0:0] :ufw-after-forward - [0:0] # End required lines # don't log noisy services by default -A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input # don't log noisy broadcast -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input # don't delete the 'COMMIT' line or these rules won't be processed COMMIT ��������������������ufw-0.36/conf/sysctl.conf���������������������������������������������������������������������������0000644�0001750�0001750�00000003643�13404772663�014336� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # Configuration file for setting network variables. Please note these settings # override /etc/sysctl.conf. If you prefer to use /etc/sysctl.conf, please # adjust IPT_SYSCTL in /etc/default/ufw. # # Uncomment this to allow this host to route packets between interfaces #net/ipv4/ip_forward=1 #net/ipv6/conf/default/forwarding=1 #net/ipv6/conf/all/forwarding=1 # Turn on Source Address Verification in all interfaces to prevent some # spoofing attacks net/ipv4/conf/default/rp_filter=1 net/ipv4/conf/all/rp_filter=1 # Do not accept IP source route packets (we are not a router) net/ipv4/conf/default/accept_source_route=0 net/ipv4/conf/all/accept_source_route=0 net/ipv6/conf/default/accept_source_route=0 net/ipv6/conf/all/accept_source_route=0 # Disable ICMP redirects. ICMP redirects are rarely used but can be used in # MITM (man-in-the-middle) attacks. Disabling ICMP may disrupt legitimate # traffic to those sites. net/ipv4/conf/default/accept_redirects=0 net/ipv4/conf/all/accept_redirects=0 net/ipv6/conf/default/accept_redirects=0 net/ipv6/conf/all/accept_redirects=0 # Ignore bogus ICMP errors net/ipv4/icmp_echo_ignore_broadcasts=1 net/ipv4/icmp_ignore_bogus_error_responses=1 net/ipv4/icmp_echo_ignore_all=0 # Don't log Martian Packets (impossible packets) net/ipv4/conf/default/log_martians=0 net/ipv4/conf/all/log_martians=0 # Change to '0' to disable TCP/IP SYN cookies. A value of '1' disables TCP # Window Scaling (http://lkml.org/lkml/2008/2/5/167). #net/ipv4/tcp_syncookies=1 #net/ipv4/tcp_fin_timeout=30 #net/ipv4/tcp_keepalive_intvl=1800 # normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or # earlier pf firewall, should set this to 0 net/ipv4/tcp_sack=1 # Uncomment this to turn off ipv6 autoconfiguration #net/ipv6/conf/default/autoconf=0 #net/ipv6/conf/all/autoconf=0 # Uncomment this to enable ipv6 privacy addressing #net/ipv6/conf/default/use_tempaddr=2 #net/ipv6/conf/all/use_tempaddr=2 ���������������������������������������������������������������������������������������������ufw-0.36/conf/user.rules����������������������������������������������������������������������������0000644�0001750�0001750�00000000463�13226727543�014174� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������*filter :ufw-user-input - [0:0] :ufw-user-output - [0:0] :ufw-user-forward - [0:0] :ufw-user-limit - [0:0] :ufw-user-limit-accept - [0:0] ### RULES ### -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT -A ufw-user-limit-accept -j ACCEPT COMMIT �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/conf/after6.rules��������������������������������������������������������������������������0000644�0001750�0001750�00000001623�13257500736�014401� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# # rules.input-after # # Rules that should be run after the ufw command line added rules. Custom # rules should be added to one of these chains: # ufw6-after-input # ufw6-after-output # ufw6-after-forward # # Don't delete these required lines, otherwise there will be errors *filter :ufw6-after-input - [0:0] :ufw6-after-output - [0:0] :ufw6-after-forward - [0:0] # End required lines # don't log noisy services by default -A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input -A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input -A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input -A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input -A ufw6-after-input -p udp --dport 546 -j ufw6-skip-to-policy-input -A ufw6-after-input -p udp --dport 547 -j ufw6-skip-to-policy-input # don't delete the 'COMMIT' line or these rules won't be processed COMMIT �������������������������������������������������������������������������������������������������������������ufw-0.36/conf/ufw.conf������������������������������������������������������������������������������0000644�0001750�0001750�00000000470�13226727543�013610� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������# /etc/ufw/ufw.conf # # Set to yes to start on boot. If setting this remotely, be sure to add a rule # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp' ENABLED=no # Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'. # See 'man ufw' for details. LOGLEVEL=low ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ufw-0.36/run_tests.sh�������������������������������������������������������������������������������0000755�0001750�0001750�00000021771�13257512304�013576� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh # Copyright 2008-2016 Canonical Ltd. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License version 3, # as published by the Free Software Foundation. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. export LANG=C testdir="tests" tests="unit installation bad bugs good util" set -e # Some systems may not have iptables in their PATH. Try to account for that. if ! which iptables >/dev/null ; then export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" echo "INFO: 'iptables' not in PATH. Using:" echo " $PATH" if ! which iptables >/dev/null; then echo "ERROR: could not find iptables. Aborting." exit 1 fi fi set +e ipt_major=`iptables --version | sed 's/.* v//' | cut -d '.' -f 1 | sed 's/\([0-9]\+\).*/\\1/'` ipt_minor=`iptables --version | sed 's/.* v//' | cut -d '.' -f 2 | sed 's/\([0-9]\+\).*/\\1/'` ipt_micro=`iptables --version | sed 's/.* v//' | cut -d '.' -f 3 | sed 's/\([0-9]\+\).*/\\1/'` get_result_path() { d="$1" f="$d/result" f_micro="$f.$ipt_major.$ipt_minor.$ipt_micro" f_minor="$f.$ipt_major.$ipt_minor" if [ -f "$f.$ipt_major.$ipt_minor.$ipt_micro" ]; then f="$f_micro" elif [ -f "$f.$ipt_major.$ipt_minor" ]; then f="$f_minor" fi echo "$f" } CUR=`pwd` export TESTPATH="$testdir/testarea" export TESTTMP="$testdir/testarea/tmp" export TESTSTATE="$TESTPATH/lib/ufw" export TESTCONFIG="$TESTPATH/etc/ufw" STOPONFAIL="no" STOPONSKIP="no" if [ "$1" = "-s" ]; then shift STOPONFAIL="yes" elif [ "$1" = "-S" ]; then shift STOPONFAIL="yes" STOPONSKIP="yes" fi interpreter="" if [ "$1" = "-i" ]; then shift if [ -z "$1" ]; then echo "Specified '-i' without an interpreter. Aborting" >&2 exit fi interpreter="$1" shift fi if [ -z "$interpreter" ]; then for exe in python python2.7 python2.6 python3 python3.2 python3.1; do if which $exe >/dev/null 2>&1; then interpreter="$exe" break fi done fi # export the interpreter so the tests can use it too export interpreter="$interpreter" echo "Interpreter: $interpreter" echo "" if [ -e "/proc/sys/net/ipv6" ]; then tests="$tests ipv6" fi subclass="" if [ ! -z "$1" ]; then tmp="$1" if echo "$tmp" | egrep -q '/' ; then subclass=`basename $tmp` tests=`dirname $tmp` else tests="$tmp" fi fi if [ ! -d "$testdir" ]; then echo "Couldn't find '$testdir' directory" exit 1 fi if [ ! -e "./setup.py" ]; then echo "Couldn't find setup.py" exit 1 fi skipped=0 errors=0 numtests=0 statsdir=`mktemp -d` trap "rm -rf $statsdir" EXIT HUP INT QUIT TERM export statsdir echo "0" > $statsdir/individual # Unit tests for class in $tests do if [ "$class" != "unit" ]; then # Functional tests handled separately (see below) continue fi if [ ! -z "$subclass" ]; then if [ ! -f "$testdir/$class/$subclass" ]; then echo "Could not find '$testdir/$class/$subclass'" exit 1 fi fi echo "= Unit Tests =" if ! $interpreter ./tests/unit/runner.py $subclass ; then echo "" echo "Found unit test failures. Aborting and skipping functional tests" exit 1 fi # Exit early if only running unit tests if [ "$tests" = "unit" ]; then exit 0 fi echo "" echo "" done # clean up before functional tests rm -f "$CUR/src/*.pyc" rm -rf "$CUR/src/__pycache__" make clean # Functional tests echo "= Functional Tests =" # Explicitly disable IP forwarding here, since some tests assume it is # disabled. IP forwarding will be re-enabled in the individual tests # that require it. orig_ip_forward=`sysctl net.ipv4.ip_forward 2>/dev/null | cut -d ' ' -f 3` orig_ipv6_forwarding_default=`sysctl net.ipv6.conf.default.forwarding 2>/dev/null | cut -d ' ' -f 3` orig_ipv6_forwarding_all=`sysctl net.ipv6.conf.all.forwarding 2>/dev/null | cut -d ' ' -f 3` sysctl -w net.ipv4.ip_forward=0 2>/dev/null || true sysctl -w net.ipv6.conf.default.forwarding=0 2>/dev/null || true sysctl -w net.ipv6.conf.all.forwarding=0 2>/dev/null || true for class in $tests do if [ "$class" = "unit" ]; then # Unit tests handled separately (see above) continue fi for d in `ls -d -1 $testdir/$class/* 2>/dev/null` do if [ ! -z "$subclass" ]; then if [ "$d" != "$testdir/$class/$subclass" ]; then continue fi fi if [ $skipped -gt 0 ]; then if [ "$STOPONSKIP" = "yes" ]; then echo "" echo "STOPONSKIP set, exiting on skip" exit 1 fi fi thistest=`basename $d` echo "" echo "Performing tests '$class/$thistest'" if [ ! -x "$testdir/$class/$thistest/runtest.sh" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$testdir/$class/$thistest/runtest.sh' (skipping)" continue fi echo "- installing" if [ -d "$TESTPATH" ]; then rm -rf "$TESTPATH" fi tmpdir=`mktemp -d` mv "$tmpdir" "$TESTPATH" mkdir -p "$TESTPATH/usr/sbin" "$TESTPATH/etc" "$TESTPATH/tmp" || exit 1 install_dir="$TESTPATH" # this is to allow root to run the tests without error. I don't # like building things as root, but some people do... export UFW_SKIP_CHECKS="1" setup_output=`$interpreter ./setup.py install --home="$install_dir" 2>&1` if [ "$?" != "0" ]; then echo "$setup_output" exit 1 fi # make the installed user rules files available to tests find "$TESTPATH" -name "user*.rules" -exec cp {} {}.orig \; cp -rL $testdir/$class/$thistest/orig/* "$TESTPATH/etc" || exit 1 cp -f $testdir/$class/$thistest/runtest.sh "$TESTPATH" || exit 1 # Explicitly disable IPv6 here, since some tests assume it is disabled. # IPv6 will be re-enabled in the individual tests that require it. sed -i 's/IPV6=.*/IPV6=no/' $TESTPATH/etc/default/ufw echo "- result: " numtests=$(($numtests + 1)) # now run the test PYTHONPATH="$PYTHONPATH:$install_dir/lib/python" "$TESTPATH/runtest.sh" if [ "$?" != "0" ];then echo " ** FAIL **" errors=$(($errors + 1)) else if [ ! -f "$TESTTMP/result" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$TESTTMP/result' (skipping)" continue else # fix discrepencies between python versions sed -i 's/^usage:/Usage:/' $TESTTMP/result sed -i 's/^options:/Options:/' $TESTTMP/result fi if [ ! -f "$testdir/$class/$thistest/result" ]; then skipped=$(($skipped + 1)) echo " WARNING: couldn't find '$testdir/$class/$thistest/result' (skipping)" continue fi result_file=`get_result_path $testdir/$class/$thistest` diffs=`diff -w $result_file $TESTTMP/result` if [ -z "$diffs" ]; then echo " PASS" else errors=$(($errors + 1)) echo " FAIL:" echo "$diffs" fi fi chmod 755 "$TESTPATH" if [ $errors -gt 0 ]; then if [ "$STOPONFAIL" = "yes" ]; then echo "" echo "FAILED $testdir/$class/$thistest -- result found in $TESTTMP/result" echo "For more information, see:" echo "diff -Naur $testdir/$class/$thistest/result $TESTTMP/result" exit 1 fi fi done done # Restore IP forwarding test -n "$orig_ip_forward" && \ sysctl -w net.ipv4.ip_forward="$orig_ip_forward" 2>/dev/null || true test -n "$orig_ipv6_forwarding_default" && \ sysctl -w net.ipv6.conf.default.forwarding="$orig_ipv6_forwarding_default" 2>/dev/null || true test -n "$orig_ipv6_forwarding_all" && \ sysctl -w net.ipv6.conf.all.forwarding="$orig_ipv6_forwarding_all" 2>/dev/null || true if [ -d "$TESTPATH" ]; then rm -rf "$TESTPATH" fi individual=$(cat $statsdir/individual) echo "" echo "------------------------" echo "Functional tests summary" echo "------------------------" echo "Attempted: $numtests ($individual individual tests)" echo "Skipped: $skipped" echo "Errors: $errors" if [ "$errors" != "0" ]; then exit 1 fi # cleanup rm -rf $statsdir if [ "$skipped" != "0" ]; then exit 2 fi exit 0 �������ufw-0.36/screenshot1.png����������������������������������������������������������������������������0000644�0001750�0001750�00000537760�13404772663�014201� 0����������������������������������������������������������������������������������������������������ustar �jamie���������������������������jamie������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������PNG  ��� IHDR�������a��'zTXtRaw profile type exif��xڭi9r:v=@g${͞Ěf2#�_uRvXVϟs|>~]uOK/_{^ϯ;[b^ .$Y?׾JzF|{w66]<)$MwI 4;v^+s?xlϦp~PP~ye]Qc/ůj{w|v7rR}7Ä'81ez|~jlqᱍ7'_˅"־!F+,WLﵖ,SzĴZs-ݷи3.& ݫ Alيu= yN.צ}nOxysY+>;I`{LĽ J0<`!`dž+)ljB)qwMJ紨{ ア@ ($  s!~,7bhT+b^FM5Rk*,[jfͺZnfF=antpcƙfei>"|V^eeƎ;mmn8J'rN?k7|˭n^z^ x{-|&>klApR3<s&Q>-9HRBsv`>!~[W~9'xu_o elnjeb3%j,TkjR]fiYRkp)rܿl~uҨƚܖumevo!pɶKsbKb~<f:1ߙ=V eo3\}8*.uֺYD޲rX,P*.PvW 5J:wtc5gڇ9^RfZaW+PLYm}k[;s+Kx5f+ӂ>UF?QɄp}ܐp::il;&QΎﹾdvWz}L(M$d[[VwaU){F"cs(RX@~o15Xm@vhD;ϒ%أuN ۶ި{`Hm2#!C"L2){O"ȍmREx6aD@9^m>Ċ?DmO6oWp-V#kW�Z`mI鰽C&tfmR0+8J D\xcSv ^΂{`m1GX~b[Z|_ z^V,!] qК.Uwg] ̓NOE=C}A _`�RΘ+U. &@D"Y & !/ / Qx "m+{hY؃"*F+vQ %l{u 8h=!:?oKX=3Xa50tSu. TLvHF/`C2Ve,M Hv�r^9Hi˰Napnw_kS�/{_<\<kZ7~w*^}~Wr?-bOKӒuM`;pglM�=CNsyWU"Q}^6Ш:Y8lBӢ;R\q Mѯo(TᩋF-aECDPHun; 9.u2O EۋIj" ˯րT}+ i٫ 3A5#Fس~�Pe:r$5}.$P$M@"۟z]qc=Me Ճ 4Er%O2 )<0jU*`x3wEerai6Č'zb|T i  ASXk@,j,ST39ƆM%8RY.0H� !h3tXؚaO�M"6EI ,*ٝ7tZ>%${}R@"3 =qw0RDA | ]ZxRw*qj-bUh8{(�=@Ra5,֕ZLv p^.DhЬ HLqUX89Wڰ1آr#zɬ AqX "!G5%'ZASFpl Ee r␩QN@lT2jk"> {};xV@+Kt81P 1 <PTHQ؛EhMP-e4qy6䪞 XQ`33U5vU?Jjr'C% R�<-GN)T t�x)ș�P#u*!t@c`]ҁ GBQ)Dr7K]t'(G!7H C?^46uiU�@_a}}˚+czxE)t+'?1.dNZ@%@cspX(o3Á#}mՍ6\s~HIzihJ >vʑTQpnOR"6,ERl z!s,&pHZFM@Iژ%R{'vOyAyA_ d/U=^)�&)/2* Rf 7R˒Z A[2")'Y]GsRadak4̆:RI[ Ĝ^2rJ\TD!r̟�(0.xTH&t%|XU jJi T ʈUT@drO*Q2.A!aSbּhSw)da$·@ɂɽ.ݜS66[Q ?F_1uG  ILcy ʅaCT ^ Vi÷"#ϮO)K2Vu g)`_sRtm=_dxBة>${qY<NedjD,w(0(ޡM/d Drk2Ta`УM':#XcUXّ2@n;z HDPF"Ha;:ڭ1ʑg \;1P;"aDdԕZ#Iͼx�(tB8p:I0x)n1JjBޣ2qPo9لts d(jw'qeR[oww⹪vՒ9ʚHdDc\\df3oG4wZeB 0OP}1B{<ua �}n+V8F� TL (yIk& .A0Vݱҏ+D'a7KcY_$!:�١ܦ4/+C�c%`Qt@7!$ 0)#x@ VG9O,4`h^HT1 yi\7:p(P_ڗBIn",~Ǣ(*r:Y&x�|"¤HC!e|TXMSt@Ag><j XK>+CUS[:S02ԥNV޸ׄo@CWcRIVT3x0q'Ez@_*D ʖ$dʭRtVj2xLR3E<(z V#GS#Jdmm 4%D<fIm^{^`Aȃ%v|�}SP(\O@ րM#ȓU+ - 5|�>j?T%«OM`NT<CBnĥB#͉\=p)!o4dB1sYD: jUPI7_H" Y)o#)ӔIL!<Z |"FUȉÕC#%=s ; dP[R'O+!2@pJX#wU ,k)8_;!T3 TqhlVw#٦+6'A~wSLJA%m+ fՂzQDIVL fZ j jA+΂}-uf=!i .q<uGP:+ra�8QX6:1aU TzMLQM6Ocw+*KEA}KJP@bPF%$ X*$dDqj ZrJ-D/K1><p�Toawjm qAa97,qxە9Kwi4xV8jв1 7uP2 ,jB{̯yFPC _J %#l:h]^7KVd ep`e>l0Q(d  ς $Tѧ@M?Enʭe~'((CHc#BDx!̳K̩PZ=(BІf]]gAVPw(Dj�T{U`c2J0 B.�BS7u  uB`Hqրs+gOgB-[ c|O^p[5e ǧd:9 AL%l2 ƉE\ޖ$E$[/k. yFp-@.(6G:RHA L)' ! Q}|Vh@y 9k,BaupDi}mlӔy R ZEel%jq"q�w(Y>G<ĉo:UCP๎B0F&svvfA;dR?#p 2E 9loRċa(x,u_: KHQrD y1۰#R_m<սx`3 xBM'wQ,Z,Y}2D1$=[ N' Vd;4{U,9)b6"oK9�0z[8vPR\5_-l>Kc9u2GKTQ_uȩE#Őju OSmbah"ūKurFjyJ0';fV: umuqoP7V-qP҉"X;K#c}i@r[]d a1 '@7C oQG.x`[NxH3T _ʤ:BUQM:I] VӓDfN˱5``.Bb<)bF ӪG;?"i �#(G  )zV(͢D%F!iGYKG(1uVi? %O-1: 6T) /"ˮ@Goankl*Q W;g!{ZY4P Ww:xT2 Aj9j@Gj˵\ xj"j9>?nr0㷐eM\K")0K8\0ՎeV-*t(![`e {25"P@@Y j0+]e jcf̡~ v,RuжdW(uA8Nph)mIPTPQ$tJTurlGGO9fn98jj+VYJbKg h`[񋐥kp݄uSH BT k`%D,(GAa"*F :0/%[DS-p`X=ZDJRwoFzn!$̾Q|U T]t0lP7q5:pd:+oK~(eOԬQh%Xs7FQ3NC`)T,UAI.S.Ug[p8D FF#aETCyF NiP5Zemk#R:*!NsܔVNO@}?`xH 8Avlv?ryx)2^Ot c'upc ?!'fkcЀ%+(eM75ljV72Gp4H"}JWa^ î`7"F*U7!E`+7*F H=cjxTiDި ]PN$7t Jڊ-2G}Ylk:Jd<ŧZBo7zv*Lh=,#uCs �#j-ByMbu`FJ[BLʎ *:!@ h~s4N2@vShIG||tWpkdd*H xOAlV`m͑#tUg4 SV!E8 : Vśg%qSݧtlWcwݔBe} vS };eSh*tB O?Lz<(5Z<D@NVa쥳L}VU+I Mu\*T.D:R#Vq'Q4$ES.t0CCDӁni�5 \ y8vSY<۔xuH&dUh4A?Y<R#-}v ꪞJ;\WԵ'+;Ukr|)UR\.jiN9 KC͠`h: m~+}/:P)je`O�t9-5TEdiΘ'Aj16&KC<TBͤPJunXu]J :"#n!ͫA7^x͇.a2Vsb{b`Cְ 9(n (7^E7f=x{?j$%'A_b(uux<bG ~ؼAkH m)"f: A,6At=V( b8(�ܚN!.HÔՠN kYKׄ@#Q0`أ58qϡuFjmZ0MSĠ,-afQ�X8U"T_EG?zA exKQRǛ:*zТJr Q5HtBP/ sS/\gFIis>Kց*Ϗ4߬絴dFZy7wa$pj,!o|MhDz|˪ٌȾpMmF]jQEO _~K=ePpmE,Shڪ! 5 e[SIo#`li^oGJT:&)3kp:? wA46DĜp4<Kݫ8&$!3ӸF-{ s%! u F{H&Pz>˓\TRBVM?(_vp,7TGlj=҄K5aV T@w9TR)9uY:(K@ #P%lJdH#"5b \Ml]r:V% *P!pk r%$beO6ija- ʹTtbjSGuuD8`([GԔ|DBM5^gF`ksh>^b Cg,R48в~ ҉#U=K5ubN^*"P ٨s\t\|!)ja7J8A25߸g皑\RKFQfSW'Q䠟 VXtjM\d Z N.eQ)Q2=5 2BdNu8"Xp {R @�9v@/oa&a`CBT&zġ}!zqYV]87%fVVgIAel J(咼88iݝJv0}-My-#խfP\z)cj%Bal@xi40 V(YoSUj$7={\ iE& %S4ⸯ?t{AIN%kuo&aj>^AQb P{j| hйԱ} M x`˭W[vˆiVǦ5Aӻ3SQ.5ժ4r KKK*p-u+E OS%%D$QL=>y?'[O,`5VazT`, 1&@ x\oJ3CkN>_H X+TkX{3볐SQI.jFT/xQ~W<~|5"Y1eMr'8MzMxjLaL'w܂=:Xoys#ի.];~sFL5Jhsia"\Z%SzlP#yXCIJ'8͇uR�2$bNoׁBODjG!?Ȁ,7G%+LgO)]]ؔk$<4=WGZjbn=Rmc=%hdC=4w hV~! 5tTMJڱf\|<:4 6~8:@콃wlP@6 u%{�~ A;7yyvTg&2BG&4z}jO3Jk<R "-pvkq^ r ^|Nt�#Vvt(wqq*5@WUuGЃPclA(L.j1@ 9` VABdԧ6㆚=0߭;Q{Uϑ V]xf^A#pwuPОC!CeRԕc_>*qFnpA\ lM6v!r)'\j וXT%6"cH*e { 5:JNcFKȾX_Jjj@kz0:jh3t}~WoTP H=M1 ԴƆfKGFmNKQ *Ƞ@=YBj*t [14A2I5 :OwV G**:_:?@%ɣtl.b.㺤&F3=0M<clsnXXs_>vMRh4Ozd|r,/N"QgYIAo:ut`/7e$a:樅&Nz)o%6,K-S4m~|YNv@(қש >'Ia4,D G8Tg�MPxR �P4-z8pl$䄌kuDtj[fLiQ2�N5˗ˑ4#)YBhLj0pDoKRl]3znXsA30'hd`M50<g&!HMjj@:=TI$W{ s7; hk9l$&_LTJz jX]=IgUZy^@5 [ BZlr�N?ވͻsFzt*Mv$`_f_h(dL2Uw8eQ=MדzB\*RV=e ].t(W(Ј >=w)STY =(|lwC5t\Q߆azJ7U:2h@:ㄼl2P)<,eAM7dS1sT=cJdz$׀\DA32QGwl 0jS+=@eXdEz\1>'=UI>&Y|%hf*<=>���bKGD������ pHYs��.#��.#x?v���tIME /(-�� �IDATxw|lɦ@JBBЫTDRX.(vk~PQAM:zHH{~$u̞=I晳Xzv5(-"""""""""">gSDDDDDDDDDDPZDDDDDDDDDDB h %EDDDDDDDDD/p(""U-WO4G"rjXhw #.JP9_a?pr+;p7kp)"YWn{c,y=C{%~vGGxߕFvAiZ>yG CL֙{_h0W~Hpc<қfHDDDDDWLNj6pjQxdm]EF ȿl9:1M:Ӥ/gG?SIU #•Kzj#"""""r )} uwe5¬!wAf=9 (-"UA?㩾} owP11ԭ߂6ͫd2 pxpy#z7#'4 M݉}u'޿g%nT5~ؐ-ݲnQ ?I|>PIh vtM )f u {vjKW"G-*P|qzπj<e&m>1i@n<ı:T#=$nЧ;g=_+|vc!a(M:hHټ|K(tk4^|.lVt->?k0]CJȟuAx90a P Hi"xu.I>{lym+ tj}hjU=s aų9N n_GMu9iw@O*QQX�n6XM"""""""rZcOgaP\` )o& 3wwj?[D_z77)I>{Y] X��Ф�WU hn;m9ݕ!- QP NQvk2Y2~/ë4j"k3Y.fTLqDwn^#R uk18;KSvIIUOg8,iD%?7sTZӊMH8ԇ;YUTupQϯFB@"!g_H^oImk4LTmN%{WfVv!A�bӤg- 4N² { H٘ǮlKtnkjLF3e[=^wH(vLL$8s2$F'SWݒXwɳrW[xfTZ{oͿ6¾}:/s$I;Eq*:M=q$2o{HZN m#UKǖ e];غi=+`Yzd\ h?__U ˝s[p"waLN<=Z˂JKwrңU}<dʪyә2qǽgğ{ G^^H֕x_ؑ(>f<yd8w|2vBׅka08}ǞL3k7Ku][ݾ~՜ӡ∉ '8Ў7/=[V`ؒ{ qr*II2醮kRZ8 ؙ_ªJF|f^Ռ ( .C9u3L7};ٰh&}}0dqvy58wA7Bq:>Ґ[yWGR ;lB2+q,6_,i4^MC۟ u a ϋqZ^Wq"1(O6` m/Z0fԢ[L2+DЯw! "ADb 2ob6ŁѠ5Kv$gz %m^RT~#'^6',8`Ig{~JtР<WΎ}6^$T^qǣynXMħY|ӳOi$&-df X0mUp#x׹QNHDmGԦ~N[>TA)؁<Շޡ:2ۂ^[kqvԜkߘW &Цom^mw|mo/>pبUYb &*<ݵ=w>7q G>/4\.>E8q󈹿0*GЪi& _@s_rˀ+yg]ig^˛?TPs͉oN7suL٢oL"@1Q̚%WE3ٖIm4hogwe/1-j >Bpq&t=gՈ`񴉵o]A%`~19ڏp0:k 6K9yju$Eֺ< L%-r\ueN0}o3;>&5+ e~`Ӳ8rq8MKGk Y|q9uΦwsOi$ v8Αёs\xp\ȅ0e ˚xNBZwhGцv屩rG,x4WoY1z'>~Ϟ=?CcqX`Z+֧aٜR'"ռ=# oLNw;`lY{/%l)[}fJLh"AqBsj⻷&1m;kV&i;S38 m9ϣu+)WvA/ê|yM>)IXi<;]p% aX3ރ,O?G>۷ֳc&04Lvu ٩q fV&""""""Q%6fnFU3^.`KՈ.I0ۚ rK,Vxi޽4)#w?A\[WUs"DKpVL1'cmE'S '=+zw缮哐E{rغ�:~(kوO뙽/1]]؊vI yl3_]^Q6\YD-d]B9L8.}#YYΆUt*&T"ƛJJJ q܃IF0!)o;z^YsO4ca !~89'm=g`aƽCa´sXc.{<17b<'i%݇ϫqgku6۫r.ɤ2/Ǻcq �/gʳ< -0`#v4(Fd5sHO;լCM`س՘rQT":Ͽ2sxɧ**bpCwܳv OEuZ!6@`>#kYv:럼8.3}v)-""""">RIp`J2_ua{6[Ěg0uuMPXvu-8T[ĦvP.%{8LB ^2 OO"mPLƸѩdxo0g;ؽ#b#MPJSe[xsV)x߬`:_œ'bː^"< n 5;I_9%e L^�VT'Lyl/,f+[{/?ؒYnFF;֕HSadx~9Ϟ{L?G[N {` "Z0& βgnnz^azޒ\yYTMݢZՒE2YDЛC'7cF-{]u9/-*? [\u_?W-G ɯh-ĥmTwc:MgW;پMi<0%vC'ےSb.T|0x9؈ԅF鬪ʋ}1*>/5dx[L}}aO'}Eip`+\1ca#$_k5^Ztq.cE6釗 (s:{ʬ4ņѸQi8?ndviqT $XAGԠ(yJw{ _>Yp:ȷO)`ѽc2e>~ I I^ y\źoRk8)(" Ұ]if?Ƀѝ[ꓣ=ݒ eD]&a-)Q $S~U,IvuM1t먩?#C^f4gn~m6#}sm#rn~.ݚ?0kGObSWlaMǃ1.VM}6 :U5C}ş d$[I6 .e _goY'Տp&M)uzf<ƪը ̳-;QjRܵӧoSmpx>׌SMO2[g<'81qGY_5dcYq+Bmxx5byCDDDDDNc&Ppx٭38i<2,#T[z]_sJB<ڐ97\W-3WX܄7 صW-;:]%l% w-bW{ j||B#[@KǗ1-U7SgwxELjJ]Y4?~U7^|צ,e|luhz ؓA%AQz?1tvL=Ϻ7'0):_J0NElt {捹,g$-/צo`OϠFh0Xu{k=i<ظvgQ^|6ޓ'S'�n̘Jspn4ⒻvvL3Ig۶x{x|Z}8]1ҧ_˒ة[.v⩙.wŗqu32l&PSVPVUiq*m;M%wcm?S>D,:%+Kg 9eY&^Snӑ+hzZ.Z*a?o%c^_sP!whH#4,- t,�Kf[Aveg1 O<[N@^smpTS7g3/>+C9iV{?v \T/)WJ/Xts;.Wz6\1q9tSX3ٶx{I[7G]ѣshP͎e9ls)O|=K?n&VȞoW0:ݹ\^M>x"hS2<l߼$sv&gKҖޜ74=.vrFs}<G|-l7{!]/wH|t=Aׯ (ڒVg F=cw]Aτ5OOUx7 `W'ƽq-InH=>qvت:"""""~\b8e8ZE<pSTDn*+71{^Q,n} ۔+ Wɾ /+,봰+>sқ%V@-z`5hݠLttu__{aqk/Y<(<Ͼ4۔ƌg֎Za>>ۛp?'n־e:pS#Mɸo`džxDX}8Oj9ɹ\OnvQ1Z~V8;7n&�8 EgjYU8?8;1jM_.fˣ8|<N�0Yd:^'ADDDDDb~wK+VI9Ch3 Gjԏ*ݮhQ*,j<䯈3Up~MZų=*r#cpx E>^)pY8RGO('t&ŧt XmviRݲpA8l.^ ̏lت~EVTw-Ɏ7s7wfWݔؓ^CL 6{3&ެMxV_l�V�MF?ɍ1kᴭ@w1v"v"A`>K>IJJx�\ÍܼϑEHXIi y  9j?VH(!J'񝂤ulqZ$bcHp|2yU.Q쀛5ϣ촸=^0|"8.Bis4nO<zpFJ&?̚_t&?cɖ)+ +;Qək,#ib}蝍-?d^%U eͲv`QxKLs9AAQ j%;l_?nfEڡ})$}P 4 D6GBfw(NDw #ܖA^|J. YC/kТ~!1$,Fޯ42g37q˪`5$}I3^nKh۳/qup 6ɯnWI 1&frGcV@;͋I{OM.'7eєٚ<7bz:7{fPAdu;pmxHF $heӰICJMhXr$o?lE||dzu mÜ%%0[-Wcz kCAa6fnNъKl_lKfi{Nj2kcA/;2Li,:'ޏa;^9xs7stDJNfo3'O&36e2~82o$Aׄ~cYE'L)eâV`=kF ?ܺ&9;U a2ivo \ZT 5}k[g54Nu<2@.rq Kfְ\t~-K)Zvk*Ux(G4n/nC$/yǔ>Ɔ#p/;{;Gud|8E s0XZ6"kFw<ʝ/Fϰ@#-=ٵFBfN^v-ZTxSh{R'0/-dAiZ`8D IK"$m�v#*d)$y<KYvݛ7z8G{p6_JC~^*cBm?>UxOo@T  ߀E?G?\ڋsʊel?ﲊH`2 <{�cKV T($eE{pڜ~_q5bSuh- }+p=*4Rִ5׹r9ٹ:%].y@j׷ϊϳ)<LIGpR;y (ɡ3/>'){.zc¿WWX-woo}$B :\?6=߸ѐK~R<)lᵩV% ͠? kbSr4œ76:hEK&3%gxpH σKyht⯷7%~Z{ k7aQz^5(\/6<EXAg3seWAaOnI +8P_} O))+ YIޔ=~|6={(4hӊjO>}sG,Χ�892/[>>klqx%oEKf:Vh(}h?7 s5^e5m&~Cy+>o}sк̪VgϦ#-;xZ�� �IDAT3]Mj0pBKYنԜ[ksyCF5D0mJ@?X/df-J31>G&M`FSa\Ҙ7]i̪~dzixTM� GUO�<|u+}ڝZ} hS[ Gx^ɍQd`r?<);Y92pu7J kb^yz^V~/ۺRqx):\֗<sA<e6~Դ^~xW$>>Ǫqhs'֒g=?]F!.ZmCѪׂڢ5,_UP\*w>؇Z>J$/Yj'nĖz`f$FZg/?qoX {8/:Ӳۍ0Yx:jͿ'OvP-^EDDDDwyS&u}n-S~`OEGMBy#ݬtմe8@bYNj|>o?bdoDz[f^?fD}h<=pXuG.v˵IOqUp-j<^ =g0=+x~=Uv�Ԍvev b8!גY6g.mcOZ6Ah4Л{4fG:}FWq#gs$-elڝJfWDO-0CW2h{lQoln!so@uOlAkeǷrmx ;޿ؗ% 4V9F?>g8"qIX; 6anFn͉�{ח~M|| ۑZ6dG_&Odc8;X b0&@눷q֝?4x?=xBӜ O,3knMb-q*R!jؚvj0: ~|5Ω|:)z jǿfndܕA#Z ҩmu~"ae;u<ȔwglLD$ҡ{[bKtUf~NIo!w~=/s3#uڂf޼ 񴊷TC+c%m.&ݛFK&.@ qAX}փߧtOޤ&O7pgۨ5,mVfB wԍl_;TsH_ca*; L?f)_x6o;xgfuHH{ O 2dmߓDR�-6+>Y.t&*O.?K\\ Xej27/oD ";%v?cOৼ>mAu{PgҵqMa5 \jݛ[)~ĭGߋ(>>Rj)n o9f^a<V.[&NO eZ i;~I#97/&-qL^hV寿fqerԠq i\n#7MZ4Q,[01mzsǛG9YXDDDDD|qިpY&yQ-` xA-IaM $0MR7{e;fu]̖+SmDиc0qNBCmXPUDVreTV.-<śakYj5:MP'!;vfIߞϞYl5)~JoO㗉i2*e`3?!red]Ʊ9CS~ΙG[[1|i_ǯ_oqDlgTfgW2t9tjِp,o 3_.~q\7˴a >75QB a3Sٳc#+ϤY86UXy?8}Bp"3Hݗ̖YtgOcUeM|vs~yo׍>iR5B2IݷVl| v`0z ՊZa̽l]O~7?*>d}agoC˗|3\EM2&%c/7}Ы-]+rIOK%55=;؜fqǐ-콂n-(3>&}۟`V'k3n{ LZ(JaǺn >:}2=vJ˄hBmyl]'ڸw%YEDDDD#{ ަMMP%+lw2n^)-aa 1=KJhC֊4|ƆEroaUIx7f7Mrr+8lٟ04 R^CDs̻ H})2WZD˥&(,~q;ףeeYI"W <,n4 v?Ւgws.rXfnҽ<ݍR|p}^ qlDubQ_>&ZA ӏMN63گ>ݟ/\âᴹ Ck",܆V{fZ ж!ժ8isf~]aYμ5;|@,6rx 0Sñ Wέ/ym&ΎԨelj!oO;~;7~2PHS;6m,OS$DDDDDDDDYR""""""""""{6@DDDDDDDDDDA h %EDDDDDDDDD/p(rbqpiIjx|[(,itڞxs>OgE?盫j2xbٕ@lLc PU3JpgvADDDDDDDDʭ{pfpFԏMj!:,y[ֲttp_/OM;O<Os=odT:(}('"r3L~6w'՝x)֖ G[C14jߗKo}UeL`]gF%YH6 Ppր&9 Y<�[8G\)TDDDDDDDDDDPyz7<uKl)\%/2QSws<w)[rN!l|+?|crŹ+""""""""""rۉIYXTiu.}LTBk0&1tpy~"3Wn'%LmZ̴wvQU_ m>KH}7<azcwq_ $d[ƝkwI;9XzzcOF>E9\ͯ_M [ݾO1OCGތbϥy�OcL4&^E|DDDDDDDDDNPb~)0c eJV^c1]Gn2>0^c)`䨤afr^3]f7\j 1䙯 ;G4[if{~+-cfaUޏ31)TK8ۉ񄚯0^o?^I] 4/-J3c}!3L4<М&b7_珯⣦Vg-DP+MA4H[Q;omIƓ~`ҭdآhs�t%Qޏ}Ň{;q;[ُN~0asY=o�IhBh{O'4e؟I=:M;ӣ]]Blvjtäձ;+طЮ<6ShO:Y8k6Sć9uIlLNI <Nc[rh n|]y|yaw;`lY {7| 6FS۪+-5Cd̅ۧEGmBL>7[~ V羯]~2<hڇY 1q cL_ ctriV悒Us&Oi</]k[mfУ.w+;cg[MQce3u2ӻSܸNu|Ԫv;Ё͹oL>ъ;<1R^F9yzn`'Vg0WvDG%i(bŔ,Ϫd9$oMqÁEpŀ1+ ؈~npDތ7U4ʮ6YIL}-~/:x*ko~թ U|<>"""""""""Uq$-0j&9bl=>EU/28r.o˸啥35{|Րo^�'m/I;6Txu4byԲ…3,dzmg=&{՞?:>"""""""""Jk@t͞+!w\{ɳ,/h#KW8�!pC[m�n؀^y?`+n1{M>|O?Re,:w5&n'Kg[vgQa_;.Mԉ QCFl()^nlUTM'Bo:K޾?2Nډdw[\o_s|GPeٳԞ P;7<ߝ˲iU ޸$7$W8;% h;1q1%q}v<͜10u=°[C|DDDDDDDDDJKpx~͓wɝwɝwœ_o�VΔl8Z"($`W[O" `jw2?ر'^-)U3Ydz+8 K`/ݞp5/3QSJ>r8>"""""""""лcܸq7G\uE;_bLӣ/zKwZ !/78g<<˲zeK%eL>d8m&e]nП>ϒOF߽;qJ&?|S6y%IUпxx3W.WxjpE|s_GDDDDDDDD`; M<|˛lvnTjCnv O[}t8cJ׍Z m@ZmruG"7ᝩW- @^_<ޕ >Ź2DJƻ;= ⌃F|ʼnnf޹lYLJfO!9ɬ?u+sxձ~a|DDDDDDDDDN8{<0e^lD]8 d=$BhܬIKW*R/.dA!Oݩ+at X4q-=uةι45e2J {ٵhɞ]pm'6qԏ/|5+*ʯ@v+}5| %1瘗k^OE8=l[,/6R'Q/iS~%r<9TT@Gӛ{oBRC/qKqf^Z~[8W̊7w$q| sT&xFT䓛W*&:7*r!$V ڴqv&l'wxd<XFW4η8,\]{Rdխac[:H<bDEKyo0<#3_IZ$4 gխx7#8'16z]exRv3qv,p:O퀡p[:#K H{&֕'Zkh W?1w>؇Z>H7f}4 pqFxδiU|DDDDDDDDDNV7MpN�~7zTCw2{OѭXRxV.zw~qy!so@uOlAf yzEq@g]9{8�;uYE;Z [ӮU _YᓳZ |&jVtYhQƭh %g|2wFRhj6N%3ϋ+m{ѧ[CV=ՓY\no":>y76\ZD:toKlILJ?ɪ`rssx` y{W2qrF؊6MkTx,_6+xKyRdP FTLsz<&a6L' h[=F?�и8>+wePVtj[agY~?j[/cLܻL[5Ic瀙ryMcU3\=1z13]_f _7*Ȭ|qTZ{-sScmǟk#\>oI:,x/gzStI_f#jDskKL{ 3l w$ױcjqqTkY<z(mwbmH'y:?>-{jqٵ݈!mij_Nxx5BؼEewV>o& ss< =s7g&Faز7~/|0+m',6gL`˓G[<??g6ͦ&Êd"nH!9i9NȘ~aBqf|o(sQ-< oZ>˭#4G'5߿֑Vh#(, PX`&Lz/}̜mBv/'#9Ǎ˅(}رuVgִϙdxZ'e?>[(ժU#,$ u/Ly`[31|\ _UG>_\ɰrKl """"""""""J@_(-""""""""""~ADDDDDDDDDD|M+EDDDDDDDDD/PZDDDDDDDDDDB h9:ˆuZ1(-ìLj;xw®T81v<8-V�^_0g΋ALDDDDDDDaj'cJ䙯 3Uyj4039(3]IUOP/oG[]mo4N4_jjjjjjjjjjjjjjjjiqGz&MN,f;aM;@˕N9e%={,ObLr =x^vdy M;O<cjڬ=xtYDx+—#LeяycXMW9w3?hAԤͅxd'p e=r=;zK? r X\W<= U9uJCb~)0?a%vP%8Tbℛ3O3kL]cS|*([Q\N61faZp6=Ƽa~K5#ODMnca1Cd 5E[6nDNV={~ド9lNBilz4&N2=.W|ʮ"R3vx,v cU3{<գ&v^'{7k`͆=y)q˛P_yg8#>Gҍ?U O[witɋLyoC~V$ENwA]3<b ;|�� �IDATlɦB 4wHjA^ņ Z*bAE)TPIPCHe]H ] g>Hvyg=3O6jzP#|6q~Ng2ۘ緌iBSV2v}ϤoM$_EΈ#~<2^Z$.B!BBW n厉(P>wvS(uNꠧ?΀y㙰$$lct$A6+m䳃g<jrhn >bB!B!.uY7k&5jB Q3#R(~l^Dk@+RXߢڜgT7Ƽ=;H.\ũYl2мkc\3Zswg_1١4 peyqoɀQs~S+`)$%a7Ӄd̦~;]rI?sc-1Bօq|O7)2r ()Ne|F_&}mTR $N鈛qtU)JAmmtqF|J]#㫁*·@zKؚ^h/luh3_pIo2/,j8-S&*["ӏX}G1$LB!B!p27!,\֕IZ?53˾%5#טTM՛ NlonB RY loh>>Vkc9\͌/cS.Wcu.\Yq6foSK>iQi>P..}hoކte]zCˋ;Mݫ+V\m"uE,ջml8kW ]{K:2]}qZYh?q7U yqowȱoToWqOS6@|4nF)E)RH"E)RHr#oBxQF<T]yitCeE,|L] qzңi(tz>ٜz~=<7aBCQfwB67Gm'y>dQZmN1ZZ]a9^ƹyy\G1VIMs9-G9@mO 9-|ztݝAF4ZwӊW_זŸ<3oyo4,>[y3lHn81>Σ#[�Ϫ HakaKHOz=a]Sϰ-2?TދF x{W,>Ӝ}qr`l6ڜnn4ՕqB6#B!B!p+]ub-Vg@k*긣E 㭃kT#3P+1Tdד9ħ:/<\3ռ!=X5PcַUqxd>Aئ,Q/5TX%Y.J/o_sԒeu'yZ7~XTؘe> ղ1aW0YqVQdhz2 g{tSӒ=6gj~Fc?%Q}ejO-gǨ 'TF^2fC_VC+(jVUĖ>C'RH"E)RH"E)*W�{z^f܅Tك~vB7j!&ғ/s}8V@WCU:"J# 6o&[9y[.ɿ!QX9e�pJĘ0i  ֧Sr2ʎg|yǵZyjwG"lޒ >~g_ @lz głi04^Qe`@{OqN~>͂ CjTÈ͛tg_W:x5Sŭlښ мR?ZB!B!pH@kL>TlH;a o7ITE& 7hHbٜE�-4tUs96�#Ee_3X?O ԴT|ZGP.m&G>$}?:>DكgI8Q˕Vf4#oEHPe_~#a*81Ԋ)^H}WL~Y8O3V!OfB1h-9pԾ<>pI@ !B!BJk@yCw"o3MVSҲ�a`, @O՘hXMF/dl #>_`|;LWoR 9xM"z"Z L#6{D=WpiO&LlHT PKf (̵@<*qe|=x*=3W񋆜eY6aA:ܚg|Trp-:=wZοth~ըaoe~,;}^6CsY6:0.<WZi:oM@|!B!BoBh`ӧq_=zعKODTcaNtQ2QFSu qǭZ M<ɖ2|p'isX!zЇGǑ∳C X!9v>y >b4(|s2{)W o :Bڇ!/Z~Ǭ><=q䟱ehzY||27n̤ʀ6&~_|%O (5nn !@!B!]zG&>>q1nL=1y`L+I>Thxxy\]23{>M<QfJ1;kvOTN69/0 wwGy/gCod#O%9~g*,<7YsN6@i3aLx;Sefou4 a;vٗРa.áH:HB!B!.R~:y7ɓ'3y$& ){PcLO;57LndZW`O0 FӴ*8\2 *k7s_DHZzI6\� n<Z6};Z&מݵQtVq?7o} A[.f?FPw`uۍbv:?Ό04iyzW`! aj=۪;*G3ָk eVYSON$Ovԡ# 8^eq:!B!BQY+'(4֌B}"/1SG@emT\EM[9~4ўܩ(*d6̛ZP=_9 4wbWZs]ˣ%q[r"'le5Ը83&D ;_ͪ=fbȞk{vٱZf+g',8`qoMWYOFz;f[KFk]LhX8 r1$:SW-(a4`6_ fQ5" J0!B!Bph`<;6t 3ʉ5kW9QEA~A,Ro˘Ej#izY BJ`+il-TQk=usU*ա#1z{\Sm8wg#iUq+6'*~&3aYH(=e@vqb|>}W 6y-U}3`e}7.h>| >]:Ӽ;dͣ977/эZk̑WMlqTB!B!re\W)|?-)Wg1-3We=d� 4ӛ(dFmbUzckr99<9̋4zIO5e!Udm;J˦@*e:fym)`-<qjpU9VU@^#UDs;qLG֧eV8]>WmP8u9|[& 0}ၻb|,"~?mHeu}geʲWBޙ `J6 B!B!.sūZ|oQ^TL҂U? 0'O_1VO1-]{"fޟ)6@勿4v+3$ޑ-)/ Co9I:}0cs]:?FZ?,kyfW<E;E�]eYʕN5fBLخ{3NH[b}'M|z>v}�thA*:׌g)"wնIfG^U*u~flȬOXxf{i#Y%nQT62~Ƭö+hCh*`ͯKHB!B!\J-՟J)TUo%>vZgSJTΉ[Y3&lRy6{}fVgV f}>C}j*wK[*n-ԛg+UӻfsVnIPl5wӂU{ۣQ6~7[͜~jӪV|8\.8NE] RVR~W&7\_y@eX)q^W]gj>eV%bcUIۖQ?.٢-ozOG;MPsmjOsԬYռK='ϵhrT¹8ZUUjg^zyzէPdR.+]u5jI*Uڿ5ۙjjc*ۚ qqV|\Ptj9X'}.C"U"Tʚ] KTT//=CӎtuvXXO/VcjmmԻ#ݖJ"E)RH"E)R˕'oS՞R^gUwό/+'4kڗ_^fFPf/Xu|v:tYT┎xA秔U][^Utߎ X3)E߳|I[mWj:P`SI@2}XvҢʯլvl81>N/7CVwںt*_U8nub Օ*R^|l|rzם+rbG,*G�H"E)RH"E)R*`;*bOnzN՗LxN}p:x*[Zmf)T)jO_ƨ!e7ZZT~XVE"E}sEN4=*1-GZlZғK窏&ܯ׬TvrTM50Vl_dU6k;sBھR0euHy-;oŹd:_T{UFYY ԉ}wGlAUiz|z1UV*IWɇvTܦE)jk_=Uzn*=N%T{W+U_oz*\wyr LVNTEj*~T.?Nznc=9oT+]~R5-x\=:*pWՖ#*Ȣ,*yJݛU W&]]jInj8|H"E)RH"E)Rhg@7vf| {�˓ tACm.y~mbXq S{SE~͟^r!B!BIge/S@l9cOJ1G:ǨW%,B!Bq-HZQLet&|SG^Ih͟v/⩁-c%j!B!BkABLۓBTc3~]FߏdӁ;c!B!BkDB Nog"8fNBe]<(EB!B! !DYpǮ6eYuU,{^ވG#$B!B!1 $'#B!B!d !B!B!.! h!B!B!.! h!B!B!.! h!B!B!.a!D ݃ܰu*mmqmh7𾭨_IS!B!p-p#>8E)lٳ$tZǓxi} hϿuKJ'LaN:I0adxa}E *x541^ 2'j !B! j+m[L)۳9׌YIxӌ|3uP2V5uSwFALTtFLydX+F=B!Bq IFAGzW%}ҳ"otU-HZQai~t{;^P3_;+w%V!!EեalZ<5|? =N+/s^LZD,]><G!B!nq+ӗstMó?]X$IhAzmhe;Lj߹ͻȕ̉(.|(O'~<t -Sk5%EOz&U!Qh0Y!B!?C;>*|\3#ƛA3m=:l}w_^+/`j=oO�'FV)BԤ6Nϛ e$Ҏr\%B!BTxik GfGG=) sk*uOv/y\dI<'x+UEǬ{Fi}`]JPB!Bl~=1iR~s.|Pd-=o]Y#ʄȣDZc俎-O(0B\8" hQ ^w2K^!B!!5U;R77yR-ڄoJ,6M9ʴ25Jƞ,~IJ H ļZn%~d-‚"(79V42xS Vv]Y6xO-<yK>ᷝ jr#@RȺqӃ%JB擸.?grE5j$OL}ʎ]Knv#/q|N`~zLZ9YH|Vf7981UYd+; F= 7n|2~=9,~hϺ2BܛWo2{mc~3kOX;࿫ү>feg}?V'x^42Aڑfb ) %Gcdž%d&Ώ>3Rqh%4K<o,e|f2'c.zm}urJ{w/֏"JvvY̼3s'0FB AeȎ:K>' \]'G_go&E)XqE;caS$|Z!-7 VYqބ޷%ºcwӡi]jD苧[~'d|1u:K] qu"cPRsЛ̺쇱0Yt7e;3iUgx}mXcv~=GxKzL͸Amb#뉛-Sٿa)/BU!B!ĿQqCOh`%M?&t{nqH\Mx92ZA|޺z^T-1W.ݬ bp.جmۀ_1鳇'痝Hh ]W7oj,ʪA돢/ro0x5Et<h*8ũ<P\.*UÈJ^xΈo U$QJM[h-X1- lYE^vK3yk`}Z}xul392F\XFfu Pr◩Q˯*Q~UۜN=sQq!�� �IDATx,'Jyyiet%T9.եˬȣ|<ﮋOsaHvG#b< '9e@tCw`dI\/>F?6w$AG"td臙<0x0K]Ӥ1Mna}pϻlouyFqeV:Eԡ<i*#oyB!bn4Ȳ'HqA7fq4?^=ng/%o154<7Chc .7=ڥ^l[XNrՓפgkE "GrO~|Œ4dm&sЌԞXwy`Ԋǣuo,lSh8MOTO 9/qŭU9Ya)(^} :v(WNu ,`&77ݹ8# K059pG ,c5ȵ@84mLml;zy\G1VIM_P ([I[Vf_:*uhӾ5ͧK|W}[ ~T-ɾpwl]^lY8\l9iK&4uA<5-G9@mO 9-|ztݝAF4ZwӊW^)9+rRwQҭT6j`0Egy6 S{ؼeR(PV 6Kǿf-0UB!Qn:@&{٨я@GO89Éz"U"ȑ`!:) TV6liSlᗬf Ԭ9dFjR"ySHYgrMOTѡp@Y Q(*4ȶ"<od#tTmcybJqrWcσ7䓰~5wL>;>؊ؿ4[KoƗC6,=UJ|[2WI'5͊x eK#5Zq`1,}jbH'߇U|?va3ۓ$٫_cٜ]F_ٕ1)<y kB0Ӌ?>5)L}+!>| ۓ~>^^|ރWœЇe҇$T<JcWoqacxhF’y|a;Bn:a?n>T2%sK]jT*g\\:9Vל7soĨ:փ)""]!/N{ᛅS1<2g.'gsy-|9+9#]O`LDa,_dU!B!DL-+?SalP['_Ơ75mfƋ6H8{E%|1R#G.>QidZK3ƛZ7H>vaK� (il0_qn?CheΈy4wOZŪ9H$呒h&?ۊo>aTi$c\|0@BN:#UƧ-D_ۗuʛ{̟Mc"*WCһSs8G&{^fߒyhL(3Gy ='* EOӁ*o6}1kz>bSo~4gG:fK6o&[ˉ-Cmg'ƌld  g,xcCʠnx�k3_EշbHU>ɘ_Ժ|3?qPˀZ:O4lz_/r8?;X5Ğд&q,ɕie&TvE+7[RCyҺ3a/u9?7"kG<<tSSvxcƢu#xn:g6+uU!Bq]]H=7H {.s[+}G'J4ՅPFqSWӛ0+G89M:nx_xәw(-_:]b0[B*O,NBXĴK&hDҭL]|!~]9?㛳S*+Nf/rԩNɱ4.^Y3>f;^l� v/on6?*FQ;~+,LxUV$Giݼ?= nE H!3bj?ZΈ^iֹ+F-F=Muέ?`?{F' :Z MbxK4ڵ)rN&0hZT[>S216ĀXt&NlTC 5xY8|EJճcWA.0�7ӥ۹\%"D$s_5M_8!_18e^e_b_ :!yӃ *B!\2Msn5ʶ/П>î:'|{`(ZU*aJ4<11!".zYfXNlJ&ߣ<brryqsEHW͝@e.Legʿ3>$G;z4B:WWWUzT.ym;*y}}m&r>KjzsnGeGP>Tݟ}N]6T NM:Ԣz!4)U*dȬah?W'6h�:<ߧ^ ˿d!3 /|*>} &}t` ٮ X8d YbK kтp76ѣgj9>Zpg7v>]9~'zzv#b4A5ӥ}}z;{LH7 s<9='뢿LIj(U7ʇ r_-[U!B!қ2a8RΟA] Z2!<$iV=[xgmVuBo Z/a 3>4J xM I+ i>f49%y.RXh~<Js\#Ƌ: I{q6Ѩ2&0x֒oX>R* ^-c^)SH @ šэ0o#}4j%/6ˈQ#y`H+4 =2}AW̑FSu qǭZ M<ɖ2|p'i.ߣQOHxcYI8p9=a9Xs5$Lo$>=‰A¿K/Zo-݉}i DDUEsĕBx;isnM듳aKe �4ϊX!zЇG#x]B!B\o\8/NqGPITc}Ry:Owdsv^O@�Vע_?2~yG08yPK5ҹ3^Dsn'74@%H`Ry?'?Q־\[g̋-sy. E1SXvW͇z#uq&g޸)C^4*Mn䟶sl;~ewUww[ʪK^CYjV?r!'2L/]no̮siC}84ld'U_?:<F?Q{ٙ㰂e] ),rN 3P9/O2~]B!B+ٶlV"gaOw 5+X:L,v&xؒ3YtNv rHQ<i5C4wtW<Zh+^2äaЊ83@E9)>'UΟsꚎTiT[20?¶U6D9Bg>S/~DFٛ֩mSN\fLlYXoG1+@s#nDԍ(,gҼ $(@3MߎV9K^47LnU|H*sxz{]K}x8Oa^[�]0h]ͼ^{9;hƦPzB]"=uw{`ATu`0AvPwt8xuEa!iIgUPP̚B!BK. )RLgxD!dѵ/& 4tEfI>4 EWlH),4 iG>4E%~G@a4ϞKwiWs'R*B ڗPɅdX!`OWۿ/>%eƁP۱饡?uY"n)` Z,lDHD;Ι||HX4jׅjT&qT&__c5 hn!wO^\NA2MbüI<Ѐc^F;1?f~>>gCQMG@e=\qXDuj` *h%ӔKwCL1k5ٳq둽/P41F@t0o] ҲOB1[&{w%j |W{Bzφ̨KܴD]36~dT4#_y=\sjs^sqX"Uے9asuU!Bot;\MLdKve2foFg׹lv-3RfRKFpCO*4$Ec΀d J1Jmfը#mskkn@ep$87 ow+_kẎO8}MˊL޴x_cr(Ž<}pDA"e͌:܋Nr|ZlQ]zһM Zc_Xj:OgIWҼZ@s{hv+H:iРyQv 7={JHڰcV�QݺQ{KwG"J$$c8Qa<{[=э{Gw"̙GgYýMEg>%DE#b;;a x%f!;'Ê_) J>Ψ9udb_WB!F.L6.,ӻQ9xS73;]^~öR7ݪrsc|i?RWqkw<ʘ]x,zT餖\:,;} LL. -DZܩmss(:7MHk3!1O>}Ѝ҃ʾoɴZKo<faiʾU*wĚ?&3 ڛM@ǹc33YAJ C @> y\ CH&>P7a^cxpA]^UAyΉXg> clJP9b{g.3͌zznW-( s9yTDzBbk^C٫i㰢8A3ݰ>r/~ybt34o RB!l4qxa湙eȟY!Լ2QG癟CB"54g y8ði?OAYR[vҳMq/h~_ĪO΍ߨJTrEr9ӑ׻ʾ^,bv7b|O?̸ͦؒYRn*y92= yj]ƍu@m2D۝./D7{Z`S.[~~~i8b}y#]OÚzeL.X3K� S|T+4E�]eYJfj =A@}yǏM>X䲞wJ|&[au VbGҺ9PjcDa޹]Pk֝%<2;)A1;UO1-tj \Sa/>|/5ZPcҿoo9_@PƇKr]v]B!BA{O`t(=sYegwEPyd>?:.5ҝyr*1_r L5+cci_WW\tFj_8LA2=iK9G.ֶ>4A~<'[Qt{QeQTt炻<6~CW}(Wq|F G . {^�?U ڥ邨נzy:Q"[VfޣHϡPFN6Jz 3^⓽ZE[GCyśyrB!ٰyʷaFltn^UȞfm-ufo>/5CHVrxӅz[lo2F|=$)ϩ\n֧%IلakS3|_۟.6-[!MytwpN|MÑI5#X1[98g&k_n`mvSu9ų%BM~'s3'2)1yU"0b,3m# =I8A^V$EpLg]4'8kVr^:xy4?KoZv$eb6݈*! .9ljt K6u,ӥw2y;l1*B!& hlEl ][>;wI{\⽅,@Wԏ]պ(GTF$f=NK 'Hn%Zew@z4t>8Kf.+GfsJnMPnE#a} ex]8d{3Y5KATz+cmunV*\WZ5tCCCAwҬGy%q xW\Hrnf"(5ZӞ<|7!7sBq;#5 Ŷ6WGfTixTkH> YtØ?)୙nЉ J9{f0v(IpVN.vg)N[\Z{|vlmgc2DtTnKN8 g78w C@:Sb +q8XI`cod l׋^d!n ._Ϊt4[Vs]|]B!BՁdBʤ2k9t=r{wv!, // , Ʌ'yG.6pdo̖N;X܏=̓p#:4(6XH,ƎEySY}l>D*ҋjnc(BFB'espE{R]HIϙU^T *<Ĝ/sWܽlڛyznufpz P'ٕ~ﯘ03]5߲71г䋧fOFڷ 3>gcz,݈ Nn\!xb[)JıX'ΞάeG1)[˸nC80*39J]lۼ YAݒ?Ƚѻs3‚c"qɖ kYgvWO^)˿ƨCݾ>>ٱ_L瓯$xv&Z ǾEJ$1*lٞN6&Jp}wг}#bCR58�/HO#--8}`eGô봍gAu`œJbVZz0+\H)iZP72_TȲ_1kƥSOaqpwkE u_g4s�� �IDAT3\WB!*^?#1:fZgrXVd}|SM:Pm鬛 y&Y((P`al? ہlNK+!x8]η d*B\c50PB!LFT"&!'iR%l=7թi>7�+wKO!B!BR.H@z=TCf<M7^bܢ'cI:if-qt( !B!B!\ h'u{qUnK_HNfKw/ {̛Z&||uu[l$䑖IB!B!..̋*'b{ٝsa?{E )@BH7]DEE:*v+X("UAQ@"*(H {'< %v1w]ϗ眝>szTY;A12e٘""""""""Śalrz!9S/b78  *ف&b2fL09) """"""""""W`\h""""""""""r % Lqht7W5}bdi82-mJtZ&6fFGbSe bicl׾nnz4u�X`e~%8 ?/=@DDDDDDDDbf@+0wx(T )O@";NĎ +xg".n3>]*j_,R()|W7"И""""""""")XGzvD+5қY&Q հ=z }=ơ5NR6ۏ6^^bM{hU/ &X"""""""";5ճ1k&\P E&U tܷXᙇf 5 /@XOޞ>뇺zTd&bބ0G BQ[+�ѥw[x0DDDDDDDDDDt ]_bsj_nH&&L6włN{Tc`8$eǶaٷѻA`֗V𠱘b;b."+%-Xx6&(.=|e&\5; >)liH;_ d(bLѦ8,pgrad!~[0(E ]<n6ݎ'#53Iݳ7ؒn@DE/onB)PE*l0!""""""""* RBʚ< C$\wa~\k""J7]t!M4Pvʂb>fBrbY&Ͽ&tAeko#z+o\̉ɖ·/o  g GGI5tv+>"zݸߍQMuHfk{-R,c2ѥYa0 `0 `0Jzu>kAFwR`RPfWaj,T j_;b Dpp35c3b^s# [ zE@`I:oddi&xBX5m�Qٻ\iC Aya{Bhՠ<uz7@,8`߼åzO(�DMű-6ƲUѤUCzQyMC84FVyuP<?RpZ"Lw+(m"|,pb8؜놮v[T׍'懈4( hSr&"IΟ/IyπV$t~-qKeH 1xzqZ/Nq0T9ڷ=Lz+̖`qwẀΑE=<{`Ax^oU.,+F7|'kb; i/xW#V[Q]/z&2teIAn+TZ;OVT]wf8;? `0 `0 FɎVxU�$.CbImDm1 O/P*<:\!>�+v/]켖 ȹ+Qu2zw| S5�:tz]VЯ> �1|T/LؒIKF E{_U-IVXM!J_ǏCDDDDDDDDT�`FٰzAAgP0 j@C1iWaet^�M[E ydj�`Dϡib #_WCvkT ?p9�eTLZ'7bS}C/N燈VЦq\_ȣc+͚#��. =^|gW,�# H񜵳0xo 2»@;|?a{iX TE^fMQI =! AY=�8vN9ʄAU^pT8qTA^} $W懈d*MTl:^|{I+ w#J([ L^HP<NF7*ċc[Qs<0k&~\ɶs؎D *#�GpHp~Uzof F~h RǏ CDDDDDDDDT 1xZ|VØtGS|WWP~kMVs@c"IB�(h`LZԇrw$3]xx]nnMde.Ok_ap_1I4i&M}ǔCbF0'OkZN߬@ rs>Ăn^PHan5' Y&A`PRu"!W�(!6aPڽyVܯ%7rus <nG׿N0(6BQ ^̏SKqf~J]Q(0|78n(-^.Ղ:?qDU4_7Ԫ_l]4C5EJ_p$S� ݿ#e<FqVsgU3l} qq/z<㑔U +97mġZsYz}Qs<9s(<4H o[,NgϜ/yjpNiT{egfj8e N�`@.=Em{ȮhS@1zgsU G"Bok2YÙ[ڟWGQxo*=.ůS\E>E*@Cϰ1[�}e5�NTqrAdh�`@ΏS*R}5"Qu,PUL.K }/2-r.<;ä�M+X~èpK5VEvN~#A^Y"Y*^q?NQ)+ ԣ30xP'$͍ +/j�o6s8֭!]KłuP״Ⱥ_ZD fUCr&) k{*9n;/-dm4aIp:u<Хoa(w/]0/UXM×+ Բ G/C@WLX5G5a=]7wt�C9'mGN&i@ߨ]V peu]@:6�?oF o§{ǣ;` Z4|->ˌ{F+6߂mp!OO 5CԣcѪPlޤŦwV3�ؒa}>$<Q..NJ>mA5{Z| ոr=k*b H(p+ЪuP;^D)(:Z_ !)f؏c H`mЮE| yIk4~[<x~l|Ƣe~4F-b~$g/> oGg8c4 @9bӶ` @:W m2cW�ѐفi0{ 0&Z?ռuyx27~Qu_U{ �Ŗ6a4X (^M_ g凈K (kDDD6 pݕ /]%*"^EʊyHyzNdkrSϤ+u*s ۨU/G՗-7mM⧴up=oѲ$fRí(tqy6HчZRSwʔ'BR#W%Enoi4wդHΘ+Oo+s9Usqb~ `0 `0Rz�#.U&ZG5~ -ϖCg[ @Ȱ4m4}Y0{^F4+r2Rpg%̝Ͽ (Dga B䥝ljt/:ؒdd<L~5٠7yn&#5q8m5cGNkñ`8$AF&zņܴ$º1~K0n %γ C.xI|y _?zèe!v ;�_mIv)8wR,:{{nFǰo*,; 'i݂0}Fg lޚgp*ބ~bH դX0?u^񁷧;kO1fV4b\1~""""""""_ug�ʹm1DDDDDDDDDD ,@K�MDDDDDDDDDD.4 DDDDDDDDDD �a8\h""""""""""r %X&StPJu!ѿhF]E:>0?xLII͏13&n؈IJeZ 舩aFDDDDDDD7eE #xKIn?0w9^|&͌IȈ{͗8ht<ꂥ3b-y:RL_ `0 `0w48{|1E+F(㸨PtN\s$z} )PV|[ zW N_HGEilyL9+1o[֠,wqZFC|V~bSq VErF~[)0nɗx+hSl(^LeQS?|0er�'ϧ!+3oDޠX:t|7PU_17*4ѝse:t@Y'7۾RNOKa;%8DC'Γ*qlE>DDD +_:b.Հe}|hld\ ͷ.3Ezbt*mˉ0 `0 `(5g.�tFxF{ѪfL:_}[Cq4PXLVzl|ϱ/i>!?o* bVf&8p$.Ƥ"|I/b>i C0哟+"UDDDDDDDDTx|(P@TX]?ԣR0|W&3ITڹ7Џ{[,f2%;Z]fj"*Rۥq&ڔ{m~hjeaP1kV �}Et#Q)|b5hH\LſR~6sgӱsrk#vk|x @1E:ßA-܇͆s`r u<j3:Mb=1M hm9-343ޙqHȃ57mòow@苰 + 9+#&"lYry,N߂Ugc{OQ++\˳{H3<0LkvA|R:-6rӐw�  PĦ*MqXΦjBX`=QJ1xl,YOGjf.,6+r3g5o%} )ma7mC쪰FgǩA*XO~ERQjWXMN7i6+xCR A(b}iRrDe1>Xx+J""""""""Wsx¼ C$\WM9[gM>,H4zD418fkyB]~wj`zVVJ·cW8)ڵʠ vV xa6I:Yn.}GdQFnl>NnҤC2O|"b;& ƏWGZ7e+k;6q_\:Ƅϳij9nm@<tqRmfDD˕Wތ`0 `0 n J˃4K DxPm+i8~9VE.ZwÍ*P+?͈zv̍0l7e%�⒑ aPQDescaJLE ՛UJx�*]gഃ}j <�56ö VEV GQbcp4%v@LӐ[6{A 2B񨎧gcjX3yޭًxp`É%0csKLh5Nuqb~GJF=�A¥H(a_+V5A6DcFF˱y=�l82s~KvEх&he2qPi8˛Lg@Zc6lɜ?_JIH6[ʐAb(OB^<`srFo'=z4.dSB"ݥW\1:G.MyUYF7|'kb; i_`]U:X!glEwSЕ'aZqatRij<Y=R1f:k8;? o ޷fd1gwi 6yrWܮ,|oLƜlX2$kTk_בG-ỹW" `0 `0\_�խ&^<HV/\Ē>{P?`= 9=0ac N/P*<:\!>�+v/]켖 ȹ+Qu2zw| S5�:tz]VЯ> �1|T/Lؒ'JF E{_U-IVXM!J_ǏBZP�hIT1g+aG;Uq0lasr >A& +S0ه8<|ݍ0�7Ǫmx+Slߕ U u """"""""(BZ썲apw13zƷ̭Ϡ/2az6BącҮX`95�%VA�ݟC2fX|^ QڭQvt�-S1i}Kۣ܈MѧAd;`*ٓg;n kYd bDG;!Dwq$㓸ӾF{m;"P=ʪ@=gcGC0t.(h3l~x9vb/A\5M-:Gų`W^IE5G�4\@zbϮX6�=Gz9kgaewav~8L$YbpzHUmtǝ�� �IDATkӮLTG�O,YHK9Geg+PJqe~n=y?cySx&HS<_]FO nµůʻa;9MpM5 zJ'A__Yi:/X߀B-ۧ{JÝ?KҀZLgJ|t@Յ̵x(t2ET%^/:Y3}Hݝv bl@ЇTAh=C"x}3c0F0o<~\g1/fV>֙0y<B`|=_G(;G[m~_Q<<_z 'S}rpAݳ&q£x(Ε0A^^^ (M& ! ]C]QCc<xF->a/L)0&đU*{Zz3гA#{�<>1#a3]u9@f~_]07A}{=sM6o9~g˻<Yqs-lgT�Zv{tW3!]z^+v͝7@0V߾.�us3 YX|&"""""""r ј$L4 &Mc! D1 PƓ5-~boV9ٹdbA7/(R0, n_) ͺ E[+�xwY}snv<+WΒ\:9gzz{F=\ZaP�-}? mj 3CQ+8y/ 92]`Ynm;9?`q�D ѭw )8-tOO?~tBmP.bq!9DDDDDDDDEH:  g 3 } ;3ew/+s(WqdXVj &`뢉ҭ)*W#(n5~.>0H忍<ÀQgCt^VcF{><Y8i#]Ԋ+UU/t닚+g'lp"Ζ߿UnXa{`@15C.>P!u4̏ 9#>?u"Qų7R`4/`{U쳦8+1u5q0s(<4H o[,NgϜ/yjpNiT{egfj8e N�`@.=Em{ȮhS@1zgsU G"BokRpfVīU~QԿB>UB{]\_W8a3}|8Yljq0:=3!�t Фot6Ф3kŢKqδǎ}b6)ҍTŊc\O[F ޓ,@J~.egؘ-2ZkU*N? � TqJeTCJbTo7F$RóXE1bFtYJ~'-r.<;M+X~èpK5VEvN~#A^Y"Y*^q?Nˏ`K6 �}5tx /dh ݟi�:>髳n�]ytyqsGuź .a� ݲ[{W 1*5? 3Isʋ�f᯻gΟuGHRF*@d5- QxbФaJšJk"Ǝ"} )ئOt ]ׁϳ-^z]jrR=�e4|be&^d s_kŝPk=]g>ڡ #q~'Mxw|oTS.sqV~Nb@1Aym X:mf0<WY^H6O;7zع`E9z|b_N z�R'b4P=Ĥ�D @HDDDDDDDRr)t!eMHކ!ա,ٚhb7J=, .ٚ}{Y t,nӒeӁ-3ift~T^ڨX/UΗ 5;$͚! {]:<2f(Ƿ--/s$,[#ۏ]\-O uﯓAk%ODD˕sIc?#Gɘ/T[hwTc1u<brfəݫdxN9}U=2C׼8^n& eՒ2w|Ytl:xr{G2fH<v<Z~1IFpLNWOɘ+Oo+]eyee\IUY,7G.\*v 5CvqV~\L{nlq̓޷-C]`EJI󤛿R^zaĬNƎ&,ٛ"za j(^Z#&ϖW\[`0 `0v� _K^EʊyHyzNL]a^hS$T9SFwd}18,-7mM⧴up=/%1nwo; )O:0GJKz+hI]4 Zs6)|V8={9/doyOnu[: ~IӮEIۏKhb=Zq {eE~l?a?�`0 `0XbŠäbzrX]ϐ<U͖'YrYdL>@z"En^n3bHV9w] _Z`,'gJMՒ%) GeǪ>[ A_e͎#r:9Cr,hE/{˯>;ّ 9?ˆC c[^=A/mCElA6)LY6<%Iy6L{esdҽeI䕏;Iʓr>ܽE-_(}>Jt芖+S2`">/)YQ5䦝K6]8~' ۖk/kinH‹7 dZ-ZZy-\Wm\Ӿ36I2-6IӘYYCۤ #Ϙ oT�`0 `0 CT2ޏTg�ʹy;V BAd'MnjxyFLXp`}h&p) K2~W"�,ҽS?t&>y?+LDDDDDDDt'�MDWH*V#6A}.ftt+Eh? ?^ O džLv5ѝ4c>is P`z?}V }o? 90wwߛ>&"""""""CX&h~{bL"yq6Y+];!Ȱ` e=d` R l�bauZ)+JV<F F'0qE0`MKpK�MDDDDDDDDDD.4 DDDDDDDDDD,@qE:>0?xL ӖЁXADC?CoDDDtsψ&MZ\<afFnx1<&>�3~ߌgRgE^f ނM~(ݞ7"q9Xn9 YhjR�ذe81+DDDT8Sp1P*rт=8y 0=DT)ލ/v`g*jM\ :WyU^yLqղ:&uX=Y81Bn6Xx Gvm?�kDZ&E9 k 6&Y^Ə^aMƨZ Jyl_7ⶻK C[M`=8 2zϜL xn<8¸ ]%oh(cN5Ϯ2byijbܑ0}OMD9iʂ[g̓'~}BlTfMCϓo&_}'){%ݚ)Ki y#dĈK|*!??9s>LwY4&y3R_|۷eѡ4Q5)H}{ˉPħVwp$Y݈hY*v cˏ0zS_[i-oDn2ɴMg%i#*Ҕg{?oCyenIi.ΑAMqK |Z۷m=44ѕ_>gv˵"Ȫݱ+TR%e<g<R_Gs}sthe 7RN{ywy"o<*mVOst ("E-:8.¤̑^j!.;k;qϓ*E. %r,ʫ_o-_ȹx~dx""R_q&Հe}|\c2/^&̫^iZmM~{YKC~%s(dĦ4QoԞmq+[NH %UIfoD~$MrAuRij<&<Jx?ܯw,N�/?pG"Ъ 96p{6"7 GA\ gg%>y:�>;\u{qF onb!&Ȭ�papoy?$t+Dgu*Dx+i#^ƷAYT 聠`=H�ŭ:^1CNtW�z{Qj8k4/}?OB�(*3i{0z+C@<}`)4a6&9 8&| <S^@0FTE33U=*tDܹj~%rx㽦>A`9nݦ7F�wC =}[{@Dz;aſ*v?>FKtwD _B5(.P_3^ӓvcfB77Q↛y/9oUflg@;<_agH80s42RgٸE!ڗy*1_u�_J'ĪXbr-Ceq}HY?RMُz\5$ H};M.[ {4Jf-hY ryk7E-]g{I?o?PSk >ǭ ^u>;ZˑoU+wGeV}_I;7Q)kSU$L\P9z|~1GyrK<5G<DžZ_^5$1[Oԋh0 0^gw Rw$iPi4�q clr%v'Ƽo4j򎋩dUlq> nn3蓃b7Nv_ۥ񝒟nԔ!kij*N{%YⱾŒdyʷ4Y^ƏA:`/"{>ESdA7Yq?4]?UxX<H-7Ove&N//[-,@3wx?/�1\P/z!T77P"@:O9eвwD5*Rcg<خlK}MN`+8ZT Ac<Dwۏ߶ۣШ̥*vsW%^]K۰`cB~k6!@4|aIrTdCoNþRx*Q` grpfKvmMUu^&TljZ MdV(5KE<$ Ld7˽m ꖷtNҰjR:6YE\h] @͏gH3_%Djc^˘yKqf۷)^>>} {9|;pj| ?WOxa1zԳv1ۖcy{O=kGb7̊YH<s c֕lO6[ft!bg-k6X�X54TmAOwB:U"#169Q=sChgs=H:+ I?ؽǂY58:)?xo|xmvJ<)h&]kXsHY+yXre<4Ǿ>ϔ\T|a9,.ȒR{OF@_x}ؼg|7u&V.?qX" {0=m MB*)o7r2St$Š$q]OItTB2dޏ`�79tj_c:F7+O\6jl )PzAN GsCrQ+! eBr%'6&Ecy7j1:j�||\: {a>hEl89/: ^sZq6 ?HKŴB^%|A4ɥY^Ə:v�l0w^I˞9mid!a<\m8v(jhC(`oȾ#y›܁Iw_-z%y-MѮms4l� FTXETY[F"NڎKǗ_+ƣo;n�Ը/pa}!E Ahal>AðCcvhٴ1[qd*pe':px]w?ϼ.\x]ѻ˃Ec+�_3̋H3bXwXZuq�mFo4ǃov_{!ܚ)__V½$-ecmO7\u]W23UBש!õ+ 2/A|1)q!Fp+^Bb 8&6bpG4^5xi_'dcsz;-GV$aߥ΀J+3eP%";WweM>ܵɎNE\?Fzl^:|+,bW#GJb;>H1uAP3>3;jÊ;q1ZH@yJ$%QUߧW5YOWUj5WƉ:(@;XG0@wUT6jMij_/Oײxy^0k4^{U<XŧKy7Q B@Ź3砹CBןAV-Eˏ9\RwYÒ_bl={^z8^aUOr+cjn@1u`~nM&S)-7-^I9&ʅ%؝43m9 �%xȯ?CM:}>k{2[w9Ԕ.ȏ[a[Gs?7 �Z*. 0A1E<pG(S EwZ~X߹5B/Vh?QC=PUPMB9PI ܱ�$m~[yL_H!KIL ;j:SBUzΨQ<oҹs~CQVhǴOVk K/? Bk"(&Z=COEo` iJ;>;{̻xLziD�� �IDATѿu\wۊ2Y<ByH_6OS" зz7ހ@^qq2'�</<PN <C�,碓2?<>3**6DCyW=p̪p(^ijyG0uB7P (wύ5 rqQTi'fC1ƨx;ʕnvu0t-j?UZz,מZJ^&</)Kj/>_S{qMVlݑÈɤ瀠�̍0l7e%�⒑ aPQDes.nWs|t>^o 8qfX*jBO 0< L" Z6\S+[-G7^5ZuX%5 z� |7 6X236]XKߎWkpNj@?n>{A� g]716GSy`7!!9 9kGD #xzO8~9F*%%0 ׷<{^L $ۻ1g,OZ3v`o?9l#FЯKm,*w,O ËxYY"gbSl`s;Eȼ\w  𻕖傃 ;Hz/Ҕ"ADDņ QB^^ BMHHo[c@v&y읙sϽ̙3碒`D..}9;>~�ڼDR&^&{A24AqIj*}kgo)[rVx(ru:v #(:W*X1<M`?ݼ gŻ-_Nz2ZAQq2�-o'T :-pN8Å1ħxM(Sp ydxݬ|=烪-Չ9Ni�W)ڼNkWJ~Nq1* %*5i T E aֆ"^`%] [sş lSq$?·6e٪/ic͞3 ד09{PħT<[thWq�txN2S o}A<ax#5`V+yP*Q"!Cf4 JjvyBsh g:ܞtg|)A,U!HLtR zoE*RjJꙜ.D䛥yQ j2eDp}7\2Bh> cNJ ŭ70qbm7k97n`d X/ƣD.߻_oe q1DǘdckI̩;W@&o}k3-,MlfJuK9qG<K'aׇe5GLdd-7+y L9=*[ö"[esV|Y>pܞbd#o4]l4GN14-#Do~t` pR-2_8yc2qqKX '"Wnڭ\OɔӃt}ޞ:2赖|<:dsrn,yFըvI4u0_ -^ae2ZMvq FAeJj(Ewx 2w4Β%n|gkR A>iҹy)[3KLِ~}7W,Zm3|R!|:#sX~{ڏD%4~rd(4zw.oџy뻬$\BT -@ktGJi,mKsS䧞i6^)EX3coIgŐ=B2{:Pѕ{w͓ .'efSq~x:;mNS& ,Yl%YF;Ko2{zqBWY&M\ǎӸlΏ~Hnc?gІB)C Gc޵9I\Z~x%~cA$:ǔnz7$] қ ݚ=hċng7JV4rfN B`Kޓ^`lpf 9_ϝb\|4s\ŻD .̵igI~xϟV}Vܾٕ}f^*K:Ϝ8?v;_"X12 S tb/#K$qta 'N§⹖yRC<XGO3՞r<\ZO2v_w?^awn=J87Fug'(L3 A8&%KY% Z0hМL+r\[1d`kY&{qY�"1_Mfǽ=NΓUefڃYeU>̀J#R߉BMD�>js-:3-k2/3C߲;C�*R^ຶ:tٞclMp (Eԃ\)^ފTncAϨưr]oYL5''L) Y~3' iR5 +_/Z'wԦ݋>{\[X}83(:;~3g:k=&t1% ݶWo/뗥foa42')JF-~59/'VSGKikA6? NıaLh.؆~A⡟zKWtlK nrZ­y{ZkL3k-l}l7Do1_>G1. 9?;G)~f-Ն~K(3xig>^S QۏxJfm=Ueu?= nq\5fTS+e1_HLVQ[ 7s&׌wٗ2Yv 3GDhLqYMR2A'~yX^gDTNDN.fwW8eŢZ4 $gwά,b3ʢ-|0qtӺP>ѫeV)K$NP;}^w絑o3F4 'm�eK QZŧ4?ޥa*NOA8kADfe.kmo A1g^AHqjЙ7aćjGW=Yl_fĵ|Q˂-K^uq>[- Z<lW uJhH qmKX1Er>y ;i84Ȁw lb 1G"�Eq@rb<3.Ί=q1f@-J0-Yg'w?JjG~f:fCs,ڒ/I-H؄Whsb0 mY*Q^5 #xqr?X%/:akן'[s+>yɇ 'tK&& !?\:R9=[DNQ怦BG:UZe&OϚ v85v`,#կba]s d,ܒly݆u[[~?_pYk%l;)O:Wòƚ1g]2xy&DN%)M2wfɱكZfjtn'd X3War9 Y_%zO2 %d$l#2\|/B1'n΢HZ__Ѩ~,RG`y@kOk_$F]1{d1I Ҁ?ܩE\JxPrw+Y&(_y >(٠7uk# z˷EC3ii.ÇH< <ۘ2+5t>׮E1l%֯OHuu2rrZ,%45h@JFqeMcZo͓} uj@Ah�syGƞ iӥϿ /C--Dz5fa D=Aϵ9:Kz|bI5IO"S #oIū-YuQ0-zbzw [_,O@@B;_1vx-^hYzCVpo(@;W~?I s1<[wSH՟.a)-Ve~\5_X7VI6-,%&Sƅ2;[6z/[Ö|p(vZz"8b(sXA뷈g8k1"ߜ" 6[2U? a+B5SѬ_6s`ҕ\WHr}϶:q4I[gʊ;y4&f24lʻ3S:Vж2 )21& %fF&mIlAߗӽ< fz=c"vw`DbsJ ɺAK<Lt:-ހ C4Y<go-.Y;lzk>ܺ+ory!bE\<W� 5Z~Dآ8Ukp2[x^lW2hI-wZ> 1w25ǵҠ ݒ2EO|D8kB63`/^eq*фWk+cq`lfLW%Y6f"\CsJn'<ޙ?sa4@x\ W!BPMGR')N\)]0qޞv |:/JyܮI_0:p*=ȓ})'`ȮTc#Wa&"]kPOE΄aq[ q" = ' jW9"r3 >hg7'ѽӥT?~;nqlOdp+7Z]$4{U?6d-6bI1:j#'f-/\nوL:>m)߁0V^xZ> q|1L`<bN$1jxNzreYߑ* լHhnyA-7jGC ŒPJkYVSX;.4!epPѰc<\pce8{S%йRv惂HI^jEL`sgټӐ%#\k44ͷy{{%vu!U]E>/EN) tam&&GgFVN(FQjR~#6#45"te BP%2Ӭu{PXM+K=;}jץg 8cSp&,9kB(y.s< 88ޡ8>vRَHI"Vz~e>KgY5 ҀE[86>G сBTS&D3a\kǁ,]Ѓ϶CB�ˬ'Cݦ/ s]hY#bUg?uUxmrn勊 1; n=+/v1˧5jGz_FƳE&|vyhKh/7AB7bg~c_?k_ n 7sTܼs <]ϲٵrV1哞|àj:Sӿb py>_FdžY̕1կ}xfef) m[wER"bY_;?~ SxDžzRDaG Cٳqsx,e ܨmOJfqs61`tg@5hϪg ٲ4$qqk|i4Po,Y33KfJf)[h(&TyS]TWTJSU(٥H20c8x9}=dۄ2A0=܀oc\e?ĿLjubN<˺IhSZ>Fq1 ȇDq܋РR45 p%Ͳkv}_R.R̷& P6p*(y?dVvWw{vDOj3vx=~lGzIOgtob8/`Q.;jKR0v4y2ce7cYW 3Zw6ĜRvvxU8_A\ІE̘3?M?f-e˱kM񔟥ulWpBDC 4 <a$ BEbT7)�tkov)^mJ2[rx(n!?(ܮ&Nb~w�1] R^_A_ jSPR MD_Y Oue7eάXIS>Y OR ِ.1z:˵}q9iB 2a5GXyG[Y|'&(xhK='D*;'Ak%3#2˖?;?~ SEZ*iyѸo ʱ׉}l$cмֱʬ(u߭3 3o~rAFz) n~Z2v0%[Xܛ} O[1J-FQc9޺ %3J̔|ycCI1/K q%8k-F/5~<3o{Pٺ饶^Q C 1l8}=$lfF+k* 8a+>"l5|fm)^{z{˩qCڿ?o Zڴkذk˜v= ƳgxA!ݨLg~ea)꾻;ÔEPTo|hC_&.]D)4h)_<Z" e+EÍ\3e+rk)Syg-c'9&\*v=i`8ǎY|ѵkҰs{)롂9/ad*muy0-:6'DrbNN4Cɼ?$,#?x;C/3x)V 7!@Df-zD7g{?iK̕^$Dy U(r,tYG|(Ls2pl6_@UKɲ!hW˱U;"s䦙TtUrLqfˆc9z>hŗ';7gY#Gut{ܪ] :;-Jʖ)L;9i)st]n4{ m,\Oyw*G)zW"jvd,G3 |hqah@tUBNCAGt{Dr2d'ٵz8q NfqzՊ>t~Ej"6r^0쎲MW( \^ͪa'"ӲӃղ;f3<*iKݹq;EqK".a/AחpwV?D}AOq}3Kk(zw|Uj~Y`ЁΡ]#/~bZ$gsƻ,SN߹B5.m_t旁0 ǏG(h/v[tq|k9zRL8Q4u!HsLqBQ={ &&03f6i)ݮr-UzҺܽH,<Џ Id \6]}o%f2qE7(87N&(9vN^&֢_曛gciYnm;6CG/̅şС }s; 5<7ϟKQAm7i3{ӣ?S==lK LV\ӢK.TΟc)(9SB8~lc?{ٴ#=<ZѹFtN6mJtnjP�� �IDATKXv1DZ}H~Or)H3Ç3|w/<<&;_g7a4瓼Lks- u"V\s3[>AYsD_8YC SĿkM<ңϣz7x8Q$0sS7Þ[enζ+Nښ _/K_vcg\r/f\OQޥeDgiK߹ehm*z-Akg(|9(CL 84?ۯgtT2j3}{ ~Sc7e^{:ȩ1Ěsp_6ٹ0_:h";>>.3bn>LFAE~xU lYjvDx@6³VȘ%a<Yx8hPUFAgY8om=st*dؓy bL'ťF_'8n"7a~fbe\!_>\;6CG/{A…}~eů(0E2/ؚSŏ^KC7qlxcv?jT1:Wjq+9ۣu}lܚ=dx FkіP}n'SVWa;~ݑGd5/U?xrN˿2*`&n<ܼwΫMd_[=d, &S~!&Ng'AɔWBejV3vp>gMaU�ř{OtI?D;-Qϊwk\R{ꥻmg~~~fm5. {57̒ͭ ZQȇop=za&|eLM (YXWuyoY !KP4R@̩k2rIE^,/L.ǫ2Ȓ*i\={GhkWdW,JiHM^Sa˫ֶ|v2u'rF2Zg5l;;Lƺ0αΈbε\ue�*9*UDW:.n3 6V;Gذ2+5^OӲW./^T|?Gv/r)Dڶei G;(jO_$ Eh;n^oD1~&~N ۇ5\ O[1˃eoioz&=x #Z.}omk:ż9@O䘽qMf eQ>9mC~GO)ا١Eo;<ʴ|W檀Hd}y}It덦 hɢ3[>zǾ.9?7VZ"vmOe^ X'3mEFVcJØ2+% B;eSY2EvqvX#Y2?Ì[[X7>-gpS@Kwփ[[ѬYǭx,a$[ū|S{b D?L} j. R2ٵ|Njxt앭-xo4�y]rZڞ+3 |hq 3y٩@^τK揾X9Jz+m?ɏN`vz̞,9pO'5e5vU̬iE+^yKgg^uQbz0_ww\0ply+Gj{QuUۊ.i ֫0pf}2h^N̥6Ҵ}}k0(kHaI4#n̥QO�^OQ(Bx>\@!Ik='Er`v$҅AۊS0ra'v^߃`tg1^!!Ռ޻BӺqY4 tNLή[R ?K/rl{܊ \Uj0=!he9aGa0'qr!\ujާ0WZƼ"GwXT4l\?'//aӹdG~lpabW ܿfpdr]<xz "2YeB4.;Yi?aWI7kлyPfe xx1KύRE-j@/fƀmG6_es%5/D_o u!VDG~k7)s4[;>W4oue*QN-8^ E%~,}N}(޶#uK1~s͊7!we[G\è6]꾀%; ұZ4 c63z u*9Rc"=%˶rr"xRyg6/mHqLhU;Tpu꼙M"кE|t ɗ;ks:- cײtۃb~m9۾ywڼ ]wx Z˄R?ksnv[lC2&LdKȹU�L|/rDXpl8W˾31rmJH=ʄasw^ޞmc3 |hq!/`cx$=%ܧx'$"*TWϢJr}!n~qNED3uŷo/^sꭿ jbXJB߲-2zpon跽b(USճ_%m%#jQSEgףxFO硽sEyn{[GG+<u/uݵĠA.B{p% >+),ڿ/w> }]ޢρPYQh^.(21^]x6@<&'I=YEEe{+'&Roh˥}9{>k2?Z;.EEb͘Ei*.PEА"]!D8$]c4`Xf9)j}Ǻ/-Of!0'}<C\D6<gnSkG> ͲءءNDY!wa-hYR>n;V0!D&14X=[,RE1_`?ݶl1%sk' }E'Mm?yG[mO|UD͹ڏFQCB?фcqt3~ˣVzQLns9M 8߿-v&%hK?w('r1uz5W*V_3GAzX~Ve-bAoלϥ+<ax0G)*z㛮i7z_w@Lro?Fn3Vc؏c|>PW⯃x N~Uvl<<FW;@xÔYyx3'SbmAP9'0 2$^I'\*W$sqOfg%fo*s/X"#ӹr c8?㞟gdvyC?{ڭQ4H0Cljh;9eTFP<~ySI;v ~rmR9Ak -1*p2:CXǸAXOO\˕kѡ%% W'-:ĞY<fm@o>8iJÕ=T+׮BRxטHK3ٽsb 3pr`0ҍu*NHM'z$᧎qhvm^4el'/EOQ7 b_سmq$vRO2źl^M)H#[Y1/~|[c<0#M.NaUܝ_i\cK}?Nsఝ?K4UWCPnCLL W/r.4g_#^1f;/ѩqUJ1$Dv0kjX>3|vl`_wGʞHI&٘NJZ<W.rȪ+G޾Qpvq&Ky]dl5՗eؼlN&*0ۖMciu"_橼0d�5F@|(D_ ,36u}U;szj_]#ѫM]*pkٿSg#7OOOYRId $8~\8Bv Z/Cb4Oe̚a[]_,MDS0]Zu XnovVw5Gؾb&?=AǁB3t\Ku}܆jQ>ЗΈn\!Qn_ac~v*(J,_.).i3*_DOoQG|h).ΊP@(ZU8E@Qԛ{Kf]޳:H"E)R8蚊qؖ)R'R%If!AM2~&y"Eڏi?!b ݷQpoH7ze6pD۫)(1U"$Emk6!nRyD"H$.ce3KY-$ŗNH1HH$I-lߤ*_VG 3',{dFcn0K:-ƔՓC!C_"H$D"XsGhe&$GdhS~´ԋD"(-R]߅,Q~1D68{zQe\IFh&)"E*L"H$D"܍2:V@ ~ IbNo.aZN.D"q8lV9)R9 x;DZv(\U4 )fL{ &.g1^(G9iH$D")hw:�|'Z>ѝTϺI'5A$6F[+E5^M֛-SS,0$d},I~V糕RD"H$R;QC `_J-JqZɢhbtz/ƸI KgD")( KK$D"H$D"H$RD"H$D"H$D"2�-H$D"H$D"H$ D"H$D"H$D" 2�-H$D"H$D"H$*;j MEը⹇N][G"H$D"H$DRp�Hƒ~:3QbAC׈O/g0e �ԏD"H$D"H$!KpH{<vH=H$D"H$D"H$v&[Ք?G)\n8k0HI߾Eӧ@;_9v')kn  ``P5|J%8V9| TD"H$D"H$Db7=CԧM8J[� |6GA8j;Y/*tb @KhZNdHuH$D"H$D"H$@5MW2u.n�Uo뷠i?T/jkiweD"H$D"H$D"H �t|wقˮf, H 7 A=e_&IjR"H$D"H$D"H$xMS83oώC�4tRD"H$D"H$D"bԬ6X~ZwQ<#iK'RBaP?7ZCɆ#D'cHKٽc4}k橾^þc}]IrcF*I7~l7OcNlgZ̦N %È1-l#>S?m/)g\OÐLcl7aOK 5 ÿƒ8q:qIid %FsFf7eђ2@&"'>OL$oYxuv[G"H$D"H$D")[҅B#D5oDUL0 !0]$Z9y^t/Ba8-ͥb^|ưoEC].-Q"C!DX}CT?콕""r9a6\>l**_ Kb%}>5>JZQSp1E̞D2N.M`'1nO0WAw]}.)\9ӵh*exVmJ?RH"E)RH"E)R855;:\dfW|i7~#UEaUx՗:оn _Oc}]>ϖף Ȉ>9C woJH)rC 'xPRMPfm(]9Y 8U~:kK^|gb#H:~a\'դ+-;=I ?k%}.N4ⳃ0GxPj*#A%e0~lD"H$D"H$ NMƊF!0Dq3ud挈bDc?v|qp+O36&K; >u<\eDp�b7ȀN zޥws֬o>t’ lKňEţZq٘~&);뢄z=W&ԕ*lNe[G)RH"E)RH"Eǖ\>y@$qJ=Z[!@"u/w͸_aK�DW!ϒQ Z0ܼ9sWH-(L};83qCQ+ٵCW�Y&{qcɚ'-Xdvv^)&q{;[vg@ŷ~Ck~lD"H$D"H$ıC�ZAXmި|ˇ_ыLhk=˳t(N`UDœMj=*H~$3g^AN_pYKU[fӏSδWA_5Ѯc]qloH$D"H$D"H$\k@;59\*H9/> U6 Ws?:�PlN\ns}V^G|5}i+8]V3ؿt%FTFCH8o9v-i�Lټ6{3ǯBMjV.C 7^%Bz%]qqUqd~$D"H$D"H$7!4DZoʛt5Acݪ/c y卧 qYIu0ŗD8h«518r63+c,c<s0#Ҁ&4h V=8QO |:/JyQ A?D"H$D"H$k Ō1Ç3|, �] N?HVPpqsyKhrЧ>1 �E_:݆3aa.^BVVHJ$+.Jɝ] HMN^Oڢlq -K?-H$D"H$D"H �l&0a&L/3dBSc8TwlT;= 5%I厢(y}R&A$gǽ *E^#`WZ#b엨州̠HK#Mds5p U*`N8Ɯyy9q jẢ0~$D"H$D"H$EFsF֘Q_=K@$Y3<Uo|nw8!2F%/o҅HKř=Hžѫ%B"N' P)̯,.v>974QzHs3ZW)zVXݦs޻}öD'c2eɉ];9yӜg]LYM^ue+~$D"H$D"H$ 'm cF+,NW/_ܨP$ R2HEjH�� �IDAT\4hؽ7u씕l9zRL8Q4uWKϹt'(52\޳H帒&T tN77XȞ d[ُ #H$D"H$D"(�boٙ"@ScP54N fNIdLlT4&ai\r%g?a]^c;uqJ {:Uoh{9gּ5N `b]g|@ (CXE)P~)Vr*V]Y<6k+~$D"H$D"H$?01GbB|/LҴmXw (wQT} N;eͺs7\2|"~~(3xl%;R jkwe9\U|?G'K0\J_^:xֿ͛ƀ@qt2?KӌJb̀ZV1F{Z<nѥ-?h 8eI#լ@ū|Sc?ҏD"H$D"H$DR@P < gdx p6KS0u>d_ƝG5z;>Ff޳HV!Rrq\0U_}ة;sێmtÿl jW/Jk^wOI7r&z8ω$d(x#Bu`h=1췯2l#g~lH':l?{RKP.9KHͨl¶zRcYXSz_AxnPGɦ-1ٿ1wZkGص7f},Wqzt¡%/Q@I8v5t'Uh *z?RZAk1e@a̮]APaM�zMJ?D"H$D"H$IA5xؔ.Bo!ʨ&JQsv0 !Xl1tx~fH1b V4rlS5jG> ڜ~OTE'6E?[~EEe##Y+}uJp[bb{KDIDx×4ȓgnJ_uX}(ro ~l)RH"E)RH"E)R hOnE4`\fr?}^lƅrY6<ˑX2z/<qwѡ &riXǒYSl?G^=Sάfƫ|-ꍇBzuleq|?u3nВH¶LsF4NC1ɽY<c=gbL5rvLV :!*:'b$->ȰlY: `j̇Wg6y/*ix?南 :s2Qgz7 ?Ic1zL_'<Il;.8OԥwKfMfv!>~ʿ2k'Ffhz4Db_<+aΌwVhü9۸鉇 z-d$Fq&5Lx{؏-#H$D"H$D"8>JpHd->>""H$D"H$D"H U@"H$D"H$D"H$g>ãgK6$$R zM:RQ@ E* DP"w$$!޳6nxk?fggs=gqI@ !B!B!p I@ !B!B!p I@ !B!B!p I@ !B!B!p P!B!B!&=B!B!B8$B!B!B8$B!B!B8$B!B!B8AB .ӭqUbU"* Fڷ Drx| B!B2Ih!i<e.D!k˓_LgfPZx[g}�-ʴ%9BVn?Qi&5 ȡ/}}hφR}rYxZ!B!nVb U%k(H-̮L0cV!Dŧy也eBg]| jEPT+z;M{QcJB!BQqIVFBq%"g*ߛ,HZQai>|'^=,Zk ŗjAAԨOzl]Mɖio;Pkt|Q]KxB!" [_~3"@_蚆{jOE3oi$+m-{}4֥'zvM$&aӅ]|rg/oi./*TinR*e=߼_{JZ!B!n9yl.1IIOZJw8NJ脣1|[4t ?P;;*.֪-L`Wx3@A1KB!B O75 ah]|Y<9I3-S[~@U|2ƒKMqm\i"V~ԃ*zuO#>QzEpx^%(B!B!MM'!{qc4@)~aœ�U}ɹ5o%H=Ǘ&miY  ADÃ/|܅&VТ4:K^!B!!5պxܓ4`/SNqۗȄVgD#KBě ym|',B2zM(5pTO7lo++;ɏVա[%?=e jr!^qу%J|䒰1=pRjx6LۡjFVb.CZP:OzыŤi kS$%qYEVfuQ5{Fjr9n DB 򁄳n|<I>< 2]4ϔ+DMlCC_yRy˽h{鯿?"-F)4>}؄F$ܴDo9IeL/N1.lA&L^vg=rݛW0YlM0Z&<a,Ѽ׾>/lrܴy vPy6 `:|qҡa ݬde̟u+3Wº`!Ԑ^S^os˙:(>w.&47^,LI:-Sz51>He-UO_1bF*~ۏ9uBC=9@1r}OϖV{XkuiKfh֤{ac<ñ[Yx} {.Bܢ>{ǖɘ=l\o~NJ+/< }#Qɐ=[:&r8 !B!pы_֠EZTuߛWTs o k3GaZEx�`ac뉫R39y)3:=5&3z4AD/?j{ɹ'hVMrõDr=xGxR:&fQJ n&=Rk< 2S˃9=:jkd/ObϹ@=tKH#.6+9y:#U58nF\ 4zPKVDkC>++2UKJfqYﰭ(gG3BTZT>  g�.H jFڻ:13gv,}p?eOEWl|ip}: /x1pwq<L8zP٠etlQ ]J<턙Mh#3x:ROJ3DzW?v]j]8ӟ?፺ި C<YG.w{Z]=~gcqv%8 !B!pAӻx?.?ə;~ Qߣp;5YxJ@Jcw'l I>]5-l>_Fr՝۾MvKG3]1l/@զJB^Qd%FܩѼpge%fu74#uߪͰ0jEVu]o TD-MOf^&*hkU~XJ{+JFIaEZ͖riF\\tl%/&4IXrɶG`xZ4#2g';O9yk=9< P4_ÖLUjӪCs<? c@rHܾSUGNMt7Wxa0}%4<51`!fLۘ~ѳ[Vb N٠.e:�t`O@tNX͟di]bIձ[jFaƩV {mQ%ppaL&=OOftlWF ;4]4?3K_%6)qdɾ8N$k5܀z(^~•5}S"Sλcg/&gG^\:8 !B!p2й9F.>&m$ Y5NrpxIN%;x`XQ 61u.<J'AŒJC|r&#ݩREΚåmOנWےIHlbwPBh+%{5h \)ũE=57%][i! x򹬈VUxrnN<2>T)v$XqlݯRI!)يheK&)R9>m i3w6SLJy=eym΃ޜ5;sk4~v z&.A#)x7A}` ړ϶}P^_u|ڛ7>0鳇XklT\* gC>j6V|ώ_a N+p_-�=q¯ ,٤O:RE\NHup5>۱ p%8a>YT!%Sn/{C,(k6wSw<K'7PC0t"J,5n7RO+wsm;c)Hrr<>}<C_1ѻ5)pq8 !B!p2Њ;5SߚYeu̾wcXYQ:ބ_96[{R<{l KxZs91k5x={1&N&Zr9OfD[s[QOSeԌ}#`_̬IZ}\i}uVX,3 fr3-`4JFҶYG 1[8 '43p/^ņ|u[޻^|�RJԋr]X%"5[JJStmw.b;OSe@a"3c"sí;*'2@~N^F d?ǦܬiT^ػؑYFm$vwe&=,G|P>T7ʌf;_1 .+Ғ'Ee`Md#xeu a/MRMom57Yh:LA~kul}33~-,nc {ښH|2{ ҃›w,;i3uk~}$} 4K_MfT3F֏_Cs}߮|=a&&Tf>w}.:[!R=eeѡC~ؒ7FqiOxfqB!Bqt[ o_I绌`¥\G7+8Y.؋ڑEN]mOB<ݰpe]1z|L)Ob$$%1_J.6dOJ/IOϼT7f/Sr9-X v|ufl'͊oVgR 3/Ջ֋-&Fm^C:ņ(bŒzoJISk5?{vb\dO9eOZɘW3iѬ\71Ƞ/Ц]XMѳ9R Ϋw4 ٳ#^O5Ec#MIk_5.ӻPl6`ղ?M1gK}0N-/{"4[Lf#&~U ڹ [:�mtor>W )bM 6 hCӡ m`Dƙy|QR 36@Dl$.Y9k݆D1ֳ!ސB/#22b(@Wh E_qB!BqMn]"JnFw6Th M;9[L*{Ұ0cpNgayw2J$Ɖyz*++}F[pv^ꭋVdFB);2IS0סFr|`:=.ۢe tߵhҗ&̿3>LJ{нG~iuWy۷D NUΒ{!_쾚JHGՊOo݁ts'Oe>�^Wwd#h}x->z㪁fyq{_yI>YGc\v/z_7f|SƮ$s96:B5^FW!vm nՊP=+8Tf?rc"zBZ&T< Ri;j1V hUѫYIL 0ݎ=!CXbӕ=M[jY"#e/\S-&#jCp0Slt ԡ _D@4[@? ٤$F~=Ʊ59jmK]ͨ_I掳B!Bw*ycn8 {bgz4<7 FPO|:EUOE=QmVv@3?gHD a hMiXx3I)-a7V|> Q3 x�LD\(| s+֋Ϲ:4g=;jKjgX0oX95Tr GԙtEaؖ\+=6ѣxtHgjVңiͅ}h3##k5/9j?ep+.y<)/K91+qG㮱z~=11\h41ԃ>4=v+q1X-:STޗ}{/jV7jTCc8j#>WMtatldf6^.&ʜDQ1CGʱ#B]B  B!Bsުg`> h/*"'C[{R3XtV7cΏEܺ:yk)0_koC5lqUDs~W4@ߨ2j~#%,uG~ Tŕ?mG%)yL|;CkϳUubW<*Fi۬CޘϮdzɋv>튋ꀫkW98ν{zr/Ea'zUxY9~( Ї͛w܆ffy1QnӁ>a4ldppWdX,]z<V}25|lrCWkho*bB!B\-3WnIab?b]E˙7saQ &3v"eCx,"%K]{vrg 8 50;5߆ƛ4 ZP�� �IDATVON׬#7tde^mrߞ!qe!mnLk0_ɴ'S9;ל˜2qtoؖ1 aVBxZǼW$$6e͜S{͞<8:e Nk;�i.\k9Ǒ5i9yqhx'7ǞuuqX�]U\Ѽ{07y/?M=f4c AgN1*+/hvESIN꭮a 22CT?*ޮ &<èq4sMYss?C%o8 !B!e;�\~3K&|E[>;fУ7& 4B#J"/+1+㊂bix(c5gmuQ8?v3P~)@YN:f!.zмCoY@#޺]).mI2nᤗ_>Œ<μ8UOjMZ Aa9 rD6ФcwB1tR-cܩH̽<@TU<]ۀҌ0<v8ObI<׈c_eswJ=_ -^@=SdE竇NUZ9~,+1Y/Iא,=Q9[(" XkB, NXcp(OHhx~=驪y|݋~>^i֘6{Dlw!J&Qor#zCC(ӆSJ ߰6~QԟqL=Tņ4g!B!^v6J`kφmW\vfEV\zJH*6s7"e$J^D4(fIQP,Q۟ڕoL*\6J"6(V9OWkxfO8?L~'E˘e˾Rjaޯ ez}yɧxt@c.;K aӏ'Ρ ~’ :%GwgƤ9xZgod?Xj:92Xwi]v+\th\+'O4hԮ[ysaXOw07o0PgOꔹ1ދ‰6m")==ʏ@ZG+`D[g5\d@:Ĩ{:#in#qSQyE Bs n"-u5?A㗭ܢ^_a,B!"Nt,-ӻ\4ys*ϖekI17=q[3UƮd$#Y;WJ[rr=Mh*ys|i}?դSש TiKnN -13YJX9/sj]^nz^"9tŧd%rҭEs?lppF2)ғ"voI+|<~Ʃ*Xkyv~Tn-?{R輫Qc{i0и?j\Cռm +!jo=yM[2?ھcyi`RA]^]z nuRda,1?BGO3W%(G?`6FLU=Rsjy[Qy<Τ[q#?GNX,{�m ՇƘ( mL=r&p$ֺY!B!Ea1? /5e#fi}7 =?yIhu4,#Hf u%t`lf#-BYnV*i<N)3,͟a?^>YfۈO9WiqdslfuhzWjua|R~LQj~I[1>&)6e�.-1-e.!/<Js Ȱw2\9z׋\ !ԁ^T2ӞVYz`=;B>^p):;O{ԚR:w++RgS e[<mth \XmL~;�?] |3YCyeY<w9w|]UtetKJ!q\8垖뷠1U[1փ̝~":k6>ykDm^UUɷftE38cO>[y˟_ibjQ|<}˧/_g:=we{똓XHqB!Bqrz,ʠ%*3/еnQP+AE׹HK8͎ LJ,kkբS}]}y {q-] 78>^M#d?'r<?^ zrTJ7\eQPpBE7(1Wq|b. _�ZeJl ZreKD/Z7|ױ1Nd xV!EWnA%±g#a<m%ml޶#'ȵa VNtk^3PJ"R.f';Zsttm-G8ǣr a蒯88ބC0"{?}q7Ds:ۆ2IIӜC0ߢy`?l<..m#Eğyj gsL|v!v.Rl-T+g.(V̝ņ[q؈߱NpzU7>"v6ǝ%@ͧ aҠE) y3@ddzoׇӻ?s=+FtmzLGLj+nߔl|h/3(0֠ mWU+syb+Ʋk!N]`fj!AՈF4kX2xnVōB!BK[MGGfH@eͪ1qLakyiXsAh[<ϧa+-!Hy#vtו�8|aM-^}T=´/rgv>խDNT 6=[@6eqX[5>J[xO{ܼ̿&"*~a=ڵDZ6q~YhN.hh=h>Z.+D d%\ߤqLDoT2'?c[["b;2*j)_M3S=wjeϏvÖ:p lLz=1w>SFS3QQW4*Sdɸ!Se:(>Rg{͏P3%p1}:BS޾߹&,y }fQMC3PE7jpUzU.}AUc;}3Tkvuj#i3_07 af>i ?(W _=Y0wgɉ+TB!B\P^?T=\=cv:yW]ѳMUhӋZ.xxh`QdY<O\N&~[JfTF:t͚V>4Cԡ)EĀ|Nl`dvo+R;͆J4˗6G iqyܙɑ5iOrRnL ͪF(WGrQ~MRdHg˯Oi\sCJ4{Ss 5 xO-tq+hYN?6eԧ3DNVp7^Ec٘&Yz7wޕv;&dNfmwZ|Zq<]tnEFe&7+ mٰz){h1mۻy֒Tc qba WvLg`!Ԑ^S^osWN8OŎ+jAO_,·4NE{Uؾ+毷SfG}h8{vi0xc~vi, >6RltugCө Q䐖Lrr2I'9}{Ww ;ѓmZҴa5P;F[6)sh*oo+1~l I=AǮ;#׮>L3H?+1cT,B!;3U=18䁧8cBzyoQm:*BC)2wqN 6琔h!/OAH.gr*Eb'HOPtY?2>~ɗ!B!B8߈J6S�4<3䩢363{8K$d٣qPԏMQl{h'?R<!B!B!S9! ԴSGihµؘNrI:Yf 綷ӵ+K 1Q B!B!B8wpFXU[eg3lg2}lMD$ /oz]a-6rH$`B!B!BsxZAh*+ Oe~{}iߗatסGaαaIDyrl$HF+K!B!_j>x [S#ܓįMe×g8'P!B!B!7pxZ!B!B!�IB!B!B8$B!B!B8$B!B!B8$B!B!Q4DM'QUI_Qtxi^h?M{z BTn6g^̷ ~!g~7cX&[n>7( mbYؔB.^aռ+ioMJ>tRJYSm[<>~~JĨUܡBCVr|UA|2+UKL#|#7΍o7|*9ި[qʦl|kOaRR6]{$*RʖwX^KH>+{IxδNP'd'p'7 >&)|!n}r25uA>-o]2%6N{<텏),fS^r| !B:JWo .3{g 6)+g%ߚbt䤜%Oao]xpNx7UFÀ9$GwgCXT`CY>wO-Ğ:?__-75tt c8l_Krf??(1A%ǗKqK xR:Vlʆ՜GfR{-Wc C n(^r"^,:|h q?у$[f}bX7퉜0壉Lxs}-  ^A`+UYpq8:PڍW/vBRB�}lܖS5[AV%S$"TzKiݸ%oZ͈ӶQ$p7LxQ}};,~qS\Gs* dg1 ɫiv2bQ 4&<7#]inw6JX#/,Z}erVz߳-Zz*(˧Ma/?!W0uZt ʢ9ɖX q9�7'<_㵿%.BB q7ǖɼD*5hܱ+m½йdejJ ȕ i7|4|IѣN?fd O'y ^X1ɔIl6s}>;Nًm‡`c/4SF;ZO`TT.S6*)MV7RZ4nˤv2)|nNS+W Q:|dBH!WQ/lRJ)ԯ^|U-YřmJ)l9Kn|*9ǭzYٔR6Q5O$|Vy8zuSWq"~nW'BuRsǘ06F Tv޹{8SwgR Ivg,B!`Ke]V@skŰ{롗!.#Q4l"HCI`.b=:'\GͥcCb~] L] !dttA]hcv�+Ǿywp Wº<3V2rsI?әh\>0+E׾{9Fn^gldߍ=3m>Nf摓|fHS,h!y,ZNGL^fң%֚;x>59w<3X/.tdzlRe܏w{АV8ZB)t2^@x˚OGφ^e^W_z>o%D*,d$f&V-Τe^܂h{ϼ9?.]öI"՜GV)bndpLM)[Q[XѦru mà/w k!2)`KL> /ӌK.ZPW+ SRNv[a;c45z2YGRf> No^fe$o$YJ*-ʬl{w7y6Uzr~9Ǎ]Y+.~3 ώw@LqvA=OdO"3L^il]ʴ ύ͝귍?-r J9I\./)<J[_s`+`Q$N @MrS~GMT<Z5cz $}ӻq`Պv>!Nώh7;/!nq}ꅷ` IW} JW]?`4CB4%+t>*mh=hFwWՂz{չ}zcT?W2tF[m=ת_}m?P-lk)˾tɵEjlK>ڜˮЉU8lmze:s*ӦRVuՙ\gykW FZxUmjVtV.񊊱D?Ӣ`-u~L|HMleW,YTO5xG_Wwk*#vF羺 PTiZVս?%ڏU[7.e9՞<RʦrVzr~9dzzluCyǷ׿+s^|H]Sb5DMZsB_n- Nrd=tp}vQqpFE+wLCp+/e)U]GGZOE14R@mO]h~#oyJ)eV{h n7vZAϧ^Qu/yʮ[ \`?Sjșk<WQolyjS5khS[ q~FE94TGȏva,o'; c@rHܾSUGNMt7Wxa0em=?t_*^-2j`*`RV%1|mRA>|;V_OcpJYv/:Zx7s^4 0a8-o(d?/9sd2y:|7cT6jyrY=9<>a5#װ%6cڴМ0O}YQ✿?V~ r[5_ .4wlXM%"}Q*]d5Ԃ~H}^}qd\#0<F-~BF5sۮ&qdHII#jç  seEl~3ӚBr,W8/7%4<51`!fLۘ~RT69q͟di]bIձ[jFa X.�� �IDATV K-%gFPWkZ|h<;OSߤrc-CCQ1GԾU-|{H-0JFMⅡ<{GlGZGbūzSڷQ>)s^fw3{|_Mg?ݹ #/0;,^R^C"Y_{-νrD=tzю9*ݨhfyxqzdtrwHQ ;'8e C\O(J<y~yN^S'|_~Y΃Wq:BzP=o1'YNVtpqeT+N^Ø%og&M*wagN@X˫v:i-|4y؇>Dkԛ݂?Kho5q}/bU)KWAş폌7ϹR?{Xu2:z=%xRRϯ8s~Nr<hʫ8Da�mYǂKycT_٦ '_m]rWm*R=+L5;tJ/O/$ZPRԽE=UYwU^zUm=y TXxgjCF)KtbSJ)u>uu|Ҏ/o5N;_.|2O+¤s:nﺬ ghWCd-4ɚWuywX(e=;?m>eV_nzO`+F=t|y]~9שcVcJYS׫VW81)<CPS<Fԉ^4GͅMM>l(myWU5(GCGqc\ڍVho:U}66etQDžSGޥfg{e̾d}wR~ǭDhcI*b?̸(Ǵc|Z^8:톣<xc?^ꞹV^A7\ll)3�kG35~U*lDeVxݿP_-JȺKk5Pj]jCԜ|H M\Tώ+N/>;N>f_>ozZUV9^/L|E5_,:[T֢WV^sVtBW8*_3 /PwyL("׾yIZO xx+XTut_H~5啀.!zRLVƊ64R(ϖIԭe+_5Je,Lخr _IY9N1jʫj_~kI^RMLξtl=yWΛ:YO9T-fЎ*/G6f.sꬻӎUjm|tAQZ1Źܝ>< h]께sov\8r\88uz*z瀽BtEo.eVJY;%n~nt8k{x&/yRAG![̅U7k3ЎI֞<V\%R=qe)eR˞l隣B*nn_ʹ83}(L\|uS x=X�  ܂OߥE憻vٙY\qsi=$pl=A]{6,dcl\6$O:@Qi*:k`#㬒`M6 tN-ѦM7\>s"QKu4Y6�#MIk[iK3}}+jnCӡ m`ϖ<ow5I]UuFeW6ɛP3&<{_>A] }|svrwho/8}gvTyg8l 8{k@   bgտ먫Z1Źxoku|ӎ@ =C>\]ADžSGB]?[㈉TW-juat^]ש*5@lN|8:C󠣯C /wcאwH򋳅Cz5+st@0z2zsɇ@Z4^Kn {beW,'DnMn=17q&j7qݚy`(&=$15MaZ*N-P/�=`)shTX9z [^GUK&O?<u~WGXcIǶT�[+Jnj*byYGc\v/z_7f|SƮ$-+`6z=amZ@l<tiKM$~<HKWŢ�TH+m]|cz;>㿙ͦB FM" RQ=>(> H  RLh"E)J=!@@$Rw73c&|?dws=3g4�ľ# ۡ'*#Qzcq>]FK/QQDAb@sVHߐ\EGmٳR~L9ϫQ?ȿ*%Qf*wUt.݆T @-pѹ-áyhPjh�q1{YO#׾Nqx KuPIOxm%)ɸ]FQYFdɢ+<@>G{v,|PNS"H_eOXYDxxz`)h ,bgi� hG| D@7hV Wr9ݓsxH:3˱9;z{\†^GS mZ[CJx*Wv{mT\7 }CP^| G7.ǒ_o\JY j�5PiZ�h6[PDN.27>考?B`88#=Yt_Y'*U+^(]~(."%�/@pL�[Q%(EGiٳR~L9ϫRe?8 |<a!%˪׻RGyu?K sG<;tG{OsjQKgN83*B`0Od=-|B%&/QAE#ݓRK~(L0Lt>{Z`9>|)#-Wp]*+8r`呕aPVl7J]9�xk!l9m%X,82ŐU #gJހwDС õ�6anW_P!OZfq)h|o|3^ADf #wBN?\ &G]L{W Ej6YoSMzzf`NOCpy*gJ1eB?RnlA8q"&NO?Յo5tgeQd*wu�6p̈D."GpdEbixZH'/g^Re{T w/XP[UE~(,t٦|"*T@ێOmqӗx83@^34t*xa2޻;꒧\\b� j 콅 Ec'/uX�*;B;�aFbEo?[ғQZΩka$H�D/tɶIѦ#9�gVPBg}QJ �3VD ;_ao?d٦OzKHp\j~2 [ȳ@?V IJijһp=uyzZRF(�M_ZWW8v8JA?U,gɚ0&NScƏKv{d2)wO橒QWl=8 �;wwh>e "t ѳ{ڪj}<YCŨtKG^l0mwE )^K M[zxYrn%l WMcWmQ&`IAOWiV@ʥΨ6Blx$$ s~?1.{)uϠߠօI`i&HR62o/N߶-EwwTvǢ�"w�@]X)KOQSZc"6A*gq6�!~ĪId7TWy%C '& Iνo$ݳFSWCU[?ċD@Nš1bVL6"~?QLCeظ ĄDyF4v~]aBwQ(ǔF {)ԻPQ:(]<FK.|r%VEGcS0 z4+"MT>u~Cm2;.y ^2-6{B/ş(RGP@=H7U 7/p9bAW<[.`0�"}ZP) XNPS!uls@_Z;:WooǚR@d\=xh5yөT"g `/:~[WGO vƆkTB`urnPpՒ|&Ɲ1j}-v8l ת mU?7Ek8݊GjѠUfxE'D21EЩ8I苞k~PI}g\{᣸~otP5J? yŶu W t#qT1- 1e6Q^y*£vwλޫ.JjLP+ ^GmS,NI�4^/w++I8f5N8^-j"XrgvjW7/#/6y ^(^ �ѽ>,ĭboWCwwqR |YYW# fb] @ke|S?1X]0oK AǪ~4Ȳ=!8ǵxtH:oL^ `vcSJ囯I^#dĞan?}ɸx شVCA; ZN^t_6It:={ ȎR=v#8�kݾ<f%%!ַXT[_| 3>lB\ϵD, \1j݄d I_n K*/{dXmbtXΏU6J?JMԃX{ޚ�6Kt}Bic Ym~d T@3ȟ0oA>"JrQ~Dx6{c:!byH�ӫ* Fm _ ߎ'�LQBp%x7uZ𩩁N QpUBo$|2;F/f'jY<u/LV->ۈm? Gc]O5ih7 Y VByE�<x1];/VH4e[ZS8e}o>Y6\݄e4Cm J;ən!A.|$| "@Y;5%X_3Ѱ"*yCC.?r\5s8dJ[ |5a(چn==lHe\ɲĖ`ӇY͇޵rvZ6(bi�-y7Fzޥ[*½ZWS}fN7d�~ƾ95)K_`(cڰϰ &zADS0sX|UWAǥ̤؉ށ4 `4 ^{p1~w&zQ5RRQw!2jyze祯QJ16Be~yKB eQd*uw :v�w/CENB:G =Ղs1D#;DQB%py7ol1>GBbo ػaKI6U Q71sl,tW~fML/.8C!n)bɯxE-DWv G '5d#];FDҺ|%W<u,DDU4%~>ԴTh2タ-^E|G>H&Ni_Ϥ˶ҙ4eh47@+;mCc:V9<9˔xA˖оke%Kj{ (ǛXaLW $o2)B}iiaɶ1IihiE:H<ieG'Rdg?w_MI&?Ӫ==Fϥ(E&"й@2ӳ7~tnZWZTe)]ʤǷvQu4ۓ&V[~ג|)-\Gێ\t)'9+_17ٷ¡tzt-2&w?]DžO&LDr&߳9ԩT:iR +; 4..z`=}JK((gŚ@^}IG^kLȿhhHZa8s2-f{E(%壠c YU~Cmz<C~q&ڢŠ=@ϡI(ѻByuT߱|&K chbl?(Pďp=Ur_߰~AAbewU.xs7{_[7gmM^({7$(Pi>[n"=tl[GQ5MpEC=E^BSNvLh*Apﯧxc2v}(sR$jsN'Yzƌ$]E=*r u)jR=>GS5h -؇fnHwKc M]P]IJutPv't0K&" G&Pt*xP9-)6R>*ȸ—rkLk,L&Z{٠RR:j`^r,,Oef:=QvX8J hrVP埝8rWWPW7"zWx^(5O*;&tc)x$!"TaӬ~DN{((Sz?T`_=+7_u1 Kl7d:1=P%jL@8r3J4stHo śUC>J h[slK7woќMwœhϓid!dV}nM[Eߤtn\[7QUG{'4NڜKpG9e!ub)%Dt=<?@;6E'ӇےXUKqVt3Dd!SF %^8I{6.YFSU% sn &STu5@9ijr;$bۉtZ8M+Q>ch5t%9 R6eN 'vҚy6`�A(Ga}ӂt2I2e޹A,>E[}x~'*}:d1Qҙ_}sҎFXIN%PJf6IIj]չHlѿ<Z'3dIΤstd[$ \Ûj1x$"ͱ]<C |"?9c;"}2 gќ/?{tC<j-D7 hSXQ4eudPB4y Is'5H4RqNE�� �IDAT0~nrVP4vU42)̟I[B%KEzϼPj*s-hF_.jKN9|%t]"q-,(Sz?Tj_PX{Voi}62nRҎjjP&7V73wjh2CmǯS74o9 |Jܸ&V}fDdSSrM}- !7ni=n ,nܸqƍ x_Mͭk;gD<L(eI@F_(ᆵRX6Qf;,!xqh"2cc%䍹 0AP� ǎ&TaaFo o͍E6s}CCtOҘ<+1DLcU_QfBy4_8,Y. è{�kG/ÿd,9�X(XcaaBwm@L؛ 4UzM/)Х1!x?꽺p�N|2S(:|T.Y)tC={doýqaR30]񨳸t622+ڳѤ�b<=bcaa5u_mQ jCd4Nz>!VA6u*�d8ᛓ9G='Rkazˀ2b⍞ag?0qBpVu*QN/{Fuvm 0 0 zk1�⭺.:s- JGz�Pq0t%sTY* SJM[q G{ '\9{[#·s#634 Ô7NhӬ>ª "̙Htlƚ% bUX` 0 0 Sbvqq88}1I)WQ>~ Gq6J8�1 0 0 0 0 0/!daaaaa'aaaaa haaaaa.paaaaa Z0 be|/ Gr1i<X,GG^x{S<^ ~I~aaa2 ٻ>vѶ',4MXڗM`܊:l?X__ Xb:5-5v6?synܸqƍ7nܸqV\GphjbOa೾(W>ϽS{qڟaQ+:7xjX_ 00 0 z?C[y:ѷ<bM i!XA!>_(䔽XD}/j8F<W b]`)"xuS^J8Pt˘0 Sjʙaa$a3-H&uv&8|* @){{ jOP:l?%{#-٬/)e~aJÔQ90 0 Ô$N@[N!򋕈AdFt% X8?n]4vXL`a}1 0 0 0 0%'$c1yV2$%_0 0 0 0 SfY 0 0 0 0 0=KZ: D95r{k N~uޟ<73qN Hf#2n_ؼ#y-NRl;&i~6)\M}_,{/tZRdIsW8<**׋Ètw2ȶaL'Fcs3J؏k5tn>4Y`6 v`E`4?׻3_THIB| ݴ?UlM-||8&W lf'@INy}=~kcg'aEZ}_u;tu4l1p*NsAG>]Ce5"wFRL\Ǝo1KF_JGyç.cH0lLE݈-ח(9~ML] '/@q|"L(Y-Gk]65LASeY@1|<7qIw`0fXkh턪bSHJ7"+,U׻rV*Wl\z\ d>sѩ%Dl'K4A<NMgx|Z{,n!+17OaWL_}h0 0 S桇M2"%#Gӄ}ٔ Z;k5b-$ӓo/]rC>Hܯ$h'-SxS(LDM>E|[FDDf,iW <MCdPvu ֔}46cNcEOI;O3v$I3 _S>>MO<}\g}iѴ3d<]<.K;m6NMwuAy2A:=*oj,BKY;Gh v ُSmzuQ4ɹ="V9>T+@sHd5Ք.I49ڣ? ;سκL\lyR3pLSAzWXJ-z.I|7gKaˏoJ>8^ v(x7nܸqMM.䝘3#_eR(өr E袱UdM?ث7r._ICN%4' )vn–#*zFnڰ25X|1z-_' Ԃ//�'^"�Hv5[.\J<2Nǩx$& ^9m{tFxe |+j?^�BSؾu7N'#Sv*@Q-8_>>sTU|ǎD Hn(U AA5Ŀя,TgG4�7}c{C  Sm/ NW tp.*v:͛pܢ|W74&L9\JJFQGhռ:<unj/p;'='iV.�tU- U&*|I@8{ Fm#U^CfV;]rVh͘ߧ2@r݁gR V롒�گ`7-bE~K)XLxsDmڵi1W'РU8 �( QhQoHװox6Qz|$w7J p}l&]I9+ +<.y cp\l*lE(,Vb!"aa,x4XD)22~G%ɩU z%;~}j3 {#.uՅԣw|D$Sڲ:7yy8=Tk9,D$ߦsFKGcp -IK5JawKW%vnT-.^8](߅~`Ud&'Ϝ*HHgD22YKQUH,j}9uyw+Gr|i؆ - 4]z@+;?6nzch]sУ~z2Yx>9:ZU)})%{B['Qn$<^y5lB.L'ҳ:{C6lS>oи+ep*~Ud+)զ5rl<CUvһU"XO (aT@Vрն4UR;5iѶ}{jSޕ^ߕW +5.{T@74x E^05nJEƍ7nܸA}il˧4wn!՜e)3x�d8_oE8uH�J/`pr\AU �}%?xݓu?ލk7oƹWtPA ]9U_Hr)ʠ;_@6ݸ)i<U ʌ+X:b8HCz"| B�ZgcŰnاRKI {ns2O[wʱZ>!�=F*{ [I�g<-Cu~Fԃ^�`99_ƷRX6{E"W>c}wlCyr~|Pg][y;[jFagxڥoWv&=d�"wQl?jYwNkҺ+ڸkUMCqs;Ԟ~CC7 <<qo1lz�MfָEx!Y>0 0 S Ͼu F|w,p= Dl PMZQGek-Vw%'}˷AD[r%XO HńO~~AȐ@zIyA~޵ 0xp8X3X1"}ebMH:;7>U˱hF Wׯlk=X"IOtw;ӋUE'˧sڿnAXs7fЫXj]jMOuS JmmXS܈U;2A�Dx79\Fկ^ٺ,^O7, 8IV(Z%o*O柷jx@aad(, іbEuZa״-oʾ�hP1$.؍;�@wpmȨM�T-HMeΣ@*U@@NG^uk ٙHMIB9L'ٌSa+^1tpk?l?mb].4G@ԕ.GbdP)W?)y0phfa΃g% >֧-\l՗=R٭|W󝾸uRd$B_(¿� b-2+z}-2.؎ R3Ҋy>j"VRg?7�,۲gsތj 4iq/d{ۏ /+#[>b+8o Y>CVPN� ֿ#[iI0#6 iT"0 0L"tk+M%y"lȷ?$[w;uw*B�_'xvf`ޥ3B' A!0bNTZ?Vnp<1Qq, qCxx}5ݸK~mBTHk`.DE4kVWoǹW=/T/>ˎ4է|##=vKAGg ([Š<S<Yt$QI h>?qqyr!qOηj"s96vGo=_ؐqWЦ9M{ *_OU9nar?bk5?paa2E8C +k4d%\9wG` m*(3 ]D@�-H;GL}mAC 'ĉdZ}E4x}| \>7Rώgy*wnu,*Mk`=n-*}w{ 8 �qlPjOGBCG'G|̬b/}%ϔyo Np*gڏded@]9J37`FO p,dѯڇk2wmŽ *䭂ݡtܽw%8;3 0 è2&M)e +AWӷPu)4,�D_8Bp!)2C5DU j"Sgpa-7�9-+>yPZk5+%R% "?zUѴ ֗29wPSo^(wFێI R+î%Xq@y_X4;9{xElՎw]1h%B(%$Kpr %Cn*)%g8z|�2dYo(+- n:ْ<tD# ߊRzFqKIWe_z{2~ҙFKU�0 0̓)EMQD•K Dz5 \"]<FK.|r%VEGcS0 z4+"MT>u�J bp3IFfrbOS" BիuTg?D\9mUVl#BU^PH勸NK]zSM6IUj 9G Cu _`�4`P#=ȸqVvjӻZT]�MH ۦ'SRrV@!hCj D{WhW֎Xt@D.[�V[Y�Ȱ _U{ӂ;9?~\~̨䬶Kɸa{CWyK4$>~aa2FeVέKe\=p�%놹FhPjS,NI�4^/w++I8f5N8^-jZ >9ooǚRz`4ܯsyB5n$ĪI/q/pDC_EK{꩐ޥoPin X@9wB輰pfB4XuA:! %auEv*ӻbA[M]G=]q hQk[bT• +ퟕ quꄚ֥-$!rV7Z,'낽0 @tn^=!`ؽQ뎽Kk'ѣ19؛Q^]U뗒ql71\PVU7APvXa)kQXƭk&fZX |$+cjk6K"8Ĝ5 ³{ӹ}C ^UfNm0rl[j�v N=z�4e{WpSn܄dshY!Z;ѽ"|UXX�@f~nYIIH2 ŧ/9! JІ]zb ku%v i6+#M>5F`j:˺4UcX+8-*vJYustu޾9&D0cUa>%ؔjmkhҮ:�gz\O U/ cnnݞ=d y� nL`a)[Y!L4{Vk8V>vfN7d�~ƾ95)S_ :v�w/CXKg(GXZЁ`:GwS8eTƩ# glU4 +?<J%u~uWm{.-"[BkY q%^}D�#z|ޯs+Vd93fnb\+GjM^A|[X7/2BM ^yT2`q\]mzWC5m#e�bytv ,2/|-sѳ@F__`lgB=}?oj|5�:·kŻr4eCck0geH _PNDy r^p9lR0n1[n[(}qf ӛk?o|Ã4�QÖLށ2 0 S(-tz Vu8@鎹GOcøbrBhP[2j#bD-8idB-.8[HQ՟AxٌIxRFP.Y+X}�@c?*2|k8F {#MJI@R~*"}ˉXwa,jB%'1|WnZ\RA7"HS#¯`YԄGpH4'&# Cd&N�� �IDATQ Z}kLYUJyX;v'ww.!iHA'BCgɕuXk*ZwpT^ط'¬uop=4W|<UbglQz:c?0sE2էw`LzX?�Z}^n;}bq=S*>ErFYЗ=fעqzuoa(�=jq(VJ곟w5Uh7bh?ѧ6 ƻc?n{_88K4sڵpX硴O rV\Bac9Do<7e'.v�-.:cTj?+GR~> EPA2D1_haa`퇚M2"%#/p\)t8]1SԤz(E&"й}Rхp %n~#i)R!<" [F2N+˹/5|=+r2zQ?9tKg d.ru~Iʗ3)vkTPTAK!/g=Q_5 y\'*S~JWH_]]zRig sοmHScO}(sR'%5ynZ_ Gq}e %CBO 쟕jZ4S!O-Wk;r W/,}uZԳ\PNYGmg]& a pyR_Thb{`ܢX<B镥HsfPq37nܸqƍZQ%m iLR,fʺHglߤE:W?GPBr,2Iٙxl9A#!`}uBD8-9uǵ4y%#:J1qi"Smpb"im_5lX]OlK6e\3ϟ~)FWF}Дk#gJr:%lʺDN5&sCQkSXQ4eudPB4y Is'5sGCv4jJu*R2I-dLMOPv5.4/bkowŢһ=dZp�v\i&$ 2R(Iڳq)͚0ZdRZ>N-4{Fs%&,dJchY4n@DV ُU}nM[Eߤtn\[7QUǼǢ}/)*ۚu@9s ̞՘V[쑀.(xZ0N&I&b;7#Eݧ ryXaOzUt"1bJ3)򛷩7ܸqƍ2݄Yhaa#V}OF{ 1S#SiѢѴhWZj^=0 0 E0 0 SFc8u@1{1N>3 0 0 cW80 0 Sʣإ?4d'`QraaaƮhY 0 0.Ӱbb/݁V᭻}7t=#> >0aaa{ haaRⅵ.COȈY7z~iaaabw0 0 ÔOq G{ '\9{[#·s#6 0 0  �ށ0 0 0 0 0 0/!daaaaa'aaaaa haaaaa.paaaaa Z0 ++}Ѿn8j;I#baaaad κ exQyȚg`OPuAa8s5&3L)z�^> 艆~NraaaFptiAJˡrnogƉt\:mX< èo3W1j4Foc䳝4r+LeQH:7xp'C0 0 0 0Х'{ :*o7@"d?.c 80j<1/4�rgwщr(~~ޣ.[W/1լ E@0 0 0 0*Х�z,ApMΏ <7gT|79 P1XQW =njWeFő  `wh5l8/t6_ǣu^`]|�FhY7H? 0 0 0tIGVsN>[n/)w�WhG `Z�.;#I,:Fic|3u4*}=l � Ǵm1i'qj �V~|Kbaaa �!Ė|-s+fgʵ|�n O(#yl#*h<mK[}{{A�� F& aaaaJ4"6oB/� �@Hv{�.Ƿ%;8(.j\5wëk`EN@39!@Ԉ0JaaaaJ:Ӑ۹ZW<Jz{k$9ó{yX wbpǫo,$B>Ç:ng1["-bl!o4<l;S~ayI±7cO}v޽ŀz௨\N; yo4RaAX 2|ހnu�zh'j5wwE-t$#Wo7q2ė15Z! ޕꡁ^ L Ly΀oaoȰu˩7Tj(5۾KCV]x+4�Dgy� J|\zb kr�eaMX쿑㯠g˺{/_qbDJ,~(m&xo||ԣ4Ů":WzlBaZ$?;I=CZ ]ϷCTr^0Øy7^gp,i)'?*-=z.AaAKs%D܉D_G@:Z}\:P1tGg$!ED݌K9#sD@!9?z~nkxr'6DF{KW!hj'0QaHshg};a/HUx &l~*̿duRpkaT~}N1.@>.ֵ🽏X}mjv⢰*, e<*|gaaa9 ~ Bjοztۧ&mOHؙ+^pe`7�; wA*qv:EoSP/G\p#!P-33HtrB Րk W4t FkZW-<BuAp,]Ew*G@27D݄E~aHyUAe: -*uFTw}R([!ML2.nIԨpD KK!skKH؜Qn5B�2a-PCnG_}(9=bxTDGE5s]"n2'4{5nPah7 BNJc vDoᗘ2Iq]<"<=!\},�p5e T\XCGcɛc%Ղj30 0 0 sB hPw7ٜP.b 4ػ uU@4ě3P/O0ɸ~ڔKrm~n͵y^Gj82b0?>WN!w;uFP$!n{7jMs,4'TkfAP gh7;;j-2pW-z M5kp�4Z?{]Uq{nMO ;ҥ�DX_2 X@i& !P=H ܈ֳ{O{[gT5/#%􎉫+NZ0Y_~cmJ�B#hиvE*VцSS'p_,xټ`KpmI>]ڳ713hXC_!i+`C&mݯ -B^G3S܉/9o?# ED[5)<$Myrŗ ۽]>h|q-*(%w&~uh|Y,I<ɉlL!*&##"9  nuŖugRiyH%M@ma*uύa$<T;É.O0Z4j' Ln|} )ոOr$,q\fO_&%YD]ـ3c*$W8mJ(t["jLݺ6lbvn@l4 U9 Y@RJBľdeOČaWVdo)"史/bvuZn|lUg( A#m?l6=Eϫd'Ë@ `OFM%Y ٴa-qu??n9,c;yUDϣqwufo4v=o,<p={=c#wxchYٗ+_yOڱu5 "jΊ3{3s/S9f2X8c<0)#eyۏz3÷wJ بS?FT <dgO46 0Eܑr52}*mn'\CU䃭s?[`'^ x<."""""";Lڰwr*+uqSommP֌z"ETjl_RB{GБKʾLI`UHxzش ;U{qG9ʏ nJvX x}ЁǮ1I|t k1dlS7/;7+0 aGageM/$=MQbIrb]*/aJ ؜q}-*gm"hpwOȚîCiX>mjam}Giaq1l%ߩ{^W>>weqKM:4-`LaťyeSտyX,5Y8]ɧ:0xI,QR/knuj;L HR >w*g3^{YWy%2 ?\:xj�o_:g46JS;hr#ۨ5`#Eb~yWlW_7}yw;ǔ%ilKp?og�z^�u}kNIj;>=xm!{Os]YO{vB"+}%lvVijkF2ĆV^5M)ha;(@H!_)ܒNJO9tuסiU|){IH�OZ?QdEdpG?=3v,哺]ؾ<S0TaBʷi4|~Id ?oi>�l6V#Vg* z[HڷP~4?THzu(CҫPOF^yg>c147w w;|TF% !zj8w;x86֚­iߔP^ w]8tMei/=sQ=`(]owBqvΰewSKSVyc_S6+ьaû<ɼ)$m+{oH}c[�lΦne񦒜=17,L-{!aF""""""K&Ki(aٰ%er9Cr[nucu1 ސb؝o`;zUNg rdZN<*&ߛQUb'XLAYR'LÚ[̚ ?/Éժ{aNd\*N^N\K_җZAbVW=7c}?a[ZӨt<zzK`9h;c#[WN߃[RQ4s`1殝G.c_b:I]{Ym;mN݉xH9͙zX J?ۉу87֭Y�{xb˯i\й 9@؉me$cNqX-߸[ڿ1ttj@IAY{XA!rv;!e±/3f<o pƾ21#.2v>y2�אv mAf~80?%sq6+˲ydV YDԊn:-H^sctTK>k,!~_S-OgDK+M6~}JWuۭ~+ن+pi\.]ġ9xK?ξD!t6۱,QGw\~862G\.O} hЛ[_-bŴ3 h'&.|yIْrsvbNRbْHZטX;$yIIچ8∯gCsZ^x͟\oMcI${NqX3~?S\Mak,""""""q^a8# g0M:(cRfGLV.S 3bXv;Qr+[k.,p-<RN ڧ_J8p yXCm:4P~#3<585&د c;aʜ#<xiۚ FmejshsWF<=?2[t~ޘ6kw":<1XTCQA ֹ >#nSozMbS^oBq4AK&r0ik0 m`i  Ój˝,e[sNS,lF,""""""پLVsqP 4sq%9l,w"x{aUkxm̛Of9$cYoګ]5>=<[;P2e'8~\O9pR%>@RݲmԪ\ 6zly$NoƖgǍ᳻z]`gvՋ֙U,#vc63ݻYVhudzeMZ&=1N9^n:>_Ȳ70R|^�\ ¢"$,l  9vPB)*,K:>%I�z4ĊXz9&qc92XlF4md<$݈N>嵋cpXM`¿_xFpOw0!fVsj%8Lq &{6fӷVMe@\`Y^E++}{6>쟭WyҒ {,BXr#c^:?KgILH: CB/_ʲ9hp,~ª}RJn F^}&q&C`E0;JB=Et0"lEdڧ20ڔ/zVvMJT!)fCQyɝo{kىBL"EkI1g؞Wҩo29dn҉>oVg⾖ <'wajℋwd,:Fu`'x*4fW)B*0C-,[$QpܩJ/۷1vh{N Yq;vjY+zS{>ǛņNaN5l�� �IDAT DXWN߭9"Y |9_NrBr{׌~7qgp5]~#掟2+][Y>hd?1ps,""""""3 Xl*S,ˏ/7}/+UٿcSGlwI(&wO?XLuU50%nfayuR+)<f+}nRWVHTXԺ-k9gvUlEOr⁖ttoe7huS<fl+/4}ǸWe*F)|^_ʑm/{!:Z8Y0!&?s:]l-~xn0ލ7Ϙ_c}I.XsҲU7?cm<Oj~ |%�Zp#}~in4X!lJH[<lE^|-Y6/&݅и|ŋIK:ڧ$> ؉kڙ!W]@UʊIzY7u[ʐޭij<I$͏}Vz54><"gh_C|;;n9va <{�Xͽ$ {=IJ_E=-tHPKU^\ϲp*}&{*ִ_5߹nr9ۣ=K#ҊI/W@ X-fդ|JOGs6<ؙQ =—ӯ}*B/g=p zo>dYe> W,X=~E]BV %**h,u K᧤AaOC^ؚ</ d'hu;nMdrbvѡ|Ō;ڕų'.ӼijIb" 6juw_Kfw7| :;FC=;ֱvǟ:㱌 w$͛v<cM1XhCℏF񷳈Tw#鋽Cf|$M?&ɥZKBCuo)! v~u\_P@6A phbvn>tfXk8'~\js w N":q9x]9ѹ HPBTfi]#I:A܋lS4緶i_Z& fx;T>lJ #ց.�0׾8דj�an ϿmUz%MjfP7?~7TQ.F~pIw6W1x̺Q6\=0Yqku)o0[>L3qB=3K?rۧC5a[U<>}J6‹6Gx{izZڧf<Wvٮ+1Ǥn`<֩: %kV 5+lL`Pe6hG~ͬp3FDn,%!BGײrM ~V�|f< O< O5T؉w^~Ω5y9}$TOX!HZv;-8 $Łۂ=I#<`nVtdMڼ9*-ItC5ښmͦ_ aYC^RȜ܄b(-=,I!Kȧ3aTZ>6#){^�VmF;*e~ j"mᒑ.7ç8Kqaf-0}'f%I\Β lޑAnWdwanV4YSy魕 ~ A:ܯly1nfo oގG\/ ;1fD<W3xw.~x5 &G@h Aǣl'{gPFًL5hc&6Ֆ� 0xҾ޻ǰݏCzڧiH^nԳ&_~]l% فcU[FL<bu柳6q…N^NtTኯ*jv2q뼛q?x~ĝ9B©Ӗ͎}* OTI@+Oз`}Q[RR6NGV c:i{0\_U \HӍpHAGn $:6f1Qa {\rK&_'_o_6J,E{KTH|vgӾ}n sǛG-q*v/=<5*҅:`aaEW5d_ϰ{~$o�ujSfnՋ[:髻zb VY"潏1eM;SfԠ# xw@EyZ.u8!*r;"KeVST5IpJ=~S+Lbwq)bu~\6:aYo0Q}/eyhծVUXҐ5~>_0x}ڴITS;HOWF֦^yJ:=,]vVP_Nwffh|c-[[SYw :_V!k&e3lb�6Rȶ9μ7vjOŌbI ab tZ3T2 #};-q,V@v,66,l7 ^~{{7 =ᴻhsKB)cnV&tłb"kѥe#H[Žy$a\6/. mS)Ei>zYa݉a[:}l NC¥I&lnk7X=$00@W�솆)d̙/?p+#3~}a_2}U {rKbrp`<!5q%ocsy\/ߎ滄\aDDsSɮmYL7oU'5S>RAawa7f,T^3OBddvJظ{>}~n:v jw»_Ͻ`io1fij)vru7ҫ!ۭ%<I.l-Wv Ļ/|~]PڳJxx8a!APN9LE^|>9t);q H-`,yraw瑱;mɛYj!}˄l+_S,""""""գ5zw➇CqϰCwU'Tˆqɔi^^BVehB&'Cq W-'۔ǮLs/Ö?au[M9:NLR`ڻ!#=|f{٣I3yyL-/ѾeYŀ3P,y_2j<+?$}=,e7.bpXfn]2ÃRóe/_)gqTٲĢT/"""""""""~U hG0gD|C3t~f<}-KEu %v[y{|kDDDDDDDDD=m !^ N_{0o`m6 f`X8m1 }x}j% ^N3"Jװ^~OE x.S'El5!EP՞ DDDDDDDDDDPZDDDDDDDDDDB h %EDDDDDDDDD/9Ng+vĬW/%ή6Z-zЧg&"3IۼHޜaD gno nX�|1)MST xyg6S3U5 4ve*q`[Q^2V%b3{dSx~|[J(1=TcHP( BP( B"(a~SF#Ȫ:kmD[)(m&ӱ1])o?ՎGRYˢ~6Mcٲ4|j`C8Kp![`/_mdOi tu躖/u"_*4gF1q+F?ɓK."""""""""U8$6k;Aν?_ֵ3y~%{~-ޝsx99"ۢk'"m)dGTJ>W%{WZPDDDDDDDDDDtP hp*+>ec0K;�@�羓טͼYAWG3e2mMv~17y{Hc6_ɀ5p<.g ƽ;ޟ &mǓ2=?4+ _XF, J<xJIRbf}7u-]nу'&SxomjI!it<4{r(*-&?s')`xy6XXZc"& o:]|籕/]ο:M2/:=y%sٽy)>y;9UXn=ܔcq/4YkYVgy9zl龂f5M_e1>cqo4/uwT}+Ģ$lz:n'W̗e;81}f㮰A϶К]Ba^Ô]~w{Qfa7Sd&avb{s5Z~/*g6}fR8>N3}LmK+* BP( BP(j>%qL<y&Z/͸gw<)m_:s~G2jHSxH*/9tB_KRUnΓȦ׮bmb ;2r(:h؞s.N\WlYwO,T WWWpaa(ݳڔ |FFѠq+:tLUu =`o0lk`O8*!<DO7M\xèՀ&mϠ2'~eʻ>”S-;{6<y&;يx1UvE .1U?Ϊg xstf.O&VV}qQ׆:sS2fWw|U9+m5f<*}%W7]:O0m3#gfXc;m؍^Y̓3Ӎcp T hWLc|&wKUl!&Y :54wRTiFwl5|g˪uy\|x橡MmG3=lί_  h A͇;ܔ.5W8sw<1sS6)ScBL['޴O%P( BP( BٰN;sJ XY9bH?an%v,.5:{/zkި1e{ݬ%+LeEDzYzKʷe$c|rqSOX3'I NMTߙ:#\zq*%+" |~81v0EKyg*7Mk?>ߎ5kv([-Xv2?X8Wvu2|ZvݺeIV{L1|ڐ{7>�'jnҫPOF^yg>tsjQхk@@Y C~3 `9|rZD!e7Rg^UXHo<\fONѻN扈H r_|,h$ƾ@+?qwI3iLw7;\-;ұMSD(- 's'I,J ʲVP֩Es?-Wsw 'acWyg}[;_}*- MI|c4gk>F@ ywWnE3h9Xg3-<hfgc/q뭇ݟa=<NfM 7'""""""""5qGo1hF3#{`s; ۃ'"8O=p5}aNϟ×Eo3Y  zs+]6֐ I=)峢= +X>YLkoiuC/~qnY|vėpǶk[D$6!""""""""R#l~;ua  G8;ȏGj˝,e[sNS,|Rcֹ+#R't~ޘ6kw"p͊6r)4%Wߒ@zXہ1n՜lqrx<zv1q>~;)^ jC3*iwߧvq  | LUkO݈@ui&L`|?V� ܵLzb8bs>y ; `t |eo0(+{l %4e`5_ 3!C[PTX\V3qx(eSNf?H гJw x�ui432 ^w _8Vtt![x\KeOn ^o)[YǚY;P_X\[$Qq,: AN\7l7`:GS5w[2WgN'U@jv*]cm ɕCbm5\XȞ!Rj#/۷%@ujY""""""""rʲKKԦu83',#Ž|=&ŀ}Ysvvf5,Fwǃiʓ!l:œ_de+7Hcȶs=rېDkp4USySh{YxםV w2~m ; ˆkQYv;~tpޝLh*{l<i tqLDDDDDDDDNM'sv۲<f1Xs'9>�M;AfL1E)hC ^&#_B%x K᧤D->:ڢVY{>y >v ޻蚪!]]^¸gs[/3Oػcl[-ڵx'iR'O9znp0] ;IG <'298`WBZ&""""""""zuGͷojW~G=>9/ |Y;lL`qؠQ<ܷA;Ѣt8\SVk OjH�gfp|<'utWsGf:feݳGF<t3V�nxkjf4U['Z7+;Q0^W4:j'+ِfOs WذN*[ޘ?yշ)bG}v^[N!Xa|'f}T9BX^DDDDDDDDYPa-;~ȻL)Xr))&9o_:6f~}7_[ˑeq ?lL6-\܎05DN*պ#VMxGn~ĝ9B©ӖK0&<\ͷ%8�g>;?Y^x޲K7NH7oG6 {EFݳ$.g6 ȇ+;^͈[`JX|_{)G:-g<ձB֓}bO /^bw/l(JªPs^fh<p?mݞG/.X|y,%Amڑ.j3ڣlс'.N@|{'VW3)(Kz\&ަlƝMYRȺķ<MXxOs'A(""""""""5W4S3G+nf<vUx]sM͚;ϵL*�� �IDAT0)rP_8sˏgssݗɓ<xOv1PIix,dy+x*械cjj/Dt|2x9YBc Y;L-?߁l|,:ֶ3krԁ1k8P( BP( BP(؁'i;|8e){(1v r<f$iL yD q9%L0ݶP ҼtWa/I9x.u);q H-`,yraw瑱;mɛYj!}˄l+_2YhK(ADD8ANl>7EyڶUdʸx} qRؓ[N�8g+7u4=x#_c!eR [KJ 7gԜ˙|,R,W.WoIY~\}Ǧ%mj#:AvJswz>S?~6Y#۔I믢K S8gn~YxQχcf%ǃ= `X"SXt6}&| 2JtMDDDDDDDDjT"""""""""""D+_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""""""""""J@_(-""""""""""~""" =NX$fz)qvADDDN3HW!5/`Ц\7%O*"""""r09gqK)""o^eg{WeGb5%fJ&#o~VeoL&-&͢-N<}{}|5LzEDDDD߉e4_"kR@[5F:{ֲhycyX, :[DDDDD ߾S[5 urq;x21,ɭ\ÔaG)""W~h v,]I` 9/RI[_*4gF1q+F?ɓKR<kdqNzEDDDD9bfc1%s?lQ( BQ>t5Ƹכ0ooc|hHg㱙ؑM'3{dpt2Oq}-hpM BP(K` eƯpMP.mt9@;Ϗ;U3GmN9\qA-lx4[V{JYݏlKbM=Fg_#o~OKپ'b3w o_mײټs.�p;xZͳz9+o(n"&?o70u ֧&MQVL὇>R~9<+(]ϾiXazEr"fLxіƳEx ~AI;)*'}"~f Q|ZvS<̀X:ODDDD%8ښG'\9 [;6X B8Bkx1 βoM-+Q0VS:v[0aJ\ν<Q6_Jql6rVڎ()2]v|sҟ7 '3%)SȎrD5p}ɬ1\/!Nsی0+ޓnrC%іƃBP( /\7f k+$m<lV-uAEhhf>�Cw�j#SW\?[RF}˜[ OsgCq&V.O`|aԊj@gЂ_pbkt(4=oeԐ84U>^!{e$/W}`mQܑ3!?8# 6ug96"uovZ_^d}{)"S?^Wͫאl NB" -gudzw}Yuۇ'N4.%c$>!:o庞u h~#=3G-@K?a=͛1<s~qTxL@EY!^96Ȧ; BPg:{w7 6˲[_8"۰j]h.3[4O moj;z|W~"vg@W獊3,LX;w7?] JdcǤ|t<",vsE_emom^Rvyw~b{PwBB{i95& BP(E/ x|*Σ*MC`.`րQ"""^E dO*P̟70ԗ*?&, \g0O|@;5ԟ Yc7 yOB`z_|i%p8WzSx&di:>RE+K^^%-4EDDDvvΰe=KSRͮy5e6+NHwUμ"b`1m~aL_\FyU&]XoF=7ej󆏴cQ)E`3ha蔿x6a� "8X*-""""5m4ޝ8;3x<:n'Gl HcDDDީsEMq`(}:sJI:;O8 3ZTy-{M30f&6e8 [T4uGC^×O#p}ZE=s}~9տI;򒔘đ>{$v5&֎>@{Wm: Z9_sHHvƾhM^{|SgzV}ZL呗_.T84w,""""RC ܿxa~gYzB~'""RF̀ �L.&ø*Lh 8gא\aVW;/Bs:͟yËc4,4"""""5 hCQaqf,! %C)*HDDD$ksj7[ќwkw8;:o^ eGh(p/0?EYDDDDN_~X?ӬU3FY+ɤz)"""�a@ grԓ}C+3o;lۉvղO?{_U}quHH $�a CA {EKV*jmjUjuP�Dd%32ȼvB|<>s9|sz܊|Le!>C/<<Ͽ8չXșS h5Q\TbGˁh w-\6_'""@ee8N N,v$rB)MjQjU\34;4bjl i)CL՘2tPߐsIy.[&=]c07/}""""rxʣL\^Bɯx`DboJ=uFZ nK;|ӓD/\eY'6n2]CIxI1֏IkS3.{we]زeKt>ȹ\S\҇<9(XgpI..7"""i@Xg�g#B<g&pnÅS5mH(!Yĝ8\b}ݪӱ{aGZ,Qv%}j_kn +սjxߐsg9GʧXo]zia|YFs:uiA0?wIF6~,_lKl!ԧ>zH{i6^8D6ă[XRdZ:MZ>WYrk:=NUpYbo$V6\֦g51qnl Ԃ(j6nMKώ-G 9|s0<uYfff_ؘ+unx}eVײWa?oU2 B8r7df5Ot0_2pB+q8V{t 6Tl9f {rV<Ҧ wjlI>Z YM]vVn;veӳ>|m?;ffAuQz>ՂffyصK{?|BP( Q>Sp7~ޞV}oɷ`ֽ(( ;-Ux}u~9O]�wׄo.EE,�xڋs\nl߄cxI|2sBew:Ξȋ7Szju*s kN?w 7z>]Y+P_4_/7\YDDDD1gDDDDDDDDDDDN3>)J@HPZDDDDDDDDDDʅ""""""""""R.r %EDDDDDDDDD\(-""""""""""B h)J@HPZDDDDDDDDDDʅ""""""""""R.r %EDDDDDDDDD\(-""""""""""B h)J@HPZDDDDDDDDDDʅ""""""""""R.r %EDDDDDDDDD\(-""""""""""W ?Т-ya47ۄ[rDDDg]V9K糈HYv*%rQvj�v%2*GDD|Ve#t>r�ADDDDDDDDDDN7r %EDDDDDDDDD\(-""""""""""B h)J@HPZDDDDDDDDDDʅ""""""""""R.r %EDDDDDDDDD\(-""""""""""B h)J@HPZDDDDDDDDDDʅ""""""""""R.rs"I.f."""""?Cg4ڷ>9%<$Jc~tbEDDDDN&#o5G>95$#Hh~9$f,پ[}'PaG@*89Yd6/LM;5܅JXiu_ qdL״+;7Ab,dd˪FDpZ[;cZgf"pbmo|gc rve̡rJ,?:.;1k+m?elm#_P(3]nbNGV»卷#O69T=,g{6[:SnyƺK{/]>vk>Ow}OUgGEQ( BPR,CB|忹S"` ZuOLS='f3NL'<s6_ߚj^]<~)v9ܹC\dzVqOay}ukT<w߈uh=ܦkC˹/qk׺D{+rlj咓gM}E~Y9IKDDDD8.$\uesskêDToJ_aY C߷5)a%z=&XFut7Z5iByt6NL;~z*z M1}2NED\U/׏);N^YM{NZWvrY;AҌ5j'8Uhs[rChyߏwtG?x9/!ky[h+Ūll] lVV{煷 niy6Zݳ[ͳ̼';0{}O(/XJecmffV)8 BqDPٳ[fZެ;,ÉR�`kߵmE!jcxSnnmHA3S598}חP( BP(:GUjv#7_^ȁb_>˸e.|Ӧʱh}M\V ꂣ7_{UAD_OeΣ&?95ADDU9j 0B8DvgM'*~5;Aql{q:.;;J<<eב:pshM{b ߜtMcwZ5;f o3@[yg9Sۼ]x ߅{U�n:MGnIz%f!=׋�"6BfE<ݥh63'5-|$e|=]{;w`kb:e[$ɞƯ/pM[jtۏTC `!&M#5NdF sLJzT߰qLK/!l{ NzH.哛b�^Im\r tJ黾:29X|�y}W*R|`M  n'O 4m]Q1rks |>VX.f!^TG>3MӑOgKX5�Yٸd:<8>^to3ky iؽq1_}m(݀UG_sXv+{2W$]l^ 'pʽ>""""R#Dr53 WU.>k=Yyމ-gw/yEWwsm )`ѣlmn\Rh'%ў/fsvX[J95x{ i<7h=kW7p}B8ϣZZkˊڧJ}mirfl0G |ewȘRaoM txJFǔvyrvER뫌:s cu SYD¥@ oe;VvꀙY-ysoiff[ȥ;<nny԰nO;n`zU?enO젹eλ߶++o} BP(1kY8[ _N'Qɿf?F 9k/!R>cV6iECkW6XR;ڕk ‹%`vR _NfV 6vųd�� �IDATpmondo29n앻E)bL8=Fo.]ɖUZ|m +'^ekٺ'Bo /H׶R3n3>%""h%B1ۢ7k&L֛: >-DžG7o=9Ol Z%y>n194։ݏhDAT)߷7e>2=5hK.MwH?&<ɚvw1;] ɗOZҫG"Oju$,_.`Wݽ].4C|x<@K2.m]wY>iWzip)wnJ!{O, I?f3VD9`L~;ϖn&ӓ@nԾ.|~#u_\l]<$V6ܼ46._igS9&^L,+H= "JB:ֳѭ~e5 gkO,hTƮ[NU| ۜc;1 #ZƛYEQ?:<"=`S^#"NQofhe}m_jկY1.&PP>!;/& Bq^ơ!K}QJ̈m_ ?*⏀w;S$iG._^vY|Cmi뇗O얚#Uߴw{}u?X?'n\>ȫJquŴӦ(O~Yc~2ZG?-~b{ۢ' گx8+,7;WZQOX|BE52)hf~{sXd ǕonJ8ΎUm3&8x߰>PLܱ+޴#V2R㈑T7OE%9 ?Yx=GP( Bqҋį7f?Ifo>zcXGDHŃ.@Øh__t2 !2.JeIZ2tHxi˟O83|76`7vM$A޶f2E2zǘ~DDaj{MgojW̙'Q'j$F2HfƁp;Q\.2ãC@WMkGΑE1:+L3v}=mh.қM62fMenx#*wD*ǗB17a#N`*)C~u:{a[+vgË >@uku{=f4 yKr pb=u/?_K/Xbz(~v9zz*!S ~ֿjla^2%˱>""""Rm`q/huy':n?O>|m<a_~KجCDK zth /%¢ID06>(\8ƾvg{{/E|ycC컐GG)hK ;XX! :EV `ڄyE h/CO&%`[;Us|DtXfY3K}$) +5 YҦ eXSޕ;u]dx?eՑP ĺ${"|Z8t+Pn"ml:J1eqUnъFҟV~\Lxg+,fpKʥ[#"""r>J7%QnJ>\1 9/7rů?$ѿ{xy~ɨl�. Q$/$s�KLMI Yh^G^ttRiJCNYf9ZV F|qLc;{%K&P(ġAGNwWBv63q#怮DY{!iW,LR22 ̒3|} lHwSۃ' ^8nKc/<* fr8-MTu�7g.3زe?.xk'QKÀESo]ko2xנ^ݷ͙'߳uwgcKxĺ$za<::ಗ&ukp?Ic*7_#"""rtS3秾>B1fϪpRۇY6zI}r|-!tl~5 nL[SsDEsss+IbȰg-|71IEwXq^V> ߈^9xg@3XKf~Nqd_!%Ԟ "߬eY.99UJQE}q^p924N.G\ưxҬ'cexX`%}o:jJ__n6 "/Ҧ˧CkUe&N[̘w\}S6m%D"$@Q:WruYPI�M<$= $=>Z^?/[8z ^>""""c1{Ynh^缴wO?&}Ӧ=@Q~<r7؛!t<$Ԫ`_2?.wtj*ؿw{=u1ʴ gpdg+Wqp.""u ,ANE>$=X馱{ <8NT։N*9B{ؕvwB'o^B[g0mWTd҄a/eE#]٫`G7 xj ھU6)+\:*< ]μ9p{n< > yakeA' +F Lz[8ɇKֆ8 ΧTCT`WGU/F'̿d3ń#+X`+|]H_^uhMl A!Aczb;^5nX`am2ġd:E:@ ӦL#*UIv'-?|Y)"rp{e.eJ'T#ې yO6ipJ˂ٰ~6;gNeIa)4y8-h)-d Ix_۟'aq=!eI/װ)m|hT gU?F |=MKۓ<zYjݩOMc%~0DFM~>""""燣!]؆VU}V~1.h$Y?|koў6%.MvQpYlh3ӧ,4BС~9tϼu3fhC34,c;u,"rܕ~h='UdY|tC֥cǤVD>Q9r YphjɰsNav(Q}C\[R9/ƚ 24*mD;`y`bkXo߰_C`D>XIVp"</IL֬J-fBnޝJl<GDDDp=WN{kt TMr:1I#|ĝjH2mS8 #/7Ucc|JoRhoëgL9=^E/k"/GXX.qpJeEpbַ#l[C�~.r8=%^u �!~ 9/}D[Tˡ ȇ1)Ye6oIrr Hۧ_s__y7pkDwgxx0iJv\5B2's Y6~"C!|!./cXe…E׻f#FSE[֍l f~)Cɥz,)G\|'E`=7q_Èx>cWLxSXTxjs'E#8xYãI1ܾ'CPw3'/()?DDѪOOCeqV2n2]C ,zw1*u{cSc(@\;o-<z�w/{J\te2/ϧ|Ei=|U"<uRѯ/̌L]y{ g@ X>?JIgX.CοUp1?HVpzp۽=wjV("t<ׇ9]+T_S#"""r>8*{j{f3cq.^A$ wΰܯc:ƾae_{-6~ۄ#ݨ7??f 1LNi|2O^pJ p|/u~PpvUc˅,yLʇ kڐPt5/A܉2~GF4=Z= +^4GB7G e,X#0X] ܆7Iφ{loyᩩ3׹ҪG%5{/q]p7I^'[MEG}UӃvcк*ei»[ oum8<`s0e cŷk i_Ä+'2eI6cV|@y]Kף:y&jE{kRa'.WoEy&?:..?d|<e.gCL]ZvO�ϊgͭt]!y4}6KXӎ>=ZwlwFw'_5<)ndޛ8Vjfm X=/ZpYj|2W}y4t/mc" -n ){2sDWN&-iuA ^_+,6^jy+foXaw/oCݢ-owtŠ/nn|_S?K {$=ŏBRrn-<1JqvD']p][g‚j{n4=cMc D(ŅIBw[*gcэsh`d|&pQt<~@{f×ѣR­~r;/`͉q8u,_ꔽd:D$ŴjÂ.siЊVglEk'fيFc?f?6Po&b-*pDmH}N-]A+(6+vbj}nR>&y1k-` e,L* B8Wr7TR;R|Teff!V}meiyhǼ**nR~hj]c[7Zh9wYCϱx-¢ zu~:ב<8*2|w2թnWB.FrRsfmSn85+vmŕy[zq[Z9h۞eC߰t7݆\viBP( (yֿu[Og~`wV>Agk>yq~ٻn-`iz}+R3)(їY]\tJX4#/"Gf V=Gr~|:\ Q ?;^-﹘}pc&N/O⫕)ޟC 0/ֱtD^|d 3>dڝd fk|&wfG[Kٕ8`9|xMځeX�۵m0|W;aqi[Y5}k(یߗ4UA6ml>pܾZWr}Y:Sƾ@xxr(u"o|Vz/Ҿm58fxW>&X-/OeRs( n ;7lD۸_K˿[#"""rs<- ]KnrqSaG'V}s:EDDD(S9;恥hV69gC%}cHRx14͉ȹI`ѳ^Vg9 h$BN.EDDD\T{�^ oh<9*| :)>K:#U+P9'x8oK*ck4a*|{P ~ Ӷ(,""""Ve )Cq`8nNYzPDDDDnᐡ\z46hz9ǺΞU,G姓n1Oc_J>ԣΣ@DDDDDDDDDDʃ""""""""""R.r %0EK{hOGDDDDKێakJHDDDD!qP2# Sէ"""""#/MF>k|>""""rj|gSU]؉Z 1_!YSXdW"~dN &wV1uBeC\d.B:DDDN]ݹ9 c!s'[V}ͬ7UDDDDDgeO-*s\<O_MI+Zks mo=]kTRNu6)+UY;_i8?)fۗo_P(DDۆFO;eY7ޮ<:rҸ7ۋR-6 Y9Mm,uօu^~|& |::'gXk,&9P( B88gbI{[(Sv28T,3^[/n{O|Y_8Njq}YBl>jԁR=G} """eMF{-3:!s_֮u:W8u%'/(p /#'t:9|}TnVw䋼`Gz~۝\9F䱼?|Ƌsa4iՙ_DgG;+^{�mL hu"ev܋W;V4qoIX.k'>5]QF-\ܛB mzWnH:-ܢ)wG?T9/ uW"/_$He).wJ/ɡ-iܼ?zMf~[Rش[_st7ͮfdSֺJ]3PgT8U^7oȄ8dM2'=̠xX51azv֕_}Cv�O =<ra_\r5ZKDDDD);]3~:NeAS.ؼ$;?{qI405e),׉!""M,G>`‚9(]F0,ʐ9Wu? |pm>NuGrU:rsYG@r^_"""""͉{N}|{[GA2 <w9]+DV·:ّt6M)-iSos3,Ķz@FȬ#"v[Ms?feWρgsBz߉n{M⋥ؖEna`~&{RV1o¿5m."rV!Ȇ?byE' #9K pH%=*]8 =|v� =F $`uRs@[(Rr�� �IDAT褎 7o2y2֤&#'@0@c}U+_'X[It=Ma~AxhWϋ\,OnUQ"FYWmtSnM# @~n6.+⸲ϓݨ?wZBZv,vo\WbteW$m]ݏtVd 0H(ρؼ>}O{}DDDDt%L_mmc5s3mo[ZlQaxe} 2pz)!<7s53+\fld 6?.)hOwXftQ9;-{}GhMB8KZZkˊڕJ}mA3s-g͖蜠 _{dEQ7ޮ<źr"m+-dff#cN}vz f+|-.'#SF۵sJq2̵ŗ oZhQr6n횙lKR}3B[|s؝mZYV<rN7OGgan)%wzN`W~ݞAs wmWV.( BP(J:qxi3?_spң�NW9ƨA?CW%m?x}o7!dfe`cw_<�ndo29n E)שJ?0e/ cF |t%[v T)jib.d._ wݫYl-[dQ荡Eڶ=^wwfUzƧ$niLh^<3[oN$0ǿʛ{+zh^w_{sg�;GmA$/ׇvV6F<8~>oSb) J\_FM]-;!A[uiJuCD01IִZO/ג^=ybv?U#h׭#`,r1w˅x(g쉯A+b%noO޸!b\坛wl8;>Ȣ⦲sLQX(೥$Ь`K%_"7w]W6[Ol"E 7/W~{TI*{)ʷ>""""R6dXk5 M<^;˧UZЛn}v]3sCo+9 ?:<=`S^Ӝ2zw̶33+w3ISmChk[#ZYu_qWZk92%&:vD.&PP>!;// BqVš!K}QÄm_ ?*⏀w;Q$iG._^v #^n?[j:=~{c9 vEE^Wu}s,͝6uGf}˺Yދo+kn9Xw\iQG=c uhئa%WM):;V#xp}0:c WiqL{8b5lsǺ} -߆ȡoX<%ا3Og} BP(GE~`C捭6LtshB~/'x,/!v}; x//_K`igfܘVcF>ӮÕ;9pUػYF3\Cޏ=": cPm/̞Q93csp7*WQ<dڸ<փGCsͺu|N]77S5ko;Gm 25Zed<sr p|Ho6Ș5፨}=مnb nGTR�u{WJKcφ|āB mg?{hl#{H7[w1Zx+F14_p멄�O+Y~{ zkÔc}DDDDm-֑i}eө=nv)%1WEU6F)u[g?pw޽aj=X"1ܱ]#ۣϥQ v`=ef )OEY~>6F~n^QKdSp?n?ucE4A̒3y}l:o *5 Ҧ eXSޕ;u]dx?eՑP ĺ${"|Z8t+Pn"ml:J1eqUnъFҟV~\Lxg+,fpKʥZ#"""r>8fh+ၞ18-v?Y8bOW9tq7?CJYZо0 *qoY5ue(K!\,)38SS#{pyG:+ׅ,<{%SGyYDD΂C5Ƈ;_dbn^Io{1R? T qhPW5!|ݕСl\9+%y 5=A|6}Hz~ BƁL: __w]A8jiL%9RSWv#zL֙%[%o$`IZ}ж(}K~]F/ 69{lvXD/<PSg�\҄Q7\rn-'6iLe"+X}DDDDΓnQq)w=4Z#'yQtSl=DKʊ|+Ƨtuġ1ck(-IbȰK@{L™zTt\g.8a5 E hq4d 9s}_w,%'ǠS)(*G<rr7^t2 1l`"F>~)4ɘC>,;vIߛ@9חM7$ )iFy5zUɴ+|!=Ɩ3WߔM[ ?>I<bT;ΕCp_6ERD<@`z6O2I4'rxqß0I~h|}يQbh9?{nk mͧԦl>]Q:^.zuj{wWyJ;a8@`Tm8s;F ;+<o^y=]~P�Z�"*M1[d rB^-!GF7{]HvN,ujW ît?~d:i'{& ~ .+,o^%p}Kپi=}WNSc(ʴIYEVr`΁#ueiX [+wX8VN]1V f`SZI>\6/}�G.<cjp)u;c< V~뇑hpG)?Jρm]:}LwLϮ7us=k LS0mkP<RJp ?{_Eѽgo :^C%`EbC_OQAiJQ@J B%$BzOn{I y9;wvvv3gin;r:lYr_ rާ}�-rEotEb1@Bzoh ƅ8 f^Eu8dI!` b^|g*Gh1Q1󕀍#lkҗGfK/6)�SgVfQgp*W)(zahOw(֣/:iVP3ԄwM{.<5 CZg&'*cxӋ[}AAnmB8[X +Rk\~]DNvǑ7m^3`dbl V]rTQ~2A(^8C/?{ML) жW;"fܾo…8wӕ `t`Тe>$ a4�R*}K(Ws e> . XF~_5 Ι (FԨU{C/w+I^} V Z9VfT]jޕRm[}AAn\Z<9crv*{ H=0,= U fatQNVEtle(e{=zu A9 e<QCſa*C_1<3ݒTY]�4D B*_Ԧ�bxl tc45ïg[8Zk lCG7.jY_{�"t&qZ,bR 3=oCn9q;LC|{ *F Â{(UF=%}0W9@odS8sYQûłyUVSYǡ�lplQlJUPWo@ `/VAAGyBcS>/r�й$IHZ >YVx'`F*fdlPאIUz^ctu]<N͟/HTknkH$/Sw%|9< U2w/'LÜ X(ؒOZ"gUa0/z0Q꜕] APc +drcLzUW1ZqiCryv 8F˱l?`6$Tn]lu$R#i9yGS5jnGpB<y4-$T0;32Tߩ%rǭX<xӘOG$D"Ht7C>ᵁMQ!˭-43:^_1r熮=PFEaڽ|v$Z @[qWe:k&lf M˯k�_'|M:uQ#k#:_ m䞩J] rm=�rEr {t5ѥk]�hqA8t1+ ?jtEZx̯g z2V+tG~^z�b~GHE <Btҽ LmoћLD:PH?_ZKCBɫ`TL݅7rHG ͜?K<cD,\ FGpZTa̘� >݈m?6LYڡy"lVAAb_P: עlTBѲ'$ze xr,3{kw<vOA瞮P[m}8~-V*yoYlz*9#VgEMS~G_' N=iF)u|Ф6?WCdwuzTVЅУ.ZuE5L;o~ t|AR}Ar#q=`E.bd) Ą$S`ɷkp! \K⽡00_훰b< |йA^_w];/FdDgf-|ZУL:@G,(B#;/|*qciV嘲NEcZ�n⟋obt)�z(b4/э/oÿC8DgMݰﭺ",GA0䓎%r9Yo{ގqcxf_F%VKC+to1ҦvVrn_3j|M=D"HTT+zg-סKH1t.uFQ籿)R@6瘿.Ӝ1 ,QFv"I:h-yGDX_/K|&�B)GP0Ep\Sʭf)9tJeΞZW(SToy.}%vZ^JݲMq)8 >"H$D:?^ϏǴcߩDħª$ذ+1_- :A3`ﱊ~^xsJs: qVhTx`/b̯a4/fo`ʜd"R`UUXҒ}o_'wGAff~0o {Ά#ljIs{1ٴ=XM=A];C)8zLߩAp �:wb~Gc;x,[CP}k >YDzK"Uh}8akx*)cÓհX%wQpjF w7Q�9]gs bS`Q ͚ھ>}/8\6kq  0 Pī|;c`J Fy‚Ȓ|z{7fQH^- ?|G(v0$  Plڇb a}3>E  BDѵ&ď  Px<?��`F  PQʢ͸Řl iŹ?OAA(y+7a�@a&;Y  ł}bHͭtM<aT30Dk  BIq@ n1c"gAAx>݆ؕ(KAAj>Pk@<b��+N Un  P<Lr%_@`0"Al]>\|AAJ. �hAAAAABG'M      AAAAAq@     E8AAAAA"z;H {Eq   <Z B.r?5)�l8W4   ÔV惂 P1GStԮ78wd/| UN(׿J)�.ԼktS*U ã~'to5+ rj/Dם=Pctn^t0\řCCWbb?O`g^aڅ#ؽc?JnWV[+BIC۱u_0|P/AA0yeE]h*ϭ^4unQg:^limGc6sD"Ht?e /n[$+y8I'0֡q-^ϻØm'͙|szخL12wi#INmm$F&'C,iquy<>3 T6ƝXT}" O\MOJDSw󽺺ۨle_8j"j94JRWk-£iw?6eܗ}h]%4{?N^D"w8hOb@s|\¡UqV9ke/gF6vy0t>f;ID"Q {κJhR GUVJZa>y49[AKiYN')?9j!Ia3ݔq^(g񨥼̳QO,EsYK;ك*gl_h;dNc~殫jmMc 274Ֆx=60)i|:} TsOA~ɽNGݧ "hH$r@ vCPKlV6k7lž/} i7 E[lv͢*'W%1v~*�� �IDAT<#hH$PW I-[_XVкZ/r]cxY^M/7JG2_.u8#Oh{ pN(J733vOY:qsD5fbeh28ӳAOSJX|'S[U˩"x+V-)w9?p8>H!\tMuFs˕z(4%qu_)q9d8O#8=d='=ى>{o7륙UF)`_k/!D"(h-n>RY5trɲ*'GHfSRy3-D2C0ZuHjL65t%s0@/p5F,UG~_f͵k=L7/]Y>%r8_rcpѸyr,GtfNxr˴<U[|OUsfƸYYɓ n5'@׬N@ˑD_ۧDͿ{cEA5v+iR>-1q rIQsol3^%1UX-hH$w@ Kr[M9M  M1 w6ǯD"Qɓ;-GyYONf ~.FRKkJZ2ID+IȧW:"۴D-uR#יhpo跴5|)h|d W-gff)7=R8Ғl>njB~`Wc?v1߽˔x5)-~6Q7#5|ƽ$Oə]|[&6򣋩<RϽ}\sʑTjh [Α}'E"H$eqٜ♋�t(Q,+r EE�-[v#5CC`�ǫPIn"`̥.9|bl<xaQ HǰwR\]י5W?wWcsT 6s"CNa`  �0OY`Å5pfՁSũqAt)�Pq}<2CU?/u.CSS/Aj*RҥK z,Ԋ)DM6};gjvbvEe}vuϩ|zq:>\ mp$]PK~pG9�e}(FRڧ̿�؎`ɒv[-ңP5|G@/`\3g %_ * wP�nnXC|l=cj Umؙ|_Υp|4W;ڲQlex{{"q| M^_edqʠWcTjN#Ê魂 1].a_Nh,WbBK6pV�0{GZGی]ੲ vAkXo�)ɩ S0shA%'"ҧk0m Z+?|E8Pn J@:Nڹ:zo4i Kz@vk�@N~wQ�xooŵxD@A.!%G؝j%\Ndo2G+s|dQCwcl vڪ6hʩX|0lyt=]=`Cy [�j} j{+r vŶĜ H#|XE@{0n7 o0߄-Bka w6Hc.ᓸ ʖڍvaɜiq8,B#aѻJöԢ:J(z l+ s3L+P?^(@=by/n*ù .+EsϪ:7OmpdjH=V<{c4cy>'&((Q9]I @KG acJ`fGӕvd�ƵPzňJU+@9� �{�l87:b J]G`N>M%g hU%g�"dr))uKSlgOl!Ξ< jCQak>Xx”/@n? �=AAnλz]Vh? ǽs[~.-랯x+'dVϗMF4r&,eRTby l=#XW s ==ۼ2zHVIH$z(Ug^T6Gqmbƨ$x9ܣ6qz}gA-m55 [d0ts,m6},5o3qe\ltkQ9-Ƴ^(M2oU*粯K6hͷvؠɿ[Xvm=g]rqp<p>Zӓy07͟gZU!߮9v&, ]V5K׸5Z.JJ h2ʟ7~ma=_O1HǦ}3^情>Z4R ([0"H$ a =CWzws+X{-Ќ:6WǸM?>t)^ZǪĨؤ[؉zSÊD"C(tHQ\_:C3\TpKw .s|ƍ[ȁobϟ&sPywm|cυv3:WpSȼUVQ_ Ɂq{Aj _cYo>a|9 Ә=da^Ь{R7z*; u3cZJw%?dĩvR2ڧ̿#ho+}Նzs9cF+OMnA@cy]!mt/ཷSˉ<bH5_,Z$D<mB5Jz2@'w7o]ᔣ?��x^Zg|n`ٸwWX-|860ð[Aˆ`X;s ndž t(߽91䨻ٌ\pœfdd6H)&�P 0i:DJ "~1�1�]9 |8jE)& ݼ7F~~y#v²:hXV?G؆1ng᷿J@1TDVWIc@4{).^{|9q$|=t/GSK|*N|"L&{y掱zԨeߜaPLNwS|^z,9o1n"N# %<9x_x+hOؕ[ᔣ�<b@+lJꀎ26X91(׮ǭWN+Paha�gvܙ\ص$l�tUzoR1n yʕi0r^7O&.}QQgÙ-5Q4Dr|ҳBl,XzVs}<6e%^EՆH\ڄ_E hCTDt?P<#ѳz5c?oOM|uA1p8{<=Kg]^F/bޢw-$V4}Dܕ0xi(jJn*^iz^o[3 {o T5E> <AQC0q\AAȕݙ[ཕkiAC¿_`ȓp&=TX0`Ps{_GH /ud;ذ]8]85jj!P> �-8q+o�5ѳwS\, \#8v�LCJʭQ_E`w.`P.aͤpM@ 5 كP(TNJWP䐣8yj(.\΃\XDqqkri8=ML U:޽C菟ZFazZUjip5 |_'G؟+/z?B3�^w_CP3 -7xa >xQIG$m_nO  䁜J5k×=rl{ɼZ�^ oR.Țy$$n^AxСj>hf�Dj?bT)*{.V- PITU<u*jWs57nZl4b5bɨk衆n@PzS$^ ~,h 1 5lbLfۡi*0iH@pspi`1>kosq! Z(6o< [V0f^op[j7Fz<yrV =n/k?B2hd<K/Rb8*($pVtTz�VqῇeV{$".:1,P((??xz2 Ba@stqOq  8s?n`vR�:VD=WYrV <<(нOF|bl<Gpd10\ >(ZW[Znڂq!8:N3h0٠WqY`؂C}ʑZELT8"qt_8-3}+�ie??HJDRFv r(Nzu�С|%OpL_8ݑyhfE*<"I3Q]3@hb9*>2BUNSMoT|Qݻ{z94|ʅ0,h(1A@-ٖ1Ե`~>nOJhA$&s BVᵁcz~*'c DNvsB U42#'Y `\uT>!ͦV]rTQ~2cAxx( :ڗ.ytn^~N%}5mc>L/\8qЀFg X-[@�lO F�-Qѩҷlqo?:3eI�"x_8R͉h4:w5ݒil&4:QGiĊ;vI+Ԭㅒο r ظ|.hֲ=*Jʼn8y>x8 UAOІo㗉~pW�&Fb'<.rne{=zu R0hqw˳Tcxgػ(~Qk7#ƶ S^#ⲍ3NBmr+gXNoن [oD!=;\&2cO�Tn݄S{bJg�-~v;̉۱vgcT�-Q15Wt|n^Zi+# ~G~ڳ.!;׺c_6$KAqn.mdsZѰI+/dvD 랂v}>|UĎ=xqH(eÿ+Vd1&Ŏ"Shg8 R@xsPHH"A!T+-cp1yQas<qI Փ XlPIRcŠ'YV&zVM?3+ P[O=('+dyћ?_$D"HTd`/N K's>y D$I)le_N:ay'9^Q%'R#IEA%q`.?oa.m9+ih#nV|!i 0I`zrz[q\]=z#DfǶP.|Bg@aٞtyᗁܯ{n6|Ԋ'Y)vYW{W'sT~`=%dqb/ /V̾EWGa21J<FzdG߈]>"I-}<`_wtH$D.IHj}Gx [r㣿g 7k?z;͎@a~չuwڲIŻ'Jǹ}Oj4_Yϟg6T.kz(98mu26rTC.pRcщla+Dtut7Ȉ웛W׶NWWW|б곫pLXCWsL2D 9a[cTiV1wv*5-#3;t^TtF-u%GJZFﮣsL2D܉A-̨݇CLG q϶k\]n?T#]%fd{+~Z (k:,5'p'ok^b>wuSctayݭqTOt+9~ɹHE>D"(Oc%{ @+'{~Tkm 3 1ZEpXt@ p ^enߨŲSй+x<o_KJ޾h[adNxo`8pST&G $2i.eʡj4UŐ% F*=>Šc~_zE}i'0otAR}�8fF+P{4]<l I.KzK] Wr4\_2 myV`2Fo߄}aνP jRy1ZG@&}X%:5kpЂ`jD8"ҥ pj:?Xbo}Xs;+e;EPͻ!lM7Ӽ͟= f(�rX!sZEW+}iF,OG=QV_?ѡ+f%$'1IY@ن_~>BC y/ kvԵ$|:εQZ@3N r}^ǼSޚ u moYq8=4FyЊ=i9wO"jAAmi#_!T#ʹ%޳y)qߣ na5?3VͲ,-FsXڴܮ3S[Q9!^E<L$DW9"G%wD(]\#j<7}/�ksci~VhL5.74~tY,~--?`}/-=iySߪq9&ʓ\R3i@θ\[\sGnbdƳFد\)3Xy<%Ĝ'X;O}0pbBZ6L3ٸTe|G"E"H$ʋx^A)Roas3��3`S?¿U/9}%9T+4HO 01L$ ꠙ2g59XU$D_=WIo݅sٌap$mP-IqnV|7=B󹻳 P1·k'x�0G8t�ǭ�{nha,旙|?= q:4 H ũ]۷u,%T^cm8W>'v-ᲡP)H#5!!gayAF5P;w(w¶3Hߟ<B9qgccn(v|m+HP~f7e=!4V/ǖKH4æ97.¦SJ&h)jt[Zz,؆a HWU'\aSm98m.`Q  yQV;ỳ;1[b ,, h=$o�X9<*QAA~>( PICA@4 �� �IDAT(16AAAd>( %66�6   2ANw@a0�0m&MAA B;b}%۱�^sCAAa@惂 P0�qAvAAAx(2A@2h     N@AAAAA( -      AAAAAq@ yGA)W  b. }z;H {Eq:F/Lg/(ƯR?f_ NAAܬ'k1c'NǼg)iAdKǪ73U#I oH}%Ư 5j^啒u m$5.~.Mr_E"H$r$]M;\$D"Qd7mg^aڅ#ؽc?|up=FʮPR"pvl|' �SXxj ᔊdB6=ދX' fBї.!N+a 3S]<f / Mn B1@н}#Ԭ$ʩض"eApAA(dVXh/@xk' bm=܊{K(cmww|1lS=xg:^limGc6sɗ۶\/8mF+_bR^l6`4?q)7?+ LIrӎ0 NvO}O$Lۭ19nœ,\/'22Os*` ǘ%;̱v;AeJߜ9ʗY]-:gts-#;~w6O{$Z$v"H$rݓAx4Qڨj^a&|[;~/*GK</:�QXvrk$ikGcRvT$tq@gk(VKu:?+Әj*&bo:s/C_C_nzye"! {κJhR GUû9V3=#zN@}S~rbf)wtBmg 'Q=_.vH$D;!\tMuEs˕z(48puqັ7d'x{I~!ri&{)RCܶ`N3)g8sw T;2 y D}վ+5ڒx|:.}=Cё܌w|1xv_z(rE"Q Q.PIxAްRe"Eg)<#>޾>zVWn|ˍ K2_.u8#Oh{Xo'Q=_.vH$D:u~g7I_wkVe{sVb910V=icح|ScJp8q y .ToF?Ӳ4q@nvR#Y/qVoDNWu=ƸY͹hnq|dI?Ϛ䞋D2C0ZuHjL65t%s0 `_ kXʫpT_vt5>k 8 zo^7͛9Dމ HpE"H$g֤؍ >l}~u3w-&&6rcSy1[r;UҴ蒧[E0N덥g_ݝ 70ֳ;3qKD_Db/w[j_c=9- &MDI-m_+1h(&9>RG.r83|zcQo9bXZ'S2ҧD|Z$v"H$ѹ �h Kfe- Q):#% п=�vK%b,cQ+�P5#8bKnfw{ U\L��x*m]ķ5<_#,*i3crnX?y}]5W?wWcsT 6s"CNa`E_Ow~ Qy\r9 >>8r|l#j8v.6\Y8ƮE0.R_>`_: k{aX kV͂S X%Mt)�Pq}<f30~^*�]gA3RS5tF%_6*TK rjA#g/ڿp&$)fXmV]Ùk0kch})SqjCmWGP]w'~hGFflz\@,@FpCǿ’-p64 IV#pz̝8z(ynjڽ1cD%jNDŃX'x'2PE0vL,]7 Ed|2,6V3n ؼcy};\A*Gzs&q<ܱR~$9]ݨN;k Y.KL9=Xzp{|aosPåpN:s;3ʐCDIN/sK Ş-y++Hzܟosb;Ku[ΡI ifzD‹Db-1J%i=/8ƧR=8=M@ʆXY) N;7՜?w%P.uDKGgRRjHO.2^΍e>%*+v5fD;0G^ta~8Ou34,C/xJQ)_`$<19 .s )U߇bx֬6SFx:F-CJm};\$D"Q#6 wepG8*c71c8)JH{0U˱zFE=|6=y6Ԇ^1^:#<x͍-a@ =�"iZlK`-;~V% l7whq8fYka w|'a#OJD2Rn([ j7nz؅'m9"NpYF&¢wCmѩEuQ,V:gV"t޻�0 < 6mKG}İAY^}yq\/`D-=�͟򵪸||L& fpB?^(@=x{vcFTΝw_(tѸ=vN||1&ϫ?1 Dy@XӵatDj HԤW E|8{ GP L^0m8-lOش3<]:ujBKpQ�0vDE\ hW(�5G|MZ7g{<iF8} ŪpGyZC㲏q0geyXf8+�\ڵ[#A~ѯU52TFF e]tQMhiQx_Bll<RT#J{TDM$0m};\A9 sG0tZV$K׸5Z.Jww;2r^)7081{f L}ҾEtWVSN;rL's9ǽVϗ +8 e+ը5SOO6ort兀^=2Q3ё|/gCzFA~(_L*g(uWt\YQm0.N·3>Bkz#/L ES#yo"_D"Q1HLa3{dW܆.fJR= |:\.|lYcuVn96x>7+g.[ƥVS<9j=gx6K]M˰dnzZ²OpW=um w횷kpIf?:gZ=,)2i/Hjq\4)23puVX 1oʧ<z>a%J vlr^ǁټ.}Q!sӘC^e¬bD"H$&v\)7N,%~|GT7m߬@s_ws&<[>K<M~cV&J, M?>Hzi!/M] ֌`=émE -8ahd|/O.́ "˪ӹw\,~*續ͧfg; yNY#n,H'e% L~l#Fq;?Չ}3X;qa3nB|{[tλ{y6^qHi]+U8z:1o}Ud+Q=_yt&&;l5f\V*>π )wqjܒHps6=КSiwauݭ:6$ըt[Z ae=- .׷2q]qFG 5Z~~9{Q:Rrٰ2:/_{+.vH$DnBzciuP�_N _E"wѬ*0nm_n߭B ;Q�wtUƟ;77=$$!tBEBMD)ED? 뫨(! -t{BM Fzn3I `[YKɽ3=cYn%`S5Lt-#`>ߥZR<X{u,6jn2>/F-I"5ãB_k_mDk%Y+@.vڈ4Gh$y|x {pKTM)Z5-Cdڸ�|6:o|ETcs~UX$Ɗ8u:40 T=: EC@9a^J߁L p0= }<60h6Fʽy+sAA*w k ŠYM]TM`WtPfx7sW/W֯Al[Cll] �@8bP}TҶ-8s_q9AWx0[A 釁] z ꫋xʉM+=qܢˡM[4)6.#x$ߜ/,X �=[>}80 H%m1dEEam}U�#ObV!ARe:j&,ž0C(w(IEEQ~3�YplF$ݥ:OoU7"Pϯf[IS[WOh(@l Wp^znVap9;Vbcc!¦{(y9 z�k V,9�S~ևVC, 7 ;RdN_XSAノ?͹{hJKIS9nu �|U`ݩbP?H ۈ2]vu`WaH'=ɐ n z6Ȯȅ_&dgfC!RChŹ`? >#卽8  9R jbJ GCF}&ط�J m:zs ݄/g w§ j iqXC "6Oz1 pj�/Uݳ$w)>L^'}~p^dTea>aa}A9O41xF >/@#3:;VgworBvv�P 0(�tvP=AE~yfKNjǭnC:B:?hO֨㈼ O賸h|uQ4ҡ Z`Jt=g;Ǟ a!anR>B1�s`ɱ;7`_pL�JFKJ_ƌq:b<ǀ[Lyd^"ؠ%a6:ARȄ!压/wE3]c  5X߀K�֮z_FXvcܢL e5}ǖ%`&/R+HOMAKFv6ؔMR-Ŗs<7!"/@ S_ظ/_N /S uG/[2>8|xA`|֪+8b6?+̛PfEW8@F?ه3 0AYN;L0 t(xeO Bǁ`:<f,)P(D{zh&p|x۝9wS[yp35 ^PtC�`9wT,YȻ rQr!L,U\\'�[= ŢíQأg/�d%KU/,-cFtC>)XEl2eݦ`m^2Sirre MP |Z<$%7RtVpw}GհɸRtWSM7 w ŰF:ȉqx/oN"5EȈ t(HKN�4_2E`53TƸE=j=+H&t贒 `AԊ�Ra#F @AVE\ʉA& 鉺b^Ld)uj=7_>}80 鱍`9:*~ߎġm!Fz3zgH/Q  |6x9CB �":"f1F#lj'30֠3T` ׃TaYe-$zƨs0+Vt~ho �eKߔ׺#%2&] @n]$nnjPCBj .0�<0`L (+΃}bk飼X _E&:JQ/Zi=�}S ꡗ2 :6Qs>u[Oj@EӾ>jMW i ѹaظAp] /lo6 sl:Jp&a] XNO?DN]:!~Z \zi*yFm,ㅱNma>aanᐚwD[Guzj/AXP�7 ov6]ѡvѡ tD.'�-cpj@VņuQY }rA =3'Ģ`m}6Ej"5:GS Ę0?�ta|7(ŗ<JDvIǏ�^_9at愄&}cWǥx .@Pe v=ױp5@>(+-Q 3!Ao珐搔Tl]�F�9aG&AjvK�\+o<,8g ΐv�8>�߃믗{s`$@УoC zA.,ñ2* WE0gP4 MD@Ĺ3I5bFFR\z زfg0 0? 0"da|ڗ 8@胥uُP'jH9q#J!?/ޘS<8$k!<S <Mu@/Ó_©(u.ѽUU-cw> ?>m%t8A]<RykZKDXjbݮѪ,\MF]st ql|]PN Q "}i 0QYqvv$uӨK6h {K¶8st5cP?[IP2c-kwf m;�(iHIg_S0 8Sc| `DP] ])E,С_gxd0\3/EYƹ?WEm0 ~:� :_(rvKh6]ыSmp 0 sp#T �� �IDAT8+Q_:j 4x�D�dpMlc6-aSB3] OOE@AƖ\r.G}}:By׮!S˘N]I"XcլkYs6@b7ujMkpɏ|s&kAA~vO\2A�P<;)t�aގ2; lxf z!칑,i9Qj=YN`Je^Zh<y0 m:r<kaT�7�;2Xz �۞/bjk/`R7CPR*EQh'd;sȶu{GztVPkPp�痂%1�<z"@F[şaAQ<01Vae]?<?Ax�YZ3r_TI^ot?yea>aaPbS;""%N}?n;@ N*DDl|b7}q΢E?GnbErpڰ\mrLD$__ڗ%L;oxgDriރֻs\hZrE&q1]_o5ƮBیd!""+] vg?z{5uY*ۦ+ڶQ|]j'U-?QHɔG{^mVl{JӶ yޟoM0̊~T_Lt|~2j}|rbXwUbSDDDi 6z5i͊äQzvD~OJ{%a5ML-y7L)+y}inb&I&Eɦu=nkGl<mSHMd2+䭤q||U׭.ǖQYSJU@đjnЙ3JDJ&z[,z0 j޶Xo$RwKQ5.?N74[XSwORwO =Sg^@ꡣE*\?هX,*_o(11i+hec/BԐXn7\? #A�@FD~&1a<^_D 'xs+·_Ǯ _U/ϟ&@hPuVSJZ,:B׷Gc8}% ~ѽcl~],) /?>-WOCg'C1!x##Q'!>9um9aoZYJot£^ŵȃ8rm}: G⛗yGJ,9@ &mήR[9g'~G=y .[cn,ÛOăɰp zot yցN�xŸV ۞xY-.{; R1 Sb@G=�*o%8ȁ-!;b@?w̌I.9#Mj1?@rf<S ,ѥ}(UGzAj4I;6@L$O ꋦ"䫫1u;J ް{��뷦6fF;bF`6" ߸iWM_F.f6??6mԼ gȈ=q J7x�(DRqg,L8q ]xo,v:7xi>N l|*\E;sW!pvb yaXT@-OYi%dQ1Ԥ̬\|b)EҖb+6GHWLeoF /ѦV*}#I%~_ Γd-g3Y܌nڹ5l4{O) :r]׶uޡMUTŅ/z<ǻ)ԍzo۲*/hR⼡oX,V-CB-CH)oaK(CHK}$9\A4̦ @pDW]&cR/ JzόQ3DI!WW,!٠CG-t||UWMe@ ԥP3:=yfԾŠYLl WR<.'{-]+<[)qvR3~t}8pbXR)a�=;cm9C3"+dϤkGhoҳmtbV2f$QZZ?;^}T2ieӰ?M:I\3Ɋ и2:<>OGsl)/R+hhh+bЯ#^JbԿR[z6Tɤ]S[Wt;@NzůSc"}` MLzv7ԳT)V$w/RUˤ>_]{4̱b7)ۤLfQDBL|2eOQї/NB"uf:F ҕ9t:f:`_|~`� .PZ뀬� |Oߋb{JEj QzКl';Ki9d*$s)j4۾ n\ׯ�t5}8pbX#�]D=4ϢNvQӿ7"L"DQbX,V-Eږ|.e؇gX,u9^\)5 YibS݅4`Id<?zbX,Uk;.>^h,6/;pbXΟDZH/X%@ BƋ_=kz~njE;iZ{[�X,Ūޥu}Z&C1ӹ/p$,b8�}kGPRL赦̏{$� Lsi5*dcĆ4b)PQhzwbX,V9r2-K3g̠/f/S\-%8 3gX,oZy0B��uS=qP/ � \Ke#l�}?)/ 0 08aȸ |<vgsa>aa{jDF{ �,8>2ﴻ/BOo#o?"IM6 0 *K.$Wm\1I`ۊ՜΅}8paa]=�0 0 0 0 0 S aaaaa 0 0 0 0 0LhaaaaaF�4sDtއ 0 0 g 0 T�@ߺ1|^_FD L)ojG7܆a`oxw2 0 E@c`|<Ж7 g 0 Tb�'m<LlE:.*6Ѫx3)<&[ciܲ+d%"MoF6_Y,b+%QBDD>֞ g,b$މKӼ'zAc/w8Ifd݈٣{/:w_{`Hho �,g>"rjCF dl?%[Ljzn* y07 /[@xbY<a:x�zFc/ 1[+0?3 0 sS7؞43)p2TMx%ڑQ'G#SɬН(fJ=>A߈ ,,g>.Rymd,crÿf u۳FRwV>Cl~ԣ'Cg(F&ךh'(G;Y'x?X$_R&H7!7ߕ:Gj.#/ UCuK];?C?If z)7ay#4>}~A5/d%"$>Xw~q43gbXetLȔW-�]v;J\4k@uƮ JI h8yR g}4I}'RNvv`^hwb>C_֗߆Λ~^(d<k!Y,=*{87#) \j]�Zz9J97l: (ԵNջK`S~�mg>Nu|<�43gbXh01|m+;oFΥᭉګ7EӶWk^G}U#I� 'bpf|5 czt@.Sg!2{fl?MB߆v@s rO<|T`^|^|̈́R'1pŽibB7t(nȀjxϭ*,>_F<1[''?ߌx3#:;~s)yy(/@oW<O̿b?faQnn̐H+*W-jڤy2V?]R-URB%˅YTʮ7}qB )K4w?6NE\(h齱ݨ]3/tM'&-=_1:>gX5*%rf DPH2 D6<awf8CFRjMܚ!؀^ܮޅhxS4nI^yǪ3Y?X,%8{g'H!I+ht\�tusli/7|Zs۰2L~JQj k覢nKG\[ԝyΤcBǦ:Q)([c򒇩bՔ\i$%,P߯/b# @ Irzn) _()@P&7jeraEڽ  =/@?fX,U+7L`c*W\]픈5"Wvihz A= Zfd$� NLYc0wyѸ5k16L䛍IR~Y4MF=_Wc<Vc&`ϊoc:Cy?i0\̧g""or2~n_0ݿ67x?Y`" 9.>~p<6I .Axxp"z͟8m5$ɀ`荰`{L�AA� H/A*/l kyyz顯4n^\RL_>=2q >kwǹ5b ۿs|m]KoE6,B@Ql:Lg-g?E4@dg=Q`,HW@$#嗡pϱdQOHAc ݀FJQo2X㑒mŘ1Ghgw*rF'st.;䛭-Fܼبز] j??3 0 S>/7x.X"%vO6�ZYjE:h||U obe4ڥ3ZGT)149[w]%S9k0}U*#3v;zMqul~UɶR7}ɦ7(Ƴ\zH>c@.iK\ª}|㠺#O΄gX5"(E&"yowbHs2!/^Ȁ6А f.eʙAFӵl_imQIa%5G_`n|?R S:*H!SܡLb@3wڔi]]UAzAdS:k!"2ӑZ"3ܞ#"?DRe gZ o,*k}ef~NgT+7(g,bWyk> $B730vJ~{w{}l!@AJ\&]B0�!{Zl*J2U_@Kg0m$Xqy͗`&HRPnp|}rX3<覽'1-'E!Fd['q&mڡ9v(koű瑐 [AԡnXľ<IA"ᠡ |YW+VڼW_o  F[i8t^^ˢ۲'}a`Ņ_^tJFe8qw<`cnÃOk[1 Sأohꊀ'rvS &=B0,L !ڴvUI8WNy eѥ ᢬޷Ap=yRkJf>8ƴ86qҐiڸ3nz6>!zq+ؑ]쫦Cؼ&QG~^q <TmХo �(vAABr*+@kpp<g,y@2_V牌H1q.éq'nz0^.Nƒ,;}_n ; 9vocѲ0 �|'^?ǖ ^:- t$.^IAzzre=\Qvh} k??3 0 S1JL;RWȬ))7g.WW;Z??,W hdUH)m'Կo%Y5[@ɡOԫ"Pgpɢeo(dR]:מꕰʫͧ#/ӊK&wdJ]=UYei*Y7nTպ QǚHsmȲ8gMoOO~@/^<3YLٔ|mCz-?w¬e/fbU 31eJx)l1Dd򱮵?Z߷hQj_n-f{zhYz6Vl={{c!-]u-NOmPkFIt|\*Ϗ eZ_m\|@u L.e9[|vlGђ,EQdw۬?'rsw'7W2|MDܤ!Re܋Y /ګւtcZ{ ^Z )ɪ.k\ʵIVB22}ub3??X,Ū". B$ߤ-/fR+8v Md)tgykRgǪ<DwNZLyW&w{VvC!˥PC]v^ѷ|ݔ Ky讯كJLh}VzM6iJB*{,b47m*\2Eܠ]'*M4а)jiz[_XX,Vʦ7k%"9:>RŜCm@BhM\mh״{B- 3އNݧއMZ1$k<k}y>Mڪ۞ί1>r4B'h]IF9$ښO:ݚ uԞL Ţ>vYHNY@!_(Tqrq\<m$NI!"%ɮ}LC%Ne;+} fbX,*x|&|jͪt m+Z@0ZMҼ/ {=l�u,6jnR>/V�]5`5*d.vڈ4GhtǑ*cCXů\=ŧ|JMѪiQ2%1թxワhW,zx'By+b[MjףGh(g6칽dC&D >Uh[/2t0WKpۨ}P *(mkE 6zLef z3wRpej4ƶu;4/.Pܕ  DHq.$mۂ3,9TO)z5W}8$�b~إ`AW(Wz\IEChRl\RGH[=(H^)9_J[Yر|#�3zi_#~3ga qY8mJN1 ~Cx5iB!3\;<_׃7 Tı7<�Ȃc6".Ճ}z}6 H:|z@C�bkhC]5hp ٱ6C1;̹uo��IDAT Ѓp�XcbɁq/;ֳ04H-vl|8}avO.&6V+-%M(:­. Tӝ-B޾+En`(Xv~tcAK- r.I ZH""~ pK h[z@D7\&ddGs/JFt"D7%v}(w"wX0E Pףc^p�()ض펃2w p Y  0-a 7ʛ6Ed+xMΫt@Ta[w^T3{ӽ{Q.3gaOlmg 7"!{;VG N])'+O.؂/~GZtR7mZHuw)}5jF:X�z}EV ,UlDz7!z!,?M*GW(w�z,9vFg( K/D>2f >lbA ɤDAyKa1 T7[J�pt6qqshkZAw0;<(@+N#7%g#�;Hjp٦;BxA`Gñx7#: Sk2wR6xuK%s8\ExAM)ps PƔ6˿ zFxB݁V(- Fl&^X._D*Dz&n`.XG{$W7b͊.pj=Yk[?fa<ozr<~;d MzK+�=bo0!�XήGD{T/2KvӢl<j,k0Bm~+;+2�}FDCm( �YpbRD$Ԓ'%>8%`˦(5 ItC>F(F3�l2yfnAA@Y6yL)492&(>b-vmB}r:+jXd\O)_+Hצ軄bX#č87'C"dD{He:%r�/Vk"x*zc@{G`[|\ؕso$E_B>i% G+i0Gt#A'paLfm\``*YATpᵬ??3 0A<!s/&orLC'� ۹>ޛ۰vO.AZK@8w7SŌ0ja T?)h"-��ѽ<D 7",^o!{4F5Y G{V�(.Xb&eg!yȵ.@)K2&] @n]&nnjpDBj, TŻ. � 2 wZ(/#& |ѼRFK~jX=�}S ꡗ2 :6Qs>u[Oj@EӾ>jMW i ѹaظAp] /lo6 sl:Jp&a] XNO?DN]:!~Z \zi*yFm,ㅱNmaaar8%jRXMPί caiT~!ABU5^m:__[H ZVO\j~U~[x 8f�~²CYHM MJ= 30,Ф!RWaԧrz]Ouc,<)t УJ(m݄#8vKa hH#$9$%[@uؑIZ"�%)y|l15 Y3d<�;`%9. hnF�pg` : 7CS'P2qLR -;,{??3 0AR2w4@P/Swg,d% "NeЬ=e! BhZORN܈uǫA/[T9 &DCxkv f<Mu� qԨǓ/TTc.ѽ'RTPEAǣp8A]<RykZ۵DXe ;uÒ-%tGv bc+WQ];BdDthaC sډ 1rRwNrA߁=`X 3̊[#az{4j 1JAWzOHضgn䧫.z#%c;Y;vg6ƌGhh 4fje=~ޏ׿`<5K~LjAۻ K"]:4U0p\eU8nGt}.OzQkbQWBtZE?vqmaaa2ҵzJu8*n�uN""R2:BwTdJ;l6A?uYCf#TGwmیdQ{LssiX>Hmy| k_Ae+|~Pm]1 fWH1[m ʛY/ѬiU,ggP7}Y=duJ#Y>r qQL赦hQ!"r=AjxXCuz7?oL\?RKHAaCU'QCs\I(1~׮ϖHT/= "Uڲ8Iq܏d(D)JdKSD>b~ RWШr1ZuSSR?<2ɛRH"QGdBq/M-7:~L)Y2|G ,w\n4C;)Yݮ7!x+}fbX,Bh@/#'ޯPejJI '2ۉFJ2|~j_'L;Z;}PÀH.{Pzw2s4-A"q1ɽCh׌ e<XO(m}<[%L'??ƯhF!wTDVgH<E}j2 c*M+y36Mh2k&;}D_)&]ɣ7(O,U!Mi>4@M/l3C~Lhĵ$ɝo B<hK>4eH1$dӺ#6x)&2RV8G>fЀ GAg\'+)9YoLod&*y^Fb[q Շn}S]tCc5~$u)ۓ:5k.�]abX,V5eJ:DDT'.-a8%n Fdd�Bӽҷ`힪ׁTbٞ0]g=#+HN`xKlЍpL\= ?8D<L+z;ׅwSm-1jIiӡ~;z"htȵꃔo^-5ĕX3 r3x)L\2#9g'~G=y .[n,ÛOăɰp zot yցN�xŸVv=`�ގūV T [_ Wo ^2#s̘K Hm0fh[Όg;%3 UWzbH/HFC1ifɀ鏀A}Y�|u5N]zYIV``Ƭ\ۈuG 0Fp׺&ϯj#}3zC6ؼYNFSHWS@9ضh%,_vG?['K/]!-IasCय{Ƨ",ε|ZC[?'xg'֐maaajoԙ>P(J>-nj(\ m")lt9mn%Y($2Υ$D:Yis3k̔3Q>f\TX$Φmte*E*~ ݔ\FVr}۷nS[~Y)qPrZ,P._J[2~Ie.W9u> )#;U%_/ J+3cZŹKȴ{@a6Q _|~UUS u3L~O~$//zrZl \RoΓ.gz8?z3bX{HۚN?jQ폊7s,[ɔJ g҆K&"kU%Va*t4ps&s$+V2f^'P@r|d?iOd]O!J,JI8OGN\o+VsW)#BVS];V|72KjKѦ*kj몛w!SbIT~<{Ll)c՘IW?>z֓*?M{<_׊ZbIze~AK+XSs 6i!Yh 8Q)4sn:LF#e'SԮeèPf HQrTt:yUpϯj>j0� MO(ҬUq/"JDVA+3.#e(Gֺ@kmԗx'Z,%ɪlΥtl 34sY,b@�fr{|L|0]hus'%R3z."YHRLykX,bUK]i[BD:ibbX,Vte@m~Ֆk�+~{^[F!kb8MlP<IژGV,bsSo ["obfX,{6X(5X鯗|-h`ߙڛ/Tx7㫿gsߏM|s'MkobX9P7e23gObbX,tDiߐAri<mFLx{ؐF=EZ,J^ZdX,Ðn\9c}1{!m<Bl/)Yt3bX$'#_�Z8C/ eb0{lP66@'1Y}0 0 Se$Ðq-|@x&-b30 0۽/;<%�D˼6rZ?? /Ǝ{zR&vf&C7<3 0 S-\H>c1h۸.$c:.?9q1g 0 ܻ�{�aaaaay0 0 0 0 0 05aaaaa 0 0 0 0 0LhaaaaaF�40 0 0 0 0 S#p�aaaaa8�0 0 0 0 0 faaaaaj@3 0 0c����G0������E RЃL����IENDB`����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������