Jump to content
Not connected, Your IP: 3.137.175.80
AirVPN
squidf

Hummingbird error: Option allowed only to be pushed by the server

By squidf, ... in Troubleshooting and Problems

Recommended Posts

squidf    0

squidf
Posted ...

Hi
I have package Eddie and Hummingbird for Mageia Linux.
So far, I can only connect via Wireguard protocol.

The openVPN error is discussed at 
I have another type of error when I try to use Hummingbird. I get the error:

. 2023.01.07 16:34:43 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: Option allowed only to be pushed by the server


The full log:

. 2023.01.07 16:39:17 - Eddie version: 2.22.2 / linux_x64, System: Linux, Name: Mageia, Version: 8, Mono/.Net: 6.10.0.104 (tarball Wed Sep 23 10:35:39 UTC 2020); Framework: v4.0.30319
. 2023.01.07 16:39:17 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2023.01.07 16:39:17 - Raise system privileges
. 2023.01.07 16:39:23 - Collect network information
. 2023.01.07 16:39:23 - Reading options from /home/kris/.config/eddie/default.profile
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'nf_tables', exit:0
. 2023.01.07 16:39:23 - Elevated: Command:netlock-iptables-available
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-legacy-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *mangle
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [1584655:2159189278]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [1584655:2159189278]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [768629:215474813]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [768441:215475550]
. 2023.01.07 16:39:23 -     :tcfor - [0:0]
. 2023.01.07 16:39:23 -     :tcin - [0:0]
. 2023.01.07 16:39:23 -     :tcout - [0:0]
. 2023.01.07 16:39:23 -     :tcpost - [0:0]
. 2023.01.07 16:39:23 -     :tcpre - [0:0]
. 2023.01.07 16:39:23 -     -A PREROUTING -j tcpre
. 2023.01.07 16:39:23 -     -A INPUT -j tcin
. 2023.01.07 16:39:23 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.07 16:39:23 -     -A FORWARD -j tcfor
. 2023.01.07 16:39:23 -     -A OUTPUT -j tcout
. 2023.01.07 16:39:23 -     -A POSTROUTING -j tcpost
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *nat
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [31258:3585303]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [692:109984]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [4899:344378]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [4735:333430]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *raw
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [1584655:2159189278]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [768629:215474813]
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :FORWARD DROP [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :Eddie_fwd - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_in - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_out - [0:0]
. 2023.01.07 16:39:23 -     :Ifw - [0:0]
. 2023.01.07 16:39:23 -     :dynamic - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_fwd - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_in - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_out - [0:0]
. 2023.01.07 16:39:23 -     :fw-net - [0:0]
. 2023.01.07 16:39:23 -     :logdrop - [0:0]
. 2023.01.07 16:39:23 -     :logflags - [0:0]
. 2023.01.07 16:39:23 -     :logreject - [0:0]
. 2023.01.07 16:39:23 -     :net-fw - [0:0]
. 2023.01.07 16:39:23 -     :net_frwd - [0:0]
. 2023.01.07 16:39:23 -     :reject - [0:0]
. 2023.01.07 16:39:23 -     :sfilter - [0:0]
. 2023.01.07 16:39:23 -     :sha-lh-00e4bedab6ceb626df10 - [0:0]
. 2023.01.07 16:39:23 -     :sha-rh-ac9788ae90e964cea685 - [0:0]
. 2023.01.07 16:39:23 -     :shorewall - [0:0]
. 2023.01.07 16:39:23 -     :tcpflags - [0:0]
. 2023.01.07 16:39:23 -     -A INPUT -j Ifw
. 2023.01.07 16:39:23 -     -A INPUT -i Eddie -j Eddie_in
. 2023.01.07 16:39:23 -     -A INPUT -i enp6s0 -j enp6s0_in
. 2023.01.07 16:39:23 -     -A INPUT -i lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A INPUT -g reject
. 2023.01.07 16:39:23 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A FORWARD -g reject
. 2023.01.07 16:39:23 -     -A OUTPUT -o Eddie -j Eddie_out
. 2023.01.07 16:39:23 -     -A OUTPUT -o enp6s0 -j enp6s0_out
. 2023.01.07 16:39:23 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A OUTPUT -g reject
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.07 16:39:23 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_fwd -j net_frwd
. 2023.01.07 16:39:23 -     -A Eddie_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_in -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_in -j net-fw
. 2023.01.07 16:39:23 -     -A Eddie_out -j fw-net
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.07 16:39:23 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.07 16:39:23 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -j net_frwd
. 2023.01.07 16:39:23 -     -A enp6s0_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_in -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_in -j net-fw
. 2023.01.07 16:39:23 -     -A enp6s0_out -j fw-net
. 2023.01.07 16:39:23 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A fw-net -j ACCEPT
. 2023.01.07 16:39:23 -     -A logdrop -j DROP
. 2023.01.07 16:39:23 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.07 16:39:23 -     -A logflags -j DROP
. 2023.01.07 16:39:23 -     -A logreject -j reject
. 2023.01.07 16:39:23 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p tcp -m multiport --dports 80,443,22,1714:1764 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p udp -m multiport --dports 5353,427,1714:1764 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A net-fw -j DROP
. 2023.01.07 16:39:23 -     -A net_frwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A net_frwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.07 16:39:23 -     -A reject -p igmp -j DROP
. 2023.01.07 16:39:23 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.07 16:39:23 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.07 16:39:23 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.07 16:39:23 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.07 16:39:23 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A sfilter -j DROP
. 2023.01.07 16:39:23 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023'
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *mangle
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [647:74238]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [493:62289]
. 2023.01.07 16:39:23 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *nat
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [476:73195]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [476:73195]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [304:31767]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [140:17751]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *raw
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [647:74238]
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :FORWARD DROP [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :AllowICMPs - [0:0]
. 2023.01.07 16:39:23 -     :Broadcast - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_fwd - [0:0]
. 2023.01.07 16:39:23 -     :dynamic - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_fwd - [0:0]
. 2023.01.07 16:39:23 -     :logdrop - [0:0]
. 2023.01.07 16:39:23 -     :logflags - [0:0]
. 2023.01.07 16:39:23 -     :logreject - [0:0]
. 2023.01.07 16:39:23 -     :net-fw - [0:0]
. 2023.01.07 16:39:23 -     :reject - [0:0]
. 2023.01.07 16:39:23 -     :sfilter - [0:0]
. 2023.01.07 16:39:23 -     :sha-lh-10fe33fd0e5e97dee275 - [0:0]
. 2023.01.07 16:39:23 -     :sha-rh-7336593173e31fbf6cee - [0:0]
. 2023.01.07 16:39:23 -     :shorewall - [0:0]
. 2023.01.07 16:39:23 -     :tcpflags - [0:0]
. 2023.01.07 16:39:23 -     :~comb0 - [0:0]
. 2023.01.07 16:39:23 -     -A INPUT -i enp6s0 -j ~comb0
. 2023.01.07 16:39:23 -     -A INPUT -i Eddie -j ~comb0
. 2023.01.07 16:39:23 -     -A INPUT -i lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A INPUT -j Broadcast
. 2023.01.07 16:39:23 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A INPUT -g reject
. 2023.01.07 16:39:23 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A FORWARD -j Broadcast
. 2023.01.07 16:39:23 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A FORWARD -g reject
. 2023.01.07 16:39:23 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A OUTPUT -j Broadcast
. 2023.01.07 16:39:23 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A OUTPUT -g reject
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.07 16:39:23 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A logdrop -j DROP
. 2023.01.07 16:39:23 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.07 16:39:23 -     -A logflags -j DROP
. 2023.01.07 16:39:23 -     -A logreject -j reject
. 2023.01.07 16:39:23 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p udp -m multiport --dports 5353,427 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A net-fw -j Broadcast
. 2023.01.07 16:39:23 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A net-fw -j DROP
. 2023.01.07 16:39:23 -     -A reject -s ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A reject -p igmp -j DROP
. 2023.01.07 16:39:23 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.07 16:39:23 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.07 16:39:23 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.07 16:39:23 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.07 16:39:23 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A sfilter -j DROP
. 2023.01.07 16:39:23 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.07 16:39:23 -     -A ~comb0 -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A ~comb0 -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A ~comb0 -j net-fw
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023'
. 2023.01.07 16:39:23 - Elevated: Command:netlock-iptables-available
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-nft-save', exit:0, out:'# Generated by iptables-nft-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [0:0]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023', err:'# Warning: iptables-legacy tables present, use iptables-legacy-save to see them'
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft-save', exit:0, out:'# Generated by ip6tables-nft-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [0:0]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023', err:'# Warning: ip6tables-legacy tables present, use ip6tables-legacy-save to see them'
. 2023.01.07 16:39:23 - Elevated: Command:netlock-iptables-available
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/iptables-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *mangle
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [1584692:2159217215]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [1584692:2159217215]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [768665:215502649]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [768477:215503386]
. 2023.01.07 16:39:23 -     :tcfor - [0:0]
. 2023.01.07 16:39:23 -     :tcin - [0:0]
. 2023.01.07 16:39:23 -     :tcout - [0:0]
. 2023.01.07 16:39:23 -     :tcpost - [0:0]
. 2023.01.07 16:39:23 -     :tcpre - [0:0]
. 2023.01.07 16:39:23 -     -A PREROUTING -j tcpre
. 2023.01.07 16:39:23 -     -A INPUT -j tcin
. 2023.01.07 16:39:23 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.07 16:39:23 -     -A FORWARD -j tcfor
. 2023.01.07 16:39:23 -     -A OUTPUT -j tcout
. 2023.01.07 16:39:23 -     -A POSTROUTING -j tcpost
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *nat
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [31259:3585404]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [692:109984]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [4899:344378]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [4735:333430]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *raw
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [1584692:2159217215]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [768665:215502649]
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by iptables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :FORWARD DROP [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :Eddie_fwd - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_in - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_out - [0:0]
. 2023.01.07 16:39:23 -     :Ifw - [0:0]
. 2023.01.07 16:39:23 -     :dynamic - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_fwd - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_in - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_out - [0:0]
. 2023.01.07 16:39:23 -     :fw-net - [0:0]
. 2023.01.07 16:39:23 -     :logdrop - [0:0]
. 2023.01.07 16:39:23 -     :logflags - [0:0]
. 2023.01.07 16:39:23 -     :logreject - [0:0]
. 2023.01.07 16:39:23 -     :net-fw - [0:0]
. 2023.01.07 16:39:23 -     :net_frwd - [0:0]
. 2023.01.07 16:39:23 -     :reject - [0:0]
. 2023.01.07 16:39:23 -     :sfilter - [0:0]
. 2023.01.07 16:39:23 -     :sha-lh-00e4bedab6ceb626df10 - [0:0]
. 2023.01.07 16:39:23 -     :sha-rh-ac9788ae90e964cea685 - [0:0]
. 2023.01.07 16:39:23 -     :shorewall - [0:0]
. 2023.01.07 16:39:23 -     :tcpflags - [0:0]
. 2023.01.07 16:39:23 -     -A INPUT -j Ifw
. 2023.01.07 16:39:23 -     -A INPUT -i Eddie -j Eddie_in
. 2023.01.07 16:39:23 -     -A INPUT -i enp6s0 -j enp6s0_in
. 2023.01.07 16:39:23 -     -A INPUT -i lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A INPUT -g reject
. 2023.01.07 16:39:23 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A FORWARD -g reject
. 2023.01.07 16:39:23 -     -A OUTPUT -o Eddie -j Eddie_out
. 2023.01.07 16:39:23 -     -A OUTPUT -o enp6s0 -j enp6s0_out
. 2023.01.07 16:39:23 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A OUTPUT -g reject
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.07 16:39:23 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_fwd -j net_frwd
. 2023.01.07 16:39:23 -     -A Eddie_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_in -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_in -j net-fw
. 2023.01.07 16:39:23 -     -A Eddie_out -j fw-net
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.07 16:39:23 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.07 16:39:23 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.07 16:39:23 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -j net_frwd
. 2023.01.07 16:39:23 -     -A enp6s0_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_in -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_in -j net-fw
. 2023.01.07 16:39:23 -     -A enp6s0_out -j fw-net
. 2023.01.07 16:39:23 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A fw-net -j ACCEPT
. 2023.01.07 16:39:23 -     -A logdrop -j DROP
. 2023.01.07 16:39:23 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.07 16:39:23 -     -A logflags -j DROP
. 2023.01.07 16:39:23 -     -A logreject -j reject
. 2023.01.07 16:39:23 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p tcp -m multiport --dports 80,443,22,1714:1764 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p udp -m multiport --dports 5353,427,1714:1764 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A net-fw -j DROP
. 2023.01.07 16:39:23 -     -A net_frwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A net_frwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.07 16:39:23 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.07 16:39:23 -     -A reject -p igmp -j DROP
. 2023.01.07 16:39:23 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.07 16:39:23 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.07 16:39:23 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.07 16:39:23 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.07 16:39:23 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A sfilter -j DROP
. 2023.01.07 16:39:23 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023'
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.07 16:39:23 - Elevated: Exec, path:'/usr/sbin/ip6tables-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *mangle
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :FORWARD ACCEPT [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [647:74238]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [493:62289]
. 2023.01.07 16:39:23 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *nat
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [476:73195]
. 2023.01.07 16:39:23 -     :INPUT ACCEPT [476:73195]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [304:31767]
. 2023.01.07 16:39:23 -     :POSTROUTING ACCEPT [140:17751]
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *raw
. 2023.01.07 16:39:23 -     :PREROUTING ACCEPT [2018:284174]
. 2023.01.07 16:39:23 -     :OUTPUT ACCEPT [647:74238]
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.07 16:39:23 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.07 16:39:23 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     # Generated by ip6tables-save v1.8.7 on Sat Jan  7 16:39:23 2023
. 2023.01.07 16:39:23 -     *filter
. 2023.01.07 16:39:23 -     :INPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :FORWARD DROP [0:0]
. 2023.01.07 16:39:23 -     :OUTPUT DROP [0:0]
. 2023.01.07 16:39:23 -     :AllowICMPs - [0:0]
. 2023.01.07 16:39:23 -     :Broadcast - [0:0]
. 2023.01.07 16:39:23 -     :Eddie_fwd - [0:0]
. 2023.01.07 16:39:23 -     :dynamic - [0:0]
. 2023.01.07 16:39:23 -     :enp6s0_fwd - [0:0]
. 2023.01.07 16:39:23 -     :logdrop - [0:0]
. 2023.01.07 16:39:23 -     :logflags - [0:0]
. 2023.01.07 16:39:23 -     :logreject - [0:0]
. 2023.01.07 16:39:23 -     :net-fw - [0:0]
. 2023.01.07 16:39:23 -     :reject - [0:0]
. 2023.01.07 16:39:23 -     :sfilter - [0:0]
. 2023.01.07 16:39:23 -     :sha-lh-10fe33fd0e5e97dee275 - [0:0]
. 2023.01.07 16:39:23 -     :sha-rh-7336593173e31fbf6cee - [0:0]
. 2023.01.07 16:39:23 -     :shorewall - [0:0]
. 2023.01.07 16:39:23 -     :tcpflags - [0:0]
. 2023.01.07 16:39:23 -     :~comb0 - [0:0]
. 2023.01.07 16:39:23 -     -A INPUT -i enp6s0 -j ~comb0
. 2023.01.07 16:39:23 -     -A INPUT -i Eddie -j ~comb0
. 2023.01.07 16:39:23 -     -A INPUT -i lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A INPUT -j Broadcast
. 2023.01.07 16:39:23 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A INPUT -g reject
. 2023.01.07 16:39:23 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.07 16:39:23 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A FORWARD -j Broadcast
. 2023.01.07 16:39:23 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A FORWARD -g reject
. 2023.01.07 16:39:23 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.07 16:39:23 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A OUTPUT -j Broadcast
. 2023.01.07 16:39:23 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.07 16:39:23 -     -A OUTPUT -g reject
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.07 16:39:23 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A Eddie_fwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o enp6s0 -j ACCEPT
. 2023.01.07 16:39:23 -     -A enp6s0_fwd -o Eddie -j ACCEPT
. 2023.01.07 16:39:23 -     -A logdrop -j DROP
. 2023.01.07 16:39:23 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.07 16:39:23 -     -A logflags -j DROP
. 2023.01.07 16:39:23 -     -A logreject -j reject
. 2023.01.07 16:39:23 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p udp -m multiport --dports 5353,427 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.07 16:39:23 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.07 16:39:23 -     -A net-fw -j Broadcast
. 2023.01.07 16:39:23 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A net-fw -j DROP
. 2023.01.07 16:39:23 -     -A reject -s ff00::/8 -j DROP
. 2023.01.07 16:39:23 -     -A reject -p igmp -j DROP
. 2023.01.07 16:39:23 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.07 16:39:23 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.07 16:39:23 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.07 16:39:23 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.07 16:39:23 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.07 16:39:23 -     -A sfilter -j DROP
. 2023.01.07 16:39:23 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.07 16:39:23 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.07 16:39:23 -     -A ~comb0 -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.07 16:39:23 -     -A ~comb0 -p tcp -j tcpflags
. 2023.01.07 16:39:23 -     -A ~comb0 -j net-fw
. 2023.01.07 16:39:23 -     COMMIT
. 2023.01.07 16:39:23 -     # Completed on Sat Jan  7 16:39:23 2023'
. 2023.01.07 16:39:23 - Elevated: Command:ping-engine
. 2023.01.07 16:39:23 - Exec(4) of '/usr/sbin/openvpn', 1 args: '--version';
. 2023.01.07 16:39:23 - Exec(4) done in 2 ms, exit: 0, out: 'OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2023.01.07 16:39:23 -     library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
. 2023.01.07 16:39:23 -     Originally developed by James Yonan
. 2023.01.07 16:39:23 -     Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
. 2023.01.07 16:39:23 -     Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_pthread=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_lzo_headers=/usr/include/lzo with_mem_check=no with_sysroot=no'
. 2023.01.07 16:39:23 - Exec(5) of '/usr/bin/hummingbird', 1 args: '--version';
. 2023.01.07 16:39:23 - Exec(5) done in 4 ms, exit: 1, out: 'Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.07 16:39:23 -     OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.07 16:39:23 -     Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.07 16:39:23 -     OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.07 16:39:23 -     You need to be root in order to run this program.'
. 2023.01.07 16:39:23 - Exec(6) of '/usr/bin/ssh', 1 args: '-V';
. 2023.01.07 16:39:23 - Exec(6) done in 2 ms, exit: 0, err: 'OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022'
. 2023.01.07 16:39:23 - Exec(7) of '/usr/bin/stunnel', 1 args: '-version';
. 2023.01.07 16:39:23 - Exec(7) done in 3 ms, exit: 0, err: 'Initializing inetd mode configuration
. 2023.01.07 16:39:23 -     stunnel 5.63 on x86_64-mageia-linux-gnu platform
. 2023.01.07 16:39:23 -     Compiled with OpenSSL 1.1.1n  15 Mar 2022
. 2023.01.07 16:39:23 -     Running  with OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.07 16:39:23 -     Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
. 2023.01.07 16:39:23 -     Global options:
. 2023.01.07 16:39:23 -     RNDbytes               = 1024
. 2023.01.07 16:39:23 -     RNDfile                = /dev/urandom
. 2023.01.07 16:39:23 -     RNDoverwrite           = yes
. 2023.01.07 16:39:23 -     Service-level options:
. 2023.01.07 16:39:23 -     ciphers                = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
. 2023.01.07 16:39:23 -     ciphersuites           = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
. 2023.01.07 16:39:23 -     curves                 = X25519:P-256:X448:P-521:P-384
. 2023.01.07 16:39:23 -     debug                  = daemon.notice
. 2023.01.07 16:39:23 -     logId                  = sequential
. 2023.01.07 16:39:23 -     options                = NO_SSLv2
. 2023.01.07 16:39:23 -     options                = NO_SSLv3
. 2023.01.07 16:39:23 -     securityLevel          = 2
. 2023.01.07 16:39:23 -     sessionCacheSize       = 1000
. 2023.01.07 16:39:23 -     sessionCacheTimeout    = 300 seconds
. 2023.01.07 16:39:23 -     stack                  = 65536 bytes
. 2023.01.07 16:39:23 -     TIMEOUTbusy            = 300 seconds
. 2023.01.07 16:39:23 -     TIMEOUTclose           = 60 seconds
. 2023.01.07 16:39:23 -     TIMEOUTconnect         = 10 seconds
. 2023.01.07 16:39:23 -     TIMEOUTidle            = 43200 seconds
. 2023.01.07 16:39:23 -     verify                 = none'
. 2023.01.07 16:39:23 - OpenVPN - Version: 3.3.2 - Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022 (/usr/bin/hummingbird)
. 2023.01.07 16:39:23 - SSH - Version: OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022 (/usr/bin/ssh)
. 2023.01.07 16:39:23 - SSL - Version: Initializing (/usr/bin/stunnel)
. 2023.01.07 16:39:23 - Elevated: Command:dns-switch-rename-restore
I 2023.01.07 16:39:27 - Ready
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:27 - Above log line repeated 15 times more
. 2023.01.07 16:39:27 - Collect information about AirVPN completed
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:27 - Elevated: Command:ping-request
. 2023.01.07 16:39:29 - Above log line repeated 3 times more
I 2023.01.07 16:39:29 - Session starting.
I 2023.01.07 16:39:29 - Checking authorization ...
! 2023.01.07 16:39:29 - Connecting to Xuange (Switzerland, Zurich)
. 2023.01.07 16:39:29 - Elevated: Command:route-list
. 2023.01.07 16:39:29 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.07 16:39:29 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.07 16:39:29 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.07 16:39:29 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.07 16:39:29 - Elevated: Command:route
. 2023.01.07 16:39:29 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'add', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.07 16:39:29 - Routes, add x.x.x.x/32 for interface "enp6s0".
. 2023.01.07 16:39:29 - Elevated: Command:route-list
. 2023.01.07 16:39:29 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.07 16:39:29 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.07 16:39:29 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.07 16:39:29 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.07 16:39:29 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.07 16:39:29 - Routes, add x.x.x.x/32 for interface "enp6s0", already exists.
. 2023.01.07 16:39:29 - Elevated: Command:hummingbird
. 2023.01.07 16:39:29 - Hummingbird > Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.07 16:39:29 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.07 16:39:29 - Hummingbird > Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.07 16:39:29 - Hummingbird > OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.07 16:39:29 - Hummingbird > System and service manager in use is systemd
. 2023.01.07 16:39:29 - Hummingbird > Starting thread
. 2023.01.07 16:39:29 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.07 16:39:29 - Hummingbird > Frame=512/2112/512 mssfix-ctrl=1250
. 2023.01.07 16:39:29 - Hummingbird > NOTE: This configuration contains options that were not used:
. 2023.01.07 16:39:29 - Hummingbird > Option allowed only to be pushed by the server
. 2023.01.07 16:39:29 - Hummingbird > 11 [ping-exit] [32]
. 2023.01.07 16:39:29 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: Option allowed only to be pushed by the server
. 2023.01.07 16:39:29 - Hummingbird > Thread finished
. 2023.01.07 16:39:29 - Hummingbird > STATS:
! 2023.01.07 16:39:30 - Disconnecting
. 2023.01.07 16:39:30 - Elevated: Command:route-list
. 2023.01.07 16:39:30 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.07 16:39:30 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.07 16:39:30 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.07 16:39:30 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.07 16:39:30 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.07 16:39:30 - Elevated: Command:route
. 2023.01.07 16:39:30 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'delete', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.07 16:39:30 - Routes, delete 79.142.69.162/32 for interface "enp6s0".
. 2023.01.07 16:39:30 - Elevated: Command:route-list
. 2023.01.07 16:39:30 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.07 16:39:30 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.07 16:39:30 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.07 16:39:30 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.07 16:39:30 - Routes, delete x.x.x.x/32 for interface "enp6s0", not exists.
. 2023.01.07 16:39:30 - Elevated: Command:dns-switch-rename-restore
. 2023.01.07 16:39:30 - Connection terminated.
I 2023.01.07 16:39:32 - Cancel requested.
! 2023.01.07 16:39:32 - Session terminated.
 

Share this post

Link to post

OpenSourcerer    1435

OpenSourcerer
Posted ...

Do not copy the logs with Eddie, copy the system report instead. The logs don't print out how you configured Eddie, but that's quite important to know.
Please redo the steps but provide a system report. It contains the "full logs".

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

squidf    0

squidf
Posted ...
13 hours ago, OpenSourcerer said:

Do not copy the logs with Eddie, copy the system report instead. The logs don't print out how you configured Eddie, but that's quite important to know.
Please redo the steps but provide a system report. It contains the "full logs".

Thanks for your support and your education.

Here is what you requested. Please, do note I have not changed any default configuration beside UI.

Eddie System/Environment Report - 08/01/2023 - 09:03 UTC

Eddie version: 2.22.2
Eddie OS build: linux_x64
Eddie architecture: x64
OS type: Linux
OS name: Mageia
OS version: 8
OS architecture: x64
Mono /.Net Framework: 6.10.0.104 (tarball Wed Sep 23 10:35:39 UTC 2020); Framework: v4.0.30319
OpenVPN: 2.5.0 - OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10 (/usr/sbin/openvpn)
Hummingbird: 3.3.2 - Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022 (/usr/bin/hummingbird)
WireGuard: 1.0.0
SSH: OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022 (/usr/bin/ssh)
SSL: Initializing (/usr/bin/stunnel)
Profile path: /home/user/.config/eddie/default.profile
Data path: /home/user/.config/eddie
Application path: /usr/lib64/eddie-ui
Executable path: /usr/lib64/eddie-ui/eddie-ui.exe
Command line arguments: (2 args) path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
Network Lock Active: No
Connected to VPN: No
OS support IPv4: Yes
OS support IPv6: Yes
Detected DNS: 127.0.0.1
Test DNS IPv4: Ok
Test DNS IPv6: Ok
Test Ping IPv4: 29 ms
Test Ping IPv6: Failed
Test HTTP IPv4: Ok
Test HTTP IPv6: Error: Fetch url error:Couldn't connect to server
Test HTTPS: Ok
----------------------------
Important options not at defaults:

login: (omissis)
password: (omissis)
remember: True
servers.last: f315cae62bfe63c53920058f00a0715dc07f3ef9ef1b8d5ad9dfb8a2b5a5c3e6
servers.denylist: 7ebcf347ff4daea72116b30fbb73a0342ca80f9556a31c8282c71ceb6fbf90f4
areas.allowlist: ch,de
log.level.debug: True
proxy.mode: none
tools.hummingbird.preferred: True
gui.tray_minimized: True

----------------------------
Logs:

. 2023.01.08 10:02:11 - Eddie version: 2.22.2 / linux_x64, System: Linux, Name: Mageia, Version: 8, Mono/.Net: 6.10.0.104 (tarball Wed Sep 23 10:35:39 UTC 2020); Framework: v4.0.30319
. 2023.01.08 10:02:11 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2023.01.08 10:02:11 - Raise system privileges
. 2023.01.08 10:02:28 - Collect network information
. 2023.01.08 10:02:28 - Reading options from /home/user/.config/eddie/default.profile
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'nf_tables', exit:0
. 2023.01.08 10:02:28 - Elevated: Command:netlock-iptables-available
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-legacy-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *mangle
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [6790:5991521]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [6790:5991521]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [4908:629030]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [4917:635774]
. 2023.01.08 10:02:28 -     :tcfor - [0:0]
. 2023.01.08 10:02:28 -     :tcin - [0:0]
. 2023.01.08 10:02:28 -     :tcout - [0:0]
. 2023.01.08 10:02:28 -     :tcpost - [0:0]
. 2023.01.08 10:02:28 -     :tcpre - [0:0]
. 2023.01.08 10:02:28 -     -A PREROUTING -j tcpre
. 2023.01.08 10:02:28 -     -A INPUT -j tcin
. 2023.01.08 10:02:28 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.08 10:02:28 -     -A FORWARD -j tcfor
. 2023.01.08 10:02:28 -     -A OUTPUT -j tcout
. 2023.01.08 10:02:28 -     -A POSTROUTING -j tcpost
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *nat
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [660:74779]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [12:1539]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [346:33884]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [346:33884]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *raw
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [6791:5991743]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [4909:629252]
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :FORWARD DROP [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :Eddie_fwd - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_in - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_out - [0:0]
. 2023.01.08 10:02:28 -     :Ifw - [0:0]
. 2023.01.08 10:02:28 -     :dynamic - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_fwd - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_in - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_out - [0:0]
. 2023.01.08 10:02:28 -     :fw-net - [0:0]
. 2023.01.08 10:02:28 -     :logdrop - [0:0]
. 2023.01.08 10:02:28 -     :logflags - [0:0]
. 2023.01.08 10:02:28 -     :logreject - [0:0]
. 2023.01.08 10:02:28 -     :net-fw - [0:0]
. 2023.01.08 10:02:28 -     :net_frwd - [0:0]
. 2023.01.08 10:02:28 -     :reject - [0:0]
. 2023.01.08 10:02:28 -     :sfilter - [0:0]
. 2023.01.08 10:02:28 -     :sha-lh-00e4bedab6ceb626df10 - [0:0]
. 2023.01.08 10:02:28 -     :sha-rh-ac9788ae90e964cea685 - [0:0]
. 2023.01.08 10:02:28 -     :shorewall - [0:0]
. 2023.01.08 10:02:28 -     :tcpflags - [0:0]
. 2023.01.08 10:02:28 -     -A INPUT -j Ifw
. 2023.01.08 10:02:28 -     -A INPUT -i Eddie -j Eddie_in
. 2023.01.08 10:02:28 -     -A INPUT -i enp6s0 -j enp6s0_in
. 2023.01.08 10:02:28 -     -A INPUT -i lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A INPUT -g reject
. 2023.01.08 10:02:28 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A FORWARD -g reject
. 2023.01.08 10:02:28 -     -A OUTPUT -o Eddie -j Eddie_out
. 2023.01.08 10:02:28 -     -A OUTPUT -o enp6s0 -j enp6s0_out
. 2023.01.08 10:02:28 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A OUTPUT -g reject
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.08 10:02:28 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_fwd -j net_frwd
. 2023.01.08 10:02:28 -     -A Eddie_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_in -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_in -j net-fw
. 2023.01.08 10:02:28 -     -A Eddie_out -j fw-net
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.08 10:02:28 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.08 10:02:28 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -j net_frwd
. 2023.01.08 10:02:28 -     -A enp6s0_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_in -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_in -j net-fw
. 2023.01.08 10:02:28 -     -A enp6s0_out -j fw-net
. 2023.01.08 10:02:28 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A fw-net -j ACCEPT
. 2023.01.08 10:02:28 -     -A logdrop -j DROP
. 2023.01.08 10:02:28 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.08 10:02:28 -     -A logflags -j DROP
. 2023.01.08 10:02:28 -     -A logreject -j reject
. 2023.01.08 10:02:28 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p tcp -m multiport --dports 80,443,22,1714:1764 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p udp -m multiport --dports 5353,427,1714:1764 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A net-fw -j DROP
. 2023.01.08 10:02:28 -     -A net_frwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A net_frwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.08 10:02:28 -     -A reject -p igmp -j DROP
. 2023.01.08 10:02:28 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.08 10:02:28 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.08 10:02:28 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.08 10:02:28 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.08 10:02:28 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A sfilter -j DROP
. 2023.01.08 10:02:28 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023'
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *mangle
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [26:3444]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [31:4717]
. 2023.01.08 10:02:28 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *nat
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [8:1064]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [8:1064]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [6:874]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [6:874]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *raw
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [26:3444]
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :FORWARD DROP [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :AllowICMPs - [0:0]
. 2023.01.08 10:02:28 -     :Broadcast - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_fwd - [0:0]
. 2023.01.08 10:02:28 -     :dynamic - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_fwd - [0:0]
. 2023.01.08 10:02:28 -     :logdrop - [0:0]
. 2023.01.08 10:02:28 -     :logflags - [0:0]
. 2023.01.08 10:02:28 -     :logreject - [0:0]
. 2023.01.08 10:02:28 -     :net-fw - [0:0]
. 2023.01.08 10:02:28 -     :reject - [0:0]
. 2023.01.08 10:02:28 -     :sfilter - [0:0]
. 2023.01.08 10:02:28 -     :sha-lh-10fe33fd0e5e97dee275 - [0:0]
. 2023.01.08 10:02:28 -     :sha-rh-7336593173e31fbf6cee - [0:0]
. 2023.01.08 10:02:28 -     :shorewall - [0:0]
. 2023.01.08 10:02:28 -     :tcpflags - [0:0]
. 2023.01.08 10:02:28 -     :~comb0 - [0:0]
. 2023.01.08 10:02:28 -     -A INPUT -i enp6s0 -j ~comb0
. 2023.01.08 10:02:28 -     -A INPUT -i Eddie -j ~comb0
. 2023.01.08 10:02:28 -     -A INPUT -i lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A INPUT -j Broadcast
. 2023.01.08 10:02:28 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A INPUT -g reject
. 2023.01.08 10:02:28 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A FORWARD -j Broadcast
. 2023.01.08 10:02:28 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A FORWARD -g reject
. 2023.01.08 10:02:28 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A OUTPUT -j Broadcast
. 2023.01.08 10:02:28 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A OUTPUT -g reject
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.08 10:02:28 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A logdrop -j DROP
. 2023.01.08 10:02:28 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.08 10:02:28 -     -A logflags -j DROP
. 2023.01.08 10:02:28 -     -A logreject -j reject
. 2023.01.08 10:02:28 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p udp -m multiport --dports 5353,427 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A net-fw -j Broadcast
. 2023.01.08 10:02:28 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A net-fw -j DROP
. 2023.01.08 10:02:28 -     -A reject -s ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A reject -p igmp -j DROP
. 2023.01.08 10:02:28 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.08 10:02:28 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.08 10:02:28 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.08 10:02:28 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.08 10:02:28 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A sfilter -j DROP
. 2023.01.08 10:02:28 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.08 10:02:28 -     -A ~comb0 -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A ~comb0 -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A ~comb0 -j net-fw
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023'
. 2023.01.08 10:02:28 - Elevated: Command:netlock-iptables-available
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-nft-save', exit:0, out:'# Generated by iptables-nft-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [0:0]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023', err:'# Warning: iptables-legacy tables present, use iptables-legacy-save to see them'
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft-save', exit:0, out:'# Generated by ip6tables-nft-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [0:0]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023', err:'# Warning: ip6tables-legacy tables present, use ip6tables-legacy-save to see them'
. 2023.01.08 10:02:28 - Elevated: Command:netlock-iptables-available
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/iptables-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *mangle
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [6828:6019365]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [6828:6019365]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [4946:656874]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [4955:663618]
. 2023.01.08 10:02:28 -     :tcfor - [0:0]
. 2023.01.08 10:02:28 -     :tcin - [0:0]
. 2023.01.08 10:02:28 -     :tcout - [0:0]
. 2023.01.08 10:02:28 -     :tcpost - [0:0]
. 2023.01.08 10:02:28 -     :tcpre - [0:0]
. 2023.01.08 10:02:28 -     -A PREROUTING -j tcpre
. 2023.01.08 10:02:28 -     -A INPUT -j tcin
. 2023.01.08 10:02:28 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.08 10:02:28 -     -A FORWARD -j tcfor
. 2023.01.08 10:02:28 -     -A OUTPUT -j tcout
. 2023.01.08 10:02:28 -     -A POSTROUTING -j tcpost
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *nat
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [660:74779]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [12:1539]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [346:33884]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [346:33884]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *raw
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [6829:6019587]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [4947:657096]
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by iptables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :FORWARD DROP [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :Eddie_fwd - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_in - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_out - [0:0]
. 2023.01.08 10:02:28 -     :Ifw - [0:0]
. 2023.01.08 10:02:28 -     :dynamic - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_fwd - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_in - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_out - [0:0]
. 2023.01.08 10:02:28 -     :fw-net - [0:0]
. 2023.01.08 10:02:28 -     :logdrop - [0:0]
. 2023.01.08 10:02:28 -     :logflags - [0:0]
. 2023.01.08 10:02:28 -     :logreject - [0:0]
. 2023.01.08 10:02:28 -     :net-fw - [0:0]
. 2023.01.08 10:02:28 -     :net_frwd - [0:0]
. 2023.01.08 10:02:28 -     :reject - [0:0]
. 2023.01.08 10:02:28 -     :sfilter - [0:0]
. 2023.01.08 10:02:28 -     :sha-lh-00e4bedab6ceb626df10 - [0:0]
. 2023.01.08 10:02:28 -     :sha-rh-ac9788ae90e964cea685 - [0:0]
. 2023.01.08 10:02:28 -     :shorewall - [0:0]
. 2023.01.08 10:02:28 -     :tcpflags - [0:0]
. 2023.01.08 10:02:28 -     -A INPUT -j Ifw
. 2023.01.08 10:02:28 -     -A INPUT -i Eddie -j Eddie_in
. 2023.01.08 10:02:28 -     -A INPUT -i enp6s0 -j enp6s0_in
. 2023.01.08 10:02:28 -     -A INPUT -i lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A INPUT -g reject
. 2023.01.08 10:02:28 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A FORWARD -g reject
. 2023.01.08 10:02:28 -     -A OUTPUT -o Eddie -j Eddie_out
. 2023.01.08 10:02:28 -     -A OUTPUT -o enp6s0 -j enp6s0_out
. 2023.01.08 10:02:28 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A OUTPUT -g reject
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.08 10:02:28 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_fwd -j net_frwd
. 2023.01.08 10:02:28 -     -A Eddie_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_in -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_in -j net-fw
. 2023.01.08 10:02:28 -     -A Eddie_out -j fw-net
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.08 10:02:28 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 80 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 443 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 22 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.08 10:02:28 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.08 10:02:28 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 5353 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A Ifw -p udp -m conntrack --ctstate NEW -m udp --dport 427 -j IFWLOG--log-prefix "NEW"
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -j net_frwd
. 2023.01.08 10:02:28 -     -A enp6s0_in -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_in -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_in -j net-fw
. 2023.01.08 10:02:28 -     -A enp6s0_out -j fw-net
. 2023.01.08 10:02:28 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A fw-net -j ACCEPT
. 2023.01.08 10:02:28 -     -A logdrop -j DROP
. 2023.01.08 10:02:28 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.08 10:02:28 -     -A logflags -j DROP
. 2023.01.08 10:02:28 -     -A logreject -j reject
. 2023.01.08 10:02:28 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p tcp -m multiport --dports 80,443,22,1714:1764 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p udp -m multiport --dports 5353,427,1714:1764 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A net-fw -j DROP
. 2023.01.08 10:02:28 -     -A net_frwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A net_frwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.08 10:02:28 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.08 10:02:28 -     -A reject -p igmp -j DROP
. 2023.01.08 10:02:28 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.08 10:02:28 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.08 10:02:28 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.08 10:02:28 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.08 10:02:28 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A sfilter -j DROP
. 2023.01.08 10:02:28 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023'
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.08 10:02:28 - Elevated: Exec, path:'/usr/sbin/ip6tables-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *mangle
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :FORWARD ACCEPT [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [26:3444]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [31:4717]
. 2023.01.08 10:02:28 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *nat
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [8:1064]
. 2023.01.08 10:02:28 -     :INPUT ACCEPT [8:1064]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [6:874]
. 2023.01.08 10:02:28 -     :POSTROUTING ACCEPT [6:874]
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *raw
. 2023.01.08 10:02:28 -     :PREROUTING ACCEPT [33:4441]
. 2023.01.08 10:02:28 -     :OUTPUT ACCEPT [26:3444]
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.08 10:02:28 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.08 10:02:28 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     # Generated by ip6tables-save v1.8.7 on Sun Jan  8 10:02:28 2023
. 2023.01.08 10:02:28 -     *filter
. 2023.01.08 10:02:28 -     :INPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :FORWARD DROP [0:0]
. 2023.01.08 10:02:28 -     :OUTPUT DROP [0:0]
. 2023.01.08 10:02:28 -     :AllowICMPs - [0:0]
. 2023.01.08 10:02:28 -     :Broadcast - [0:0]
. 2023.01.08 10:02:28 -     :Eddie_fwd - [0:0]
. 2023.01.08 10:02:28 -     :dynamic - [0:0]
. 2023.01.08 10:02:28 -     :enp6s0_fwd - [0:0]
. 2023.01.08 10:02:28 -     :logdrop - [0:0]
. 2023.01.08 10:02:28 -     :logflags - [0:0]
. 2023.01.08 10:02:28 -     :logreject - [0:0]
. 2023.01.08 10:02:28 -     :net-fw - [0:0]
. 2023.01.08 10:02:28 -     :reject - [0:0]
. 2023.01.08 10:02:28 -     :sfilter - [0:0]
. 2023.01.08 10:02:28 -     :sha-lh-10fe33fd0e5e97dee275 - [0:0]
. 2023.01.08 10:02:28 -     :sha-rh-7336593173e31fbf6cee - [0:0]
. 2023.01.08 10:02:28 -     :shorewall - [0:0]
. 2023.01.08 10:02:28 -     :tcpflags - [0:0]
. 2023.01.08 10:02:28 -     :~comb0 - [0:0]
. 2023.01.08 10:02:28 -     -A INPUT -i enp6s0 -j ~comb0
. 2023.01.08 10:02:28 -     -A INPUT -i Eddie -j ~comb0
. 2023.01.08 10:02:28 -     -A INPUT -i lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A INPUT -j Broadcast
. 2023.01.08 10:02:28 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A INPUT -g reject
. 2023.01.08 10:02:28 -     -A FORWARD -i enp6s0 -j enp6s0_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -i Eddie -j Eddie_fwd
. 2023.01.08 10:02:28 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A FORWARD -j Broadcast
. 2023.01.08 10:02:28 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A FORWARD -g reject
. 2023.01.08 10:02:28 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.08 10:02:28 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A OUTPUT -j Broadcast
. 2023.01.08 10:02:28 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.08 10:02:28 -     -A OUTPUT -g reject
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -g sfilter
. 2023.01.08 10:02:28 -     -A Eddie_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A Eddie_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A Eddie_fwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -g sfilter
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o enp6s0 -j ACCEPT
. 2023.01.08 10:02:28 -     -A enp6s0_fwd -o Eddie -j ACCEPT
. 2023.01.08 10:02:28 -     -A logdrop -j DROP
. 2023.01.08 10:02:28 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.08 10:02:28 -     -A logflags -j DROP
. 2023.01.08 10:02:28 -     -A logreject -j reject
. 2023.01.08 10:02:28 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p udp -m multiport --dports 5353,427 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.08 10:02:28 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.08 10:02:28 -     -A net-fw -j Broadcast
. 2023.01.08 10:02:28 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A net-fw -j DROP
. 2023.01.08 10:02:28 -     -A reject -s ff00::/8 -j DROP
. 2023.01.08 10:02:28 -     -A reject -p igmp -j DROP
. 2023.01.08 10:02:28 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.08 10:02:28 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.08 10:02:28 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.08 10:02:28 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.08 10:02:28 -     -A sfilter -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "sfilter DROP " --log-level 6
. 2023.01.08 10:02:28 -     -A sfilter -j DROP
. 2023.01.08 10:02:28 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.08 10:02:28 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.08 10:02:28 -     -A ~comb0 -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.08 10:02:28 -     -A ~comb0 -p tcp -j tcpflags
. 2023.01.08 10:02:28 -     -A ~comb0 -j net-fw
. 2023.01.08 10:02:28 -     COMMIT
. 2023.01.08 10:02:28 -     # Completed on Sun Jan  8 10:02:28 2023'
. 2023.01.08 10:02:28 - Elevated: Command:ping-engine
. 2023.01.08 10:02:28 - Exec(4) of '/usr/sbin/openvpn', 1 args: '--version';
. 2023.01.08 10:02:29 - Exec(4) done in 5 ms, exit: 0, out: 'OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2023.01.08 10:02:29 -     library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
. 2023.01.08 10:02:29 -     Originally developed by James Yonan
. 2023.01.08 10:02:29 -     Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
. 2023.01.08 10:02:29 -     Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_pthread=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_lzo_headers=/usr/include/lzo with_mem_check=no with_sysroot=no'
. 2023.01.08 10:02:29 - Exec(5) of '/usr/bin/hummingbird', 1 args: '--version';
. 2023.01.08 10:02:29 - Exec(5) done in 117 ms, exit: 1, out: 'Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.08 10:02:29 -     OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.08 10:02:29 -     Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.08 10:02:29 -     OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.08 10:02:29 -     You need to be root in order to run this program.'
. 2023.01.08 10:02:29 - Exec(6) of '/usr/bin/ssh', 1 args: '-V';
. 2023.01.08 10:02:29 - Exec(6) done in 25 ms, exit: 0, err: 'OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022'
. 2023.01.08 10:02:29 - Exec(7) of '/usr/bin/stunnel', 1 args: '-version';
. 2023.01.08 10:02:29 - Exec(7) done in 3 ms, exit: 0, err: 'Initializing inetd mode configuration
. 2023.01.08 10:02:29 -     stunnel 5.63 on x86_64-mageia-linux-gnu platform
. 2023.01.08 10:02:29 -     Compiled with OpenSSL 1.1.1n  15 Mar 2022
. 2023.01.08 10:02:29 -     Running  with OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.08 10:02:29 -     Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
. 2023.01.08 10:02:29 -     Global options:
. 2023.01.08 10:02:29 -     RNDbytes               = 1024
. 2023.01.08 10:02:29 -     RNDfile                = /dev/urandom
. 2023.01.08 10:02:29 -     RNDoverwrite           = yes
. 2023.01.08 10:02:29 -     Service-level options:
. 2023.01.08 10:02:29 -     ciphers                = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
. 2023.01.08 10:02:29 -     ciphersuites           = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
. 2023.01.08 10:02:29 -     curves                 = X25519:P-256:X448:P-521:P-384
. 2023.01.08 10:02:29 -     debug                  = daemon.notice
. 2023.01.08 10:02:29 -     logId                  = sequential
. 2023.01.08 10:02:29 -     options                = NO_SSLv2
. 2023.01.08 10:02:29 -     options                = NO_SSLv3
. 2023.01.08 10:02:29 -     securityLevel          = 2
. 2023.01.08 10:02:29 -     sessionCacheSize       = 1000
. 2023.01.08 10:02:29 -     sessionCacheTimeout    = 300 seconds
. 2023.01.08 10:02:29 -     stack                  = 65536 bytes
. 2023.01.08 10:02:29 -     TIMEOUTbusy            = 300 seconds
. 2023.01.08 10:02:29 -     TIMEOUTclose           = 60 seconds
. 2023.01.08 10:02:29 -     TIMEOUTconnect         = 10 seconds
. 2023.01.08 10:02:29 -     TIMEOUTidle            = 43200 seconds
. 2023.01.08 10:02:29 -     verify                 = none'
. 2023.01.08 10:02:29 - OpenVPN - Version: 3.3.2 - Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022 (/usr/bin/hummingbird)
. 2023.01.08 10:02:29 - SSH - Version: OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022 (/usr/bin/ssh)
. 2023.01.08 10:02:29 - SSL - Version: Initializing (/usr/bin/stunnel)
. 2023.01.08 10:02:29 - Elevated: Command:dns-switch-rename-restore
I 2023.01.08 10:02:32 - Ready
. 2023.01.08 10:02:32 - Elevated: Command:ping-request
. 2023.01.08 10:02:32 - Elevated: Command:ping-request
. 2023.01.08 10:02:32 - Elevated: Command:ping-request
. 2023.01.08 10:02:33 - Above log line repeated 21 times more
. 2023.01.08 10:02:33 - Collect information about AirVPN completed
I 2023.01.08 10:03:01 - Session starting.
I 2023.01.08 10:03:01 - Checking authorization ...
! 2023.01.08 10:03:02 - Connecting to Xuange (Switzerland, Zurich)
. 2023.01.08 10:03:02 - Elevated: Command:route-list
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.08 10:03:02 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.08 10:03:02 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.08 10:03:02 - Elevated: Command:route
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'add', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.08 10:03:02 - Routes, add x.x.x./32 for interface "enp6s0".
. 2023.01.08 10:03:02 - Elevated: Command:route-list
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.08 10:03:02 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.08 10:03:02 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.08 10:03:02 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.08 10:03:02 - Routes, add x.x.x.x/32 for interface "enp6s0", already exists.
. 2023.01.08 10:03:02 - Elevated: Command:hummingbird
. 2023.01.08 10:03:02 - Hummingbird > Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.08 10:03:02 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.08 10:03:02 - Hummingbird > Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.08 10:03:02 - Hummingbird > OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.08 10:03:02 - Hummingbird > System and service manager in use is systemd
. 2023.01.08 10:03:02 - Hummingbird > Starting thread
. 2023.01.08 10:03:02 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.08 10:03:02 - Hummingbird > Frame=512/2112/512 mssfix-ctrl=1250
. 2023.01.08 10:03:02 - Hummingbird > NOTE: This configuration contains options that were not used:
. 2023.01.08 10:03:02 - Hummingbird > Option allowed only to be pushed by the server
. 2023.01.08 10:03:02 - Hummingbird > 11 [ping-exit] [32]
. 2023.01.08 10:03:02 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: Option allowed only to be pushed by the server
. 2023.01.08 10:03:02 - Hummingbird > Thread finished
. 2023.01.08 10:03:02 - Hummingbird > STATS:
! 2023.01.08 10:03:02 - Disconnecting
. 2023.01.08 10:03:02 - Elevated: Command:route-list
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.08 10:03:02 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.08 10:03:02 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.08 10:03:02 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.08 10:03:02 - Elevated: Command:route
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'delete', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.08 10:03:02 - Routes, delete x.x.x.x/32 for interface "enp6s0".
. 2023.01.08 10:03:02 - Elevated: Command:route-list
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.08 10:03:02 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.08 10:03:02 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.08 10:03:02 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.08 10:03:02 - Routes, delete x.x.x.x/32 for interface "enp6s0", not exists.
. 2023.01.08 10:03:02 - Elevated: Command:dns-switch-rename-restore
. 2023.01.08 10:03:02 - Connection terminated.
I 2023.01.08 10:03:04 - Cancel requested.
! 2023.01.08 10:03:04 - Session terminated.
. 2023.01.08 10:03:28 - Elevated: Command:ping-request
. 2023.01.08 10:03:29 - Elevated: Command:ping-request

----------------------------
Network Info:

{
    "routes": [
        {
            "destination": "0.0.0.0\/0",
            "gateway": "192.168.1.254",
            "interface": "enp6s0",
            "metric": "100",
            "proto": "dhcp"
        },
        {
            "destination": "192.168.1.0\/24",
            "interface": "enp6s0",
            "metric": "100",
            "proto": "kernel",
            "scope": "link",
            "src": "192.168.1.21"
        },
        {
            "destination": "::1\/128",
            "interface": "lo",
            "metric": "256",
            "pref": "medium",
            "proto": "kernel"
        },
        {
            "destination": "fe80::\/64",
            "interface": "enp6s0",
            "metric": "100",
            "pref": "medium",
            "proto": "kernel"
        }
    ],
    "ipv4-default-gateway": "192.168.1.254",
    "ipv4-default-interface": "enp6s0",
    "interfaces": [
        {
            "friendly": "lo",
            "id": "lo",
            "name": "lo",
            "description": "lo",
            "type": "Loopback",
            "status": "Unknown",
            "bytes_received": "186040",
            "bytes_sent": "186040",
            "support_ipv4": true,
            "support_ipv6": true,
            "ips": [
                "127.0.0.1",
                "::1"
            ],
            "bind": true
        },
        {
            "friendly": "enp6s0",
            "id": "enp6s0",
            "name": "enp6s0",
            "description": "enp6s0",
            "type": "Ethernet",
            "status": "Up",
            "bytes_received": "6333646",
            "bytes_sent": "739365",
            "support_ipv4": true,
            "support_ipv6": true,
            "ips": [
                "192.168.1.21",
                "fe80::9d2a:46e8:1846:4e9d"
            ],
            "bind": true
        }
    ]
}
----------------------------
ip addr show:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether f0:2f:74:2e:5b:c5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.21/24 brd 192.168.1.255 scope global dynamic noprefixroute enp6s0
       valid_lft 86018sec preferred_lft 86018sec
    inet6 fe80::9d2a:46e8:1846:4e9d/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
----------------------------
ip link show:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether f0:2f:74:2e:5b:c5 brd ff:ff:ff:ff:ff:ff

Share this post

Link to post

squidf    0

squidf
Posted ...

Hi. @Clodosuggested to add -ping-exit as Custom Directive, but it didn't help. Thanks though.

Log:

Eddie System/Environment Report - 10/01/2023 - 20:36 UTC

Eddie version: 2.22.2
Eddie OS build: linux_x64
Eddie architecture: x64
OS type: Linux
OS name: Mageia
OS version: 8
OS architecture: x64
Mono /.Net Framework: 6.10.0.104 (tarball Wed Sep 23 10:35:39 UTC 2020); Framework: v4.0.30319
OpenVPN: 2.5.0 - OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10 (/usr/sbin/openvpn)
Hummingbird: 3.3.2 - Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022 (/usr/bin/hummingbird)
WireGuard: 1.0.0
SSH: OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022 (/usr/bin/ssh)
SSL: Initializing (/usr/bin/stunnel)
Profile path: /home/user/.config/eddie/default.profile
Data path: /home/user/.config/eddie
Application path: /usr/lib64/eddie-ui
Executable path: /usr/lib64/eddie-ui/eddie-ui.exe
Command line arguments: (2 args) path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
Network Lock Active: No
Connected to VPN: No
OS support IPv4: Yes
OS support IPv6: Yes
Detected DNS: 127.0.0.1
Test DNS IPv4: Ok
Test DNS IPv6: Ok
Test Ping IPv4: 29 ms
Test Ping IPv6: Failed
Test HTTP IPv4: Ok
Test HTTP IPv6: Error: Fetch url error:Couldn't connect to server
Test HTTPS: Ok
----------------------------
Important options not at defaults:

login: (omissis)
password: (omissis)
remember: True
servers.last: 6f0e8b6d2018c525a50fe13504ca7ac4a2e1af7e2996fefca0b104f28116453d
servers.denylist: 7ebcf347ff4daea72116b30fbb73a0342ca80f9556a31c8282c71ceb6fbf90f4
areas.allowlist: ch,de
log.level.debug: True
proxy.mode: none
tools.hummingbird.preferred: True
openvpn.custom: -ping-exit
gui.tray_minimized: True

----------------------------
Logs:

. 2023.01.10 21:34:41 - Eddie version: 2.22.2 / linux_x64, System: Linux, Name: Mageia, Version: 8, Mono/.Net: 6.10.0.104 (tarball Wed Sep 23 10:35:39 UTC 2020); Framework: v4.0.30319
. 2023.01.10 21:34:41 - Command line arguments (2): path.resources="/usr/share/eddie-ui" path.exec="/usr/bin/eddie-ui"
. 2023.01.10 21:34:41 - Raise system privileges
. 2023.01.10 21:34:46 - Collect network information
. 2023.01.10 21:34:47 - Reading options from /home/user/.config/eddie/default.profile
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'nf_tables', exit:0
. 2023.01.10 21:34:47 - Elevated: Command:netlock-iptables-available
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-legacy-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *mangle
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [8977:2739818]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [8977:2739818]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [6790:2326624]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [6792:2326770]
. 2023.01.10 21:34:47 -     :tcfor - [0:0]
. 2023.01.10 21:34:47 -     :tcin - [0:0]
. 2023.01.10 21:34:47 -     :tcout - [0:0]
. 2023.01.10 21:34:47 -     :tcpost - [0:0]
. 2023.01.10 21:34:47 -     :tcpre - [0:0]
. 2023.01.10 21:34:47 -     -A PREROUTING -j tcpre
. 2023.01.10 21:34:47 -     -A INPUT -j tcin
. 2023.01.10 21:34:47 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.10 21:34:47 -     -A FORWARD -j tcfor
. 2023.01.10 21:34:47 -     -A OUTPUT -j tcout
. 2023.01.10 21:34:47 -     -A POSTROUTING -j tcpost
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *nat
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [2495:294045]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [123:12373]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [123:12373]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *raw
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [8977:2739818]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [6790:2326624]
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :FORWARD DROP [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :Ifw - [0:0]
. 2023.01.10 21:34:47 -     :dynamic - [0:0]
. 2023.01.10 21:34:47 -     :fw-net - [0:0]
. 2023.01.10 21:34:47 -     :logdrop - [0:0]
. 2023.01.10 21:34:47 -     :logflags - [0:0]
. 2023.01.10 21:34:47 -     :logreject - [0:0]
. 2023.01.10 21:34:47 -     :net-fw - [0:0]
. 2023.01.10 21:34:47 -     :reject - [0:0]
. 2023.01.10 21:34:47 -     :sha-lh-49ca04046e757de39777 - [0:0]
. 2023.01.10 21:34:47 -     :sha-rh-1272302ddb73b9c5d780 - [0:0]
. 2023.01.10 21:34:47 -     :shorewall - [0:0]
. 2023.01.10 21:34:47 -     :tcpflags - [0:0]
. 2023.01.10 21:34:47 -     -A INPUT -j Ifw
. 2023.01.10 21:34:47 -     -A INPUT -i enp6s0 -j net-fw
. 2023.01.10 21:34:47 -     -A INPUT -i lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A INPUT -g reject
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A FORWARD -g reject
. 2023.01.10 21:34:47 -     -A OUTPUT -o enp6s0 -j fw-net
. 2023.01.10 21:34:47 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A OUTPUT -g reject
. 2023.01.10 21:34:47 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.10 21:34:47 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.10 21:34:47 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.10 21:34:47 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 2249 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A fw-net -j ACCEPT
. 2023.01.10 21:34:47 -     -A logdrop -j DROP
. 2023.01.10 21:34:47 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.10 21:34:47 -     -A logflags -j DROP
. 2023.01.10 21:34:47 -     -A logreject -j reject
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -j tcpflags
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p udp -m udp --dport 1714:1764 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -m multiport --dports 1714:1764,2249 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.10 21:34:47 -     -A net-fw -j DROP
. 2023.01.10 21:34:47 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.10 21:34:47 -     -A reject -p igmp -j DROP
. 2023.01.10 21:34:47 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.10 21:34:47 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.10 21:34:47 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.10 21:34:47 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.10 21:34:47 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023'
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-legacy-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *mangle
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [19:2097]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [21:2283]
. 2023.01.10 21:34:47 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *nat
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [67:10254]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [11:1329]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [11:1329]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *raw
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [19:2097]
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :FORWARD DROP [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :AllowICMPs - [0:0]
. 2023.01.10 21:34:47 -     :Broadcast - [0:0]
. 2023.01.10 21:34:47 -     :dynamic - [0:0]
. 2023.01.10 21:34:47 -     :logdrop - [0:0]
. 2023.01.10 21:34:47 -     :logflags - [0:0]
. 2023.01.10 21:34:47 -     :logreject - [0:0]
. 2023.01.10 21:34:47 -     :net-fw - [0:0]
. 2023.01.10 21:34:47 -     :reject - [0:0]
. 2023.01.10 21:34:47 -     :sha-lh-a4bafa08f291683d9548 - [0:0]
. 2023.01.10 21:34:47 -     :sha-rh-2b91d727b13f0951efcc - [0:0]
. 2023.01.10 21:34:47 -     :shorewall - [0:0]
. 2023.01.10 21:34:47 -     :tcpflags - [0:0]
. 2023.01.10 21:34:47 -     -A INPUT -i enp6s0 -j net-fw
. 2023.01.10 21:34:47 -     -A INPUT -i lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A INPUT -j Broadcast
. 2023.01.10 21:34:47 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A INPUT -g reject
. 2023.01.10 21:34:47 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A FORWARD -j Broadcast
. 2023.01.10 21:34:47 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A FORWARD -g reject
. 2023.01.10 21:34:47 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A OUTPUT -j Broadcast
. 2023.01.10 21:34:47 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A OUTPUT -g reject
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A logdrop -j DROP
. 2023.01.10 21:34:47 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.10 21:34:47 -     -A logflags -j DROP
. 2023.01.10 21:34:47 -     -A logreject -j reject
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -j tcpflags
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -m multiport --dports 1714:1764,2249 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p udp -m udp --dport 1714:1764 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A net-fw -j Broadcast
. 2023.01.10 21:34:47 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.10 21:34:47 -     -A net-fw -j DROP
. 2023.01.10 21:34:47 -     -A reject -s ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A reject -p igmp -j DROP
. 2023.01.10 21:34:47 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.10 21:34:47 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.10 21:34:47 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.10 21:34:47 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.10 21:34:47 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023'
. 2023.01.10 21:34:47 - Elevated: Command:netlock-iptables-available
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-nft-save', exit:0, out:'# Generated by iptables-nft-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023', err:'# Warning: iptables-legacy tables present, use iptables-legacy-save to see them'
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-nft-save', exit:0, out:'# Generated by ip6tables-nft-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023', err:'# Warning: ip6tables-legacy tables present, use ip6tables-legacy-save to see them'
. 2023.01.10 21:34:47 - Elevated: Command:netlock-iptables-available
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'iptable_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/modprobe', arg:'ip6table_filter', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-A', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables', arg:'-D', arg:'INPUT', arg:'-s', arg:'127.0.0.1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/iptables-save', exit:0, out:'# Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *mangle
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [9024:2764642]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [9024:2764642]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [6837:2351536]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [6839:2351682]
. 2023.01.10 21:34:47 -     :tcfor - [0:0]
. 2023.01.10 21:34:47 -     :tcin - [0:0]
. 2023.01.10 21:34:47 -     :tcout - [0:0]
. 2023.01.10 21:34:47 -     :tcpost - [0:0]
. 2023.01.10 21:34:47 -     :tcpre - [0:0]
. 2023.01.10 21:34:47 -     -A PREROUTING -j tcpre
. 2023.01.10 21:34:47 -     -A INPUT -j tcin
. 2023.01.10 21:34:47 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.10 21:34:47 -     -A FORWARD -j tcfor
. 2023.01.10 21:34:47 -     -A OUTPUT -j tcout
. 2023.01.10 21:34:47 -     -A POSTROUTING -j tcpost
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *nat
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [2495:294045]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [123:12373]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [123:12373]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *raw
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [9024:2764642]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [6837:2351536]
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6667 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper irc
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1723 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper pptp
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 161 -j CT --helper snmp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by iptables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :FORWARD DROP [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :Ifw - [0:0]
. 2023.01.10 21:34:47 -     :dynamic - [0:0]
. 2023.01.10 21:34:47 -     :fw-net - [0:0]
. 2023.01.10 21:34:47 -     :logdrop - [0:0]
. 2023.01.10 21:34:47 -     :logflags - [0:0]
. 2023.01.10 21:34:47 -     :logreject - [0:0]
. 2023.01.10 21:34:47 -     :net-fw - [0:0]
. 2023.01.10 21:34:47 -     :reject - [0:0]
. 2023.01.10 21:34:47 -     :sha-lh-49ca04046e757de39777 - [0:0]
. 2023.01.10 21:34:47 -     :sha-rh-1272302ddb73b9c5d780 - [0:0]
. 2023.01.10 21:34:47 -     :shorewall - [0:0]
. 2023.01.10 21:34:47 -     :tcpflags - [0:0]
. 2023.01.10 21:34:47 -     -A INPUT -j Ifw
. 2023.01.10 21:34:47 -     -A INPUT -i enp6s0 -j net-fw
. 2023.01.10 21:34:47 -     -A INPUT -i lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A INPUT -g reject
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A FORWARD -g reject
. 2023.01.10 21:34:47 -     -A OUTPUT -o enp6s0 -j fw-net
. 2023.01.10 21:34:47 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A OUTPUT -g reject
. 2023.01.10 21:34:47 -     -A Ifw -m set --match-set ifw_wl src -j RETURN
. 2023.01.10 21:34:47 -     -A Ifw -m set --match-set ifw_bl src -j DROP
. 2023.01.10 21:34:47 -     -A Ifw -m conntrack --ctstate INVALID,NEW -m psd--psd-weight-threshold 10 --psd-delay-threshold 10000 --psd-lo-ports-weight 2 --psd-hi-ports-weight 1  -j IFWLOG--log-prefix "SCAN"
. 2023.01.10 21:34:47 -     -A Ifw -p udp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m multiport --dports 1714:1764 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A Ifw -p tcp -m conntrack --ctstate NEW -m tcp --dport 2249 -j IFWLOG--log-prefix "NEW"
. 2023.01.10 21:34:47 -     -A fw-net -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A fw-net -j ACCEPT
. 2023.01.10 21:34:47 -     -A logdrop -j DROP
. 2023.01.10 21:34:47 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.10 21:34:47 -     -A logflags -j DROP
. 2023.01.10 21:34:47 -     -A logreject -j reject
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -j tcpflags
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p udp -m udp --dport 1714:1764 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p icmp -m icmp --icmp-type 8 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -m multiport --dports 1714:1764,2249 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type ANYCAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m addrtype --dst-type MULTICAST -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.10 21:34:47 -     -A net-fw -j DROP
. 2023.01.10 21:34:47 -     -A reject -m addrtype --src-type BROADCAST -j DROP
. 2023.01.10 21:34:47 -     -A reject -s 224.0.0.0/4 -j DROP
. 2023.01.10 21:34:47 -     -A reject -p igmp -j DROP
. 2023.01.10 21:34:47 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.10 21:34:47 -     -A reject -p udp -j REJECT --reject-with icmp-port-unreachable
. 2023.01.10 21:34:47 -     -A reject -p icmp -j REJECT --reject-with icmp-host-unreachable
. 2023.01.10 21:34:47 -     -A reject -j REJECT --reject-with icmp-host-prohibited
. 2023.01.10 21:34:47 -     -A shorewall -m recent --set --name %CURRENTTIME --mask 255.255.255.255 --rsource
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023'
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-A', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables', arg:'-D', arg:'INPUT', arg:'-s', arg:'::1', arg:'-p', arg:'tcp', arg:'--dport', arg:'59126', arg:'-j', arg:'ACCEPT', exit:0
. 2023.01.10 21:34:47 - Elevated: Exec, path:'/usr/sbin/ip6tables-save', exit:0, out:'# Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *mangle
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :FORWARD ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [19:2097]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [21:2283]
. 2023.01.10 21:34:47 -     -A FORWARD -j MARK --set-xmark 0x0/0xff
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *nat
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [67:10254]
. 2023.01.10 21:34:47 -     :INPUT ACCEPT [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [11:1329]
. 2023.01.10 21:34:47 -     :POSTROUTING ACCEPT [11:1329]
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *raw
. 2023.01.10 21:34:47 -     :PREROUTING ACCEPT [99:13160]
. 2023.01.10 21:34:47 -     :OUTPUT ACCEPT [19:2097]
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A PREROUTING -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A PREROUTING -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 10080 -j CT --helper amanda
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 21 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper ftp
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 1719 -j CT --helper RAS
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 1720 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper Q.931
. 2023.01.10 21:34:47 -     -A OUTPUT -p tcp -m tcp --dport 6566 --tcp-flags FIN,SYN,RST,ACK SYN -j CT --helper sane
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 5060 -j CT --helper sip
. 2023.01.10 21:34:47 -     -A OUTPUT -p udp -m udp --dport 69 -j CT --helper tftp
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     # Generated by ip6tables-save v1.8.7 on Tue Jan 10 21:34:47 2023
. 2023.01.10 21:34:47 -     *filter
. 2023.01.10 21:34:47 -     :INPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :FORWARD DROP [0:0]
. 2023.01.10 21:34:47 -     :OUTPUT DROP [0:0]
. 2023.01.10 21:34:47 -     :AllowICMPs - [0:0]
. 2023.01.10 21:34:47 -     :Broadcast - [0:0]
. 2023.01.10 21:34:47 -     :dynamic - [0:0]
. 2023.01.10 21:34:47 -     :logdrop - [0:0]
. 2023.01.10 21:34:47 -     :logflags - [0:0]
. 2023.01.10 21:34:47 -     :logreject - [0:0]
. 2023.01.10 21:34:47 -     :net-fw - [0:0]
. 2023.01.10 21:34:47 -     :reject - [0:0]
. 2023.01.10 21:34:47 -     :sha-lh-a4bafa08f291683d9548 - [0:0]
. 2023.01.10 21:34:47 -     :sha-rh-2b91d727b13f0951efcc - [0:0]
. 2023.01.10 21:34:47 -     :shorewall - [0:0]
. 2023.01.10 21:34:47 -     :tcpflags - [0:0]
. 2023.01.10 21:34:47 -     -A INPUT -i enp6s0 -j net-fw
. 2023.01.10 21:34:47 -     -A INPUT -i lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A INPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A INPUT -j Broadcast
. 2023.01.10 21:34:47 -     -A INPUT -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A INPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "INPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A INPUT -g reject
. 2023.01.10 21:34:47 -     -A FORWARD -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A FORWARD -j Broadcast
. 2023.01.10 21:34:47 -     -A FORWARD -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A FORWARD -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "FORWARD REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A FORWARD -g reject
. 2023.01.10 21:34:47 -     -A OUTPUT -o enp6s0 -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -o lo -j ACCEPT
. 2023.01.10 21:34:47 -     -A OUTPUT -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A OUTPUT -j Broadcast
. 2023.01.10 21:34:47 -     -A OUTPUT -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A OUTPUT -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "OUTPUT REJECT " --log-level 6
. 2023.01.10 21:34:47 -     -A OUTPUT -g reject
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 4 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 137 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 141 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 142 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 148 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -p ipv6-icmp -m icmp6 --icmpv6-type 149 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 151 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 152 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A AllowICMPs -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 153 -m comment --comment "Needed ICMP types (RFC4890)" -j ACCEPT
. 2023.01.10 21:34:47 -     -A logdrop -j DROP
. 2023.01.10 21:34:47 -     -A logflags -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "logflags DROP " --log-level 6 --log-ip-options
. 2023.01.10 21:34:47 -     -A logflags -j DROP
. 2023.01.10 21:34:47 -     -A logreject -j reject
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate INVALID,NEW,UNTRACKED -j dynamic
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -j tcpflags
. 2023.01.10 21:34:47 -     -A net-fw -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p tcp -m multiport --dports 1714:1764,2249 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p ipv6-icmp -m icmp6 --icmpv6-type 8 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p udp -m udp --dport 1714:1764 -j ACCEPT
. 2023.01.10 21:34:47 -     -A net-fw -p ipv6-icmp -j AllowICMPs
. 2023.01.10 21:34:47 -     -A net-fw -j Broadcast
. 2023.01.10 21:34:47 -     -A net-fw -d ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A net-fw -m hashlimit --hashlimit-upto 1/sec --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-name lograte -j LOG --log-prefix "net-fw DROP " --log-level 6
. 2023.01.10 21:34:47 -     -A net-fw -j DROP
. 2023.01.10 21:34:47 -     -A reject -s ff00::/8 -j DROP
. 2023.01.10 21:34:47 -     -A reject -p igmp -j DROP
. 2023.01.10 21:34:47 -     -A reject -p tcp -j REJECT --reject-with tcp-reset
. 2023.01.10 21:34:47 -     -A reject -p udp -j REJECT --reject-with icmp6-port-unreachable
. 2023.01.10 21:34:47 -     -A reject -p ipv6-icmp -j REJECT --reject-with icmp6-addr-unreachable
. 2023.01.10 21:34:47 -     -A reject -j REJECT --reject-with icmp6-adm-prohibited
. 2023.01.10 21:34:47 -     -A shorewall -m recent --set --name %CURRENTTIME --mask ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff --rsource
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG FIN,PSH,URG -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG NONE -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,RST FIN,RST -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,SYN FIN,SYN -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --tcp-flags FIN,PSH,ACK FIN,PSH -g logflags
. 2023.01.10 21:34:47 -     -A tcpflags -p tcp -m tcp --sport 0 --tcp-flags FIN,SYN,RST,ACK SYN -g logflags
. 2023.01.10 21:34:47 -     COMMIT
. 2023.01.10 21:34:47 -     # Completed on Tue Jan 10 21:34:47 2023'
. 2023.01.10 21:34:47 - Elevated: Command:ping-engine
. 2023.01.10 21:34:47 - Exec(4) of '/usr/sbin/openvpn', 1 args: '--version';
. 2023.01.10 21:34:47 - Exec(4) done in 13 ms, exit: 0, out: 'OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul  5 2022
. 2023.01.10 21:34:47 -     library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
. 2023.01.10 21:34:47 -     Originally developed by James Yonan
. 2023.01.10 21:34:47 -     Copyright (C) 2002-2018 OpenVPN Inc <sales@openvpn.net>
. 2023.01.10 21:34:47 -     Compile time defines: enable_async_push=yes enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dependency_tracking=no enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=needless enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_multihome=yes enable_pam_dlopen=no enable_password_save=yes enable_pedantic=no enable_pf=yes enable_pkcs11=yes enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_pthread=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_silent_rules=yes enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=yes enable_werror=no enable_win32_dll=yes enable_x509_alt_username=yes with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_lzo_headers=/usr/include/lzo with_mem_check=no with_sysroot=no'
. 2023.01.10 21:34:47 - Exec(5) of '/usr/bin/hummingbird', 1 args: '--version';
. 2023.01.10 21:34:47 - Exec(5) done in 168 ms, exit: 1, out: 'Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.10 21:34:47 -     OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.10 21:34:47 -     Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.10 21:34:47 -     OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.10 21:34:47 -     You need to be root in order to run this program.'
. 2023.01.10 21:34:47 - Exec(6) of '/usr/bin/ssh', 1 args: '-V';
. 2023.01.10 21:34:47 - Exec(6) done in 2 ms, exit: 0, err: 'OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022'
. 2023.01.10 21:34:47 - Exec(7) of '/usr/bin/stunnel', 1 args: '-version';
. 2023.01.10 21:34:47 - Exec(7) done in 3 ms, exit: 0, err: 'Initializing inetd mode configuration
. 2023.01.10 21:34:47 -     stunnel 5.63 on x86_64-mageia-linux-gnu platform
. 2023.01.10 21:34:47 -     Compiled with OpenSSL 1.1.1n  15 Mar 2022
. 2023.01.10 21:34:47 -     Running  with OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.10 21:34:47 -     Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
. 2023.01.10 21:34:47 -     Global options:
. 2023.01.10 21:34:47 -     RNDbytes               = 1024
. 2023.01.10 21:34:47 -     RNDfile                = /dev/urandom
. 2023.01.10 21:34:47 -     RNDoverwrite           = yes
. 2023.01.10 21:34:47 -     Service-level options:
. 2023.01.10 21:34:47 -     ciphers                = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
. 2023.01.10 21:34:47 -     ciphersuites           = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 (with TLSv1.3)
. 2023.01.10 21:34:47 -     curves                 = X25519:P-256:X448:P-521:P-384
. 2023.01.10 21:34:47 -     debug                  = daemon.notice
. 2023.01.10 21:34:47 -     logId                  = sequential
. 2023.01.10 21:34:47 -     options                = NO_SSLv2
. 2023.01.10 21:34:47 -     options                = NO_SSLv3
. 2023.01.10 21:34:47 -     securityLevel          = 2
. 2023.01.10 21:34:47 -     sessionCacheSize       = 1000
. 2023.01.10 21:34:47 -     sessionCacheTimeout    = 300 seconds
. 2023.01.10 21:34:47 -     stack                  = 65536 bytes
. 2023.01.10 21:34:47 -     TIMEOUTbusy            = 300 seconds
. 2023.01.10 21:34:47 -     TIMEOUTclose           = 60 seconds
. 2023.01.10 21:34:47 -     TIMEOUTconnect         = 10 seconds
. 2023.01.10 21:34:47 -     TIMEOUTidle            = 43200 seconds
. 2023.01.10 21:34:47 -     verify                 = none'
. 2023.01.10 21:34:47 - OpenVPN - Version: 2.5.0 - OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10 (/usr/sbin/openvpn)
. 2023.01.10 21:34:47 - SSH - Version: OpenSSH_8.4p1, OpenSSL 1.1.1q  5 Jul 2022 (/usr/bin/ssh)
. 2023.01.10 21:34:47 - SSL - Version: Initializing (/usr/bin/stunnel)
. 2023.01.10 21:34:47 - Elevated: Command:dns-switch-rename-restore
I 2023.01.10 21:34:51 - Ready
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:34:51 - Above log line repeated 16 times more
. 2023.01.10 21:34:51 - Collect information about AirVPN completed
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:34:51 - Elevated: Command:ping-request
. 2023.01.10 21:35:40 - Above log line repeated 2 times more
I 2023.01.10 21:35:40 - Session starting.
I 2023.01.10 21:35:40 - Checking authorization ...
! 2023.01.10 21:35:40 - Connecting to Xuange (Switzerland, Zurich)
. 2023.01.10 21:35:40 - Elevated: Command:route-list
. 2023.01.10 21:35:40 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.10 21:35:40 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.10 21:35:40 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.10 21:35:40 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.10 21:35:40 - Elevated: Command:route
. 2023.01.10 21:35:40 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'add', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.10 21:35:40 - Routes, add x.x.x.x/32 for interface "enp6s0".
. 2023.01.10 21:35:41 - Elevated: Command:route-list
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.10 21:35:41 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.10 21:35:41 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.10 21:35:41 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.10 21:35:41 - Routes, add x.x.x.x/32 for interface "enp6s0", already exists.
. 2023.01.10 21:35:41 - Elevated: Command:hummingbird
. 2023.01.10 21:35:41 - Hummingbird > Hummingbird - AirVPN OpenVPN 3 Client 1.2.1 - 9 December 2022
. 2023.01.10 21:35:41 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.10 21:35:41 - Hummingbird > Copyright (C) 2012-2022 OpenVPN Inc. All rights reserved.
. 2023.01.10 21:35:41 - Hummingbird > OpenSSL 1.1.1q  5 Jul 2022
. 2023.01.10 21:35:41 - Hummingbird > System and service manager in use is systemd
. 2023.01.10 21:35:41 - Hummingbird > Starting thread
. 2023.01.10 21:35:41 - Hummingbird > OpenVPN core 3.8.2 AirVPN linux x86_64 64-bit
. 2023.01.10 21:35:41 - Hummingbird > Frame=512/2112/512 mssfix-ctrl=1250
. 2023.01.10 21:35:41 - Hummingbird > NOTE: This configuration contains options that were not used:
. 2023.01.10 21:35:41 - Hummingbird > Unsupported option (ignored)
. 2023.01.10 21:35:41 - Hummingbird > 11 [explicit-exit-notify] [5]
. 2023.01.10 21:35:41 - Hummingbird > 12 [data-ciphers-fallback] [AES-256-CBC]
. 2023.01.10 21:35:41 - Hummingbird > 13 [connect-retry-max] [1]
. 2023.01.10 21:35:41 - Hummingbird > 15 [persist-tun]
. 2023.01.10 21:35:41 - Hummingbird > 16 [persist-key]
. 2023.01.10 21:35:41 - Hummingbird > 18 [resolv-retry] [infinite]
. 2023.01.10 21:35:41 - Hummingbird > 19 [auth-nocache]
. 2023.01.10 21:35:41 - Hummingbird > UNKNOWN/UNSUPPORTED OPTIONS
. 2023.01.10 21:35:41 - Hummingbird > 5 [pull-filter] [ignore] [redirect-gateway]
. 2023.01.10 21:35:41 - Hummingbird > 6 [pull-filter] [ignore] [dhcp-option DNS]
. 2023.01.10 21:35:41 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: UNKNOWN/UNSUPPORTED OPTIONS
. 2023.01.10 21:35:41 - Hummingbird > Thread finished
. 2023.01.10 21:35:41 - Hummingbird > STATS:
! 2023.01.10 21:35:41 - Disconnecting
. 2023.01.10 21:35:41 - Elevated: Command:route-list
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.10 21:35:41 -     x.x.x.x via 192.168.1.254 dev enp6s0
. 2023.01.10 21:35:41 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.10 21:35:41 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.10 21:35:41 - Elevated: Command:route
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'delete', arg:'x.x.x.x/32', arg:'via', arg:'192.168.1.254', arg:'dev', arg:'enp6s0', arg:'metric', arg:'0', exit:0
. 2023.01.10 21:35:41 - Routes, delete x.x.x.x/32 for interface "enp6s0".
. 2023.01.10 21:35:41 - Elevated: Command:route-list
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-4', arg:'route', arg:'show', exit:0, out:'default via 192.168.1.254 dev enp6s0 proto dhcp metric 100
. 2023.01.10 21:35:41 -     192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.21 metric 100'
. 2023.01.10 21:35:41 - Elevated: Exec, path:'/usr/sbin/ip', arg:'-6', arg:'route', arg:'show', exit:0, out:'::1 dev lo proto kernel metric 256 pref medium
. 2023.01.10 21:35:41 -     fe80::/64 dev enp6s0 proto kernel metric 100 pref medium'
. 2023.01.10 21:35:41 - Routes, delete x.x.x.x/32 for interface "enp6s0", not exists.
. 2023.01.10 21:35:41 - Elevated: Command:dns-switch-rename-restore
. 2023.01.10 21:35:41 - Connection terminated.

Share this post

Link to post

OpenSourcerer    1435

OpenSourcerer
Posted ...

I could confirm the first, it seems to be a bug in either Eddie, Hummingbird or AirVPN-OpenVPN3.

. 2023.01.10 22:21:24 - Hummingbird > NOTE: This configuration contains options that were not used:
. 2023.01.10 22:21:24 - Hummingbird > Option allowed only to be pushed by the server
. 2023.01.10 22:21:24 - Hummingbird > 11 [ping-exit] [32]
. 2023.01.10 22:21:24 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: Option allowed only to be pushed by the server

.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post

Link to post

squidf    0

squidf
Posted ...
3 minutes ago, OpenSourcerer said:

I could confirm the first, it seems to be a bug in either Eddie, Hummingbird or AirVPN-OpenVPN3.

. 2023.01.10 22:21:24 - Hummingbird > NOTE: This configuration contains options that were not used:
. 2023.01.10 22:21:24 - Hummingbird > Option allowed only to be pushed by the server
. 2023.01.10 22:21:24 - Hummingbird > 11 [ping-exit] [32]
. 2023.01.10 22:21:24 - Hummingbird > OpenVPN3 CONNECT ERROR: option_error: sorry, unsupported options present in configuration: Option allowed only to be pushed by the server

.
Thanks for your follow-up. 
In case you have ideas, I can build from source these 3 packages and test (AirVPN-OpenVPN3 is bundled with Hummingbird in my case).

Share this post

Link to post

Staff    9972

Staff
Posted ...
@squidf

Hello!

Please use OpenVPN 2.x in the meantime when you run Eddie beta version. We are working to implement missing directives in our OpenVPN3-AirVPN library fork as we did in the past.: we have decided that again we can't wait for the implementation in the mainline.

Specifically, the directives which are causing a critical error are "ping-exit" and "pull-filter" in your case. However, "pull-filter" is extremely useful in a wide range of cases, so a complete implementation is necessary from scratch (currently the code from the mainline we brought in ignores some pull-filter syntax and throws errors in other cases).

Kind regards
 

Share this post

Link to post

squidf    0

squidf
Posted ... (edited)
20 minutes ago, Staff said:
@squidf

Hello!

Please use OpenVPN 2.x in the meantime when you run Eddie beta version. We are working to implement missing directives in our OpenVPN3-AirVPN library fork as we did in the past.: we have decided that again we can't wait for the implementation in the mainline.

Specifically, the directives which are causing a critical error are "ping-exit" and "pull-filter" in your case. However, "pull-filter" is extremely useful in a wide range of cases, so a complete implementation is necessary from scratch (currently the code from the mainline we brought in ignores some pull-filter syntax and throws errors in other cases).

Kind regards
 
Hi. Could you elaborate a bit more?
The openVPN I have is 2.5.0. Do I need another version? Or is there anything to change in the configuration?

Please, do note there is the same issue wtih both Eddie 2.21.8 and 2.22.2
I have moved to 2.22.2 (beta) because of the "freeze" while checking the response time of all servers, in order to recommend one.

Edit: @Staff In addition, Eddie (both 2.21.8 and 2.22.2) works only with WireGuard for me. I face "Checking IPv4 route failed" with openVPN  Edited ... by squidf
complement on openVPN as it doesn't work

Share this post

Link to post

Staff    9972

Staff
Posted ...

@squidf

Hello!

Yes, you need to change a setting. From Eddie's main window select "Preferences" > "Advanced". Uncheck "Use Hummingbird if available" and click "Save".

Kind regards
 

Share this post

Link to post

squidf    0

squidf
Posted ...
1 minute ago, Staff said:

@squidf

Hello!

Yes, you need to change a setting. From Eddie's main window select "Preferences" > "Advanced". Uncheck "Use Hummingbird if available" and click "Save".

Kind regards
 

Then, please, look at the Edit I just made. Only WireGuard works so far. 

Share this post

Link to post

sebi    4

sebi
Posted ... (edited)
On 1/11/2023 at 12:37 PM, Staff said:
Please use OpenVPN 2.x in the meantime when you run Eddie beta version. We are working to implement missing directives in our OpenVPN3-AirVPN library fork as we did in the past.: we have decided that again we can't wait for the implementation in the mainline.
Hello,

how can I do that? Would that mean to install openvpn separately and set its path inside Eddie in the Advanced options?

I just stumbled upon the "option not allowed" issue during my first attempts to use hummingbird. When used in Eddie, I experience the behavior described here. However, with a openvpn config from AirVPN's config generator with default values, hummingbird on the console will happily connect. I assume that this is expected because the generated config does not contain `ping-exit` nor `pull-filter` directives. If they are useful but not critical, wouldn't it be beneficial to have an advanced option inside Eddie to not use these so that hummingbird could still be used?

If hummingbird is currently not working with Eddie, I would have found it useful to have a Known Issues section in the installation/readme..

There is also an UI inconsistency: I tried "fixing" Eddie's openvpn config by deleting the `ping-exit 32` line from within the UI. I could not cut but use backspace to delete the text. However, when I try to add it again, I cannot enter a new line, upon hitting return the settings dialog will close. Cut/copy/paste also seems to be disabled. I'll probably find the file on disk and edit it. Edited ... by sebi
better wording

Share this post

Link to post

Staff    9972

Staff
Posted ...
@sebi

Hello!
Quote

how can I do that? Would that mean to install openvpn separately and set its path inside Eddie in the Advanced options?


You need to uncheck "Use Hummingbird if available" in the "Preferences" > "Advanced" window. Eddie will then look for OpenVPN in your command path (OpenVPN must be installed in your Linux box). If you have some OpenVPN binary you want to use outside the path, then you need to tell Eddie where to find that OpenVPN binary. Note that Eddie will run with root privileges only binaries owned by root.
 
Quote

If hummingbird is currently not working with Eddie, I would have found it useful to have a Known Issues section in the installation/readme..


Beta versions exist exactly because unexpected problems may (and usually will) come out. Eddie stable releases are always packaged with a tested Hummingbird version. About the Suite, we are almost ready to launch a version linked against our openvpn-airvpn fork fixing the new bugs and regressions unfortunately inherited from the main branch which we did not find with our tests (our fault, hands down). If you want to use Eddie with a working version of Hummingbird you can rely on Eddie 2.21.8, which is the latest stable release and is packaged with Hummingbird 1.2.0.
 
Quote

If they are useful but not critical, wouldn't it be beneficial to have an advanced option inside Eddie to not use these so that hummingbird could still be used?


This is an excellent question, and currently Eddie can not renounce to those directives for a complex reason. In a few words, with the risk of oversimplifying, it's because of how our servers are configured in order to maintain backward compatibility with OpenVPN 2.3 and 2.4. Sooner or later we will break compatibility at least with OpenVPN 2.3. From that moment on, Eddie can be re-designed with more freedom in mind and some behavior which may appear "strange" when compared with ordinary OpenVPN configuration files (as it is in this case, with the directives you mention) can be simplified or canceled. Also note that some other behavior is dictated by the fact (and this is perfectly logic as well) that Eddie adds some important features on top of OpenVPN features (routes inside and outside the tunnel, DNS management, Network Lock...).
 
Quote

There is also an UI inconsistency: I tried "fixing" Eddie's openvpn config by deleting the `ping-exit 32` line from within the UI. I could not cut but use backspace to delete the text. However, when I try to add it again, I cannot enter a new line, upon hitting return the settings dialog will close. Cut/copy/paste also seems to be disabled. I'll probably find the file on disk and edit it.


Thank you, this sounds like a bug and it's great that bugs are found during beta testing (or anyway before a stable version is out). We will forward your message to Eddie's developer. Furthermore, please feel free to report this on GitHub and on Eddie's thread in "News", if you wish so.

Kind regards

 
sebi reacted to this

Share this post

Link to post

sebi    4

sebi
Posted ...

Thank you for the comprehensive answer!

For a moment I forgot that I'm on the experimental Eddie branch :D I guess I'll wait for the new suite version.
I assumed I could combine a custom openvpn with hummingbird but I now see that hummingbird of course uses the openvpn (3) it is built against, and there is no commandline option to use a custom binary.

Regarding the UI editing issue, I noticed that I could indeed enter a newline using CTRL-ENTER. So maybe this is intended after all. Still, copy&pasting ability would be useful. (I'm on Mac; haven't tested on Linux yet.) I will consider using github to report this or other issues, thanks for the hint. Using that public developer platform might do some good for Eddie development, generally.

Staff reacted to this

Share this post

Link to post

squidf    0

squidf
Posted ...

Hi. What is the plan for an update of Eddie stable?
Because current Eddie stable is really cumbersome to use because of bug Eddie 2.22.2 is the solution.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...