{ "nftables": [ { "metainfo": { "version": "1.1.5", "release_name": "Commodore Bullmoose #6", "json_schema_version": 1 } }, { "table": { "family": "ip", "name": "filter", "handle": 1 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-logging-input", "handle": 1 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-logging-output", "handle": 2 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-logging-forward", "handle": 3 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-input", "handle": 4 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-output", "handle": 5 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-before-forward", "handle": 6 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-input", "handle": 7 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-output", "handle": 8 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-forward", "handle": 9 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-logging-input", "handle": 10 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-logging-output", "handle": 11 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-after-logging-forward", "handle": 12 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-reject-input", "handle": 13 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-reject-output", "handle": 14 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-reject-forward", "handle": 15 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-track-input", "handle": 16 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-track-output", "handle": 17 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-track-forward", "handle": 18 } }, { "chain": { "family": "ip", "table": "filter", "name": "INPUT", "handle": 19, "type": "filter", "hook": "input", "prio": 0, "policy": "drop" } }, { "chain": { "family": "ip", "table": "filter", "name": "OUTPUT", "handle": 26, "type": "filter", "hook": "output", "prio": 0, "policy": "accept" } }, { "chain": { "family": "ip", "table": "filter", "name": "FORWARD", "handle": 33, "type": "filter", "hook": "forward", "prio": 0, "policy": "drop" } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-logging-deny", "handle": 42 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-logging-allow", "handle": 43 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-skip-to-policy-input", "handle": 44 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-skip-to-policy-output", "handle": 45 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-skip-to-policy-forward", "handle": 46 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-not-local", "handle": 94 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-input", "handle": 126 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-output", "handle": 127 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-forward", "handle": 128 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-logging-input", "handle": 129 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-logging-output", "handle": 130 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-logging-forward", "handle": 131 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-limit", "handle": 132 } }, { "chain": { "family": "ip", "table": "filter", "name": "ufw-user-limit-accept", "handle": 133 } }, { "chain": { "family": "ip", "table": "filter", "name": "LIBVIRT_INP", "handle": 146 } }, { "chain": { "family": "ip", "table": "filter", "name": "LIBVIRT_OUT", "handle": 148 } }, { "chain": { "family": "ip", "table": "filter", "name": "LIBVIRT_FWO", "handle": 150 } }, { "chain": { "family": "ip", "table": "filter", "name": "LIBVIRT_FWI", "handle": 152 } }, { "chain": { "family": "ip", "table": "filter", "name": "LIBVIRT_FWX", "handle": 154 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER", "handle": 180 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-FORWARD", "handle": 181 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-BRIDGE", "handle": 182 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-CT", "handle": 183 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-ISOLATION-STAGE-1", "handle": 184 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-ISOLATION-STAGE-2", "handle": 185 } }, { "chain": { "family": "ip", "table": "filter", "name": "DOCKER-USER", "handle": 196 } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 95, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "lo" } }, { "counter": { "packets": 1027, "bytes": 126624 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 97, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 53439, "bytes": 78470210 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 100, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-logging-deny" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 101, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 102, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 103, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 104, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 105, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 110, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "sport" } }, "right": 67 } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 111, "expr": [ { "counter": { "packets": 228, "bytes": 37957 } }, { "jump": { "target": "ufw-not-local" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 117, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": "224.0.0.251" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 5353 } }, { "counter": { "packets": 135, "bytes": 12274 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 118, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": "239.255.255.250" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 1900 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-input", "handle": 143, "expr": [ { "counter": { "packets": 93, "bytes": 25683 } }, { "jump": { "target": "ufw-user-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-output", "handle": 96, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "lo" } }, { "counter": { "packets": 1029, "bytes": 126704 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-output", "handle": 98, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 33317, "bytes": 3497117 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-output", "handle": 144, "expr": [ { "counter": { "packets": 958, "bytes": 93944 } }, { "jump": { "target": "ufw-user-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 99, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 106, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 107, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 108, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 109, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "icmp" } }, { "xt": { "type": "match", "name": "icmp" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-before-forward", "handle": 145, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-user-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 119, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 137 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 120, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 138 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 121, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 139 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 122, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 445 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 123, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 67 } }, { "counter": { "packets": 8, "bytes": 2656 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 124, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-input", "handle": 125, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 81, "bytes": 20487 } }, { "jump": { "target": "ufw-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-logging-input", "handle": 135, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 4, "bytes": 2540 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-after-logging-forward", "handle": 136, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-track-output", "handle": 40, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "tcp" } }, { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 402, "bytes": 24120 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-track-output", "handle": 41, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "protocol" } }, "right": "udp" } }, { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 536, "bytes": 68976 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 147, "expr": [ { "counter": { "packets": 54318, "bytes": 78598628 } }, { "jump": { "target": "LIBVIRT_INP" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 20, "expr": [ { "counter": { "packets": 54694, "bytes": 78634791 } }, { "jump": { "target": "ufw-before-logging-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 21, "expr": [ { "counter": { "packets": 54694, "bytes": 78634791 } }, { "jump": { "target": "ufw-before-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 22, "expr": [ { "counter": { "packets": 93, "bytes": 25683 } }, { "jump": { "target": "ufw-after-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 23, "expr": [ { "counter": { "packets": 4, "bytes": 2540 } }, { "jump": { "target": "ufw-after-logging-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 24, "expr": [ { "counter": { "packets": 4, "bytes": 2540 } }, { "jump": { "target": "ufw-reject-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "INPUT", "handle": 25, "expr": [ { "counter": { "packets": 4, "bytes": 2540 } }, { "jump": { "target": "ufw-track-input" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 149, "expr": [ { "counter": { "packets": 34921, "bytes": 3687208 } }, { "jump": { "target": "LIBVIRT_OUT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 27, "expr": [ { "counter": { "packets": 35304, "bytes": 3717765 } }, { "jump": { "target": "ufw-before-logging-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 28, "expr": [ { "counter": { "packets": 35304, "bytes": 3717765 } }, { "jump": { "target": "ufw-before-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 29, "expr": [ { "counter": { "packets": 958, "bytes": 93944 } }, { "jump": { "target": "ufw-after-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 30, "expr": [ { "counter": { "packets": 958, "bytes": 93944 } }, { "jump": { "target": "ufw-after-logging-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 31, "expr": [ { "counter": { "packets": 958, "bytes": 93944 } }, { "jump": { "target": "ufw-reject-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "OUTPUT", "handle": 32, "expr": [ { "counter": { "packets": 958, "bytes": 93944 } }, { "jump": { "target": "ufw-track-output" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 197, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-USER" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 186, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-FORWARD" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 155, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWX" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 153, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWI" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 151, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWO" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 34, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-before-logging-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 35, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-before-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 36, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-after-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 37, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-after-logging-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 38, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-reject-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "FORWARD", "handle": 39, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-track-forward" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-logging-deny", "handle": 137, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "return": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-logging-deny", "handle": 138, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-logging-allow", "handle": 139, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-skip-to-policy-input", "handle": 47, "expr": [ { "counter": { "packets": 89, "bytes": 23143 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-skip-to-policy-output", "handle": 48, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-skip-to-policy-forward", "handle": 49, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-not-local", "handle": 112, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "return": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-not-local", "handle": 113, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 139, "bytes": 14814 } }, { "return": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-not-local", "handle": 114, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 89, "bytes": 23143 } }, { "return": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-not-local", "handle": 115, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw-logging-deny" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-not-local", "handle": 116, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-user-input", "handle": 134, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 22 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-user-limit", "handle": 140, "expr": [ { "limit": { "rate": 3, "burst": 5, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-user-limit", "handle": 141, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "ufw-user-limit-accept", "handle": 142, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 172, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 171, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 168, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 67 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 167, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 67 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 161, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 160, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 157, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 67 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_INP", "handle": 156, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 67 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 174, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 173, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 170, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 169, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 163, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 162, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 53 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 159, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_OUT", "handle": 158, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWO", "handle": 178, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "saddr" } }, "right": { "prefix": { "addr": "192.168.88.80", "len": 28 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "wlp1s0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWO", "handle": 175, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWO", "handle": 164, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWI", "handle": 179, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": { "prefix": { "addr": "192.168.88.80", "len": 28 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "wlp1s0" } }, { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWI", "handle": 176, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWI", "handle": 165, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWX", "handle": 177, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "LIBVIRT_FWX", "handle": 166, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "virbr2" } }, { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr2" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER", "handle": 199, "expr": [ { "match": { "op": "!=", "left": { "meta": { "key": "iifname" } }, "right": "docker0" } }, { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 189, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-CT" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 188, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-ISOLATION-STAGE-1" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 187, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-BRIDGE" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 198, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-BRIDGE", "handle": 201, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-CT", "handle": 200, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-ISOLATION-STAGE-1", "handle": 202, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "docker0" } }, { "match": { "op": "!=", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-ISOLATION-STAGE-2" } } ] } }, { "rule": { "family": "ip", "table": "filter", "chain": "DOCKER-ISOLATION-STAGE-2", "handle": 203, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "table": { "family": "ip6", "name": "filter", "handle": 2 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-logging-input", "handle": 1 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-logging-output", "handle": 2 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-logging-forward", "handle": 3 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-input", "handle": 4 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-output", "handle": 5 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-before-forward", "handle": 6 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-input", "handle": 7 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-output", "handle": 8 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-forward", "handle": 9 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-logging-input", "handle": 10 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-logging-output", "handle": 11 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-after-logging-forward", "handle": 12 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-reject-input", "handle": 13 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-reject-output", "handle": 14 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-reject-forward", "handle": 15 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-track-input", "handle": 16 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-track-output", "handle": 17 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-track-forward", "handle": 18 } }, { "chain": { "family": "ip6", "table": "filter", "name": "INPUT", "handle": 19, "type": "filter", "hook": "input", "prio": 0, "policy": "drop" } }, { "chain": { "family": "ip6", "table": "filter", "name": "OUTPUT", "handle": 26, "type": "filter", "hook": "output", "prio": 0, "policy": "accept" } }, { "chain": { "family": "ip6", "table": "filter", "name": "FORWARD", "handle": 33, "type": "filter", "hook": "forward", "prio": 0, "policy": "drop" } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-logging-deny", "handle": 42 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-logging-allow", "handle": 43 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-skip-to-policy-input", "handle": 44 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-skip-to-policy-output", "handle": 45 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-skip-to-policy-forward", "handle": 46 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-input", "handle": 121 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-output", "handle": 122 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-forward", "handle": 123 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-logging-input", "handle": 124 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-logging-output", "handle": 125 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-logging-forward", "handle": 126 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-limit", "handle": 127 } }, { "chain": { "family": "ip6", "table": "filter", "name": "ufw6-user-limit-accept", "handle": 128 } }, { "chain": { "family": "ip6", "table": "filter", "name": "LIBVIRT_INP", "handle": 141 } }, { "chain": { "family": "ip6", "table": "filter", "name": "LIBVIRT_OUT", "handle": 143 } }, { "chain": { "family": "ip6", "table": "filter", "name": "LIBVIRT_FWO", "handle": 145 } }, { "chain": { "family": "ip6", "table": "filter", "name": "LIBVIRT_FWI", "handle": 147 } }, { "chain": { "family": "ip6", "table": "filter", "name": "LIBVIRT_FWX", "handle": 149 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER", "handle": 151 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-FORWARD", "handle": 152 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-BRIDGE", "handle": 153 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-CT", "handle": 154 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-ISOLATION-STAGE-1", "handle": 155 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-ISOLATION-STAGE-2", "handle": 156 } }, { "chain": { "family": "ip6", "table": "filter", "name": "DOCKER-USER", "handle": 161 } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 50, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "lo" } }, { "counter": { "packets": 6, "bytes": 432 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 52, "expr": [ { "xt": { "type": "match", "name": "rt" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 55, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 58, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 59, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-logging-deny" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 60, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 61, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 62, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 63, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 64, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 65, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 66, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 67, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 68, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 69, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 70, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 71, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 72, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 73, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 74, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 75, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 76, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 77, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 78, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 79, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 80, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 108, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 109, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 110, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 111, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 112, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "daddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "sport" } }, "right": 547 } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 546 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 113, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "daddr" } }, "right": "ff02::fb" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 5353 } }, { "counter": { "packets": 63, "bytes": 6830 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 114, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "daddr" } }, "right": "ff02::f" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 1900 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-input", "handle": 138, "expr": [ { "counter": { "packets": 1, "bytes": 655 } }, { "jump": { "target": "ufw6-user-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 51, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "lo" } }, { "counter": { "packets": 6, "bytes": 432 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 54, "expr": [ { "xt": { "type": "match", "name": "rt" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 56, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 81, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 82, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 83, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 84, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 85, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 86, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 87, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 18, "bytes": 864 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 88, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 89, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 1, "bytes": 72 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 90, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 91, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 92, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 93, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 94, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 95, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 96, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 5, "bytes": 420 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 97, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 98, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 99, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 100, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 101, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip6", "field": "saddr" } }, "right": { "prefix": { "addr": "fe80::", "len": 10 } } } }, { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "xt": { "type": "match", "name": "hl" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-output", "handle": 139, "expr": [ { "counter": { "packets": 20, "bytes": 2592 } }, { "jump": { "target": "ufw6-user-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 53, "expr": [ { "xt": { "type": "match", "name": "rt" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 57, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 102, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 103, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 104, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 105, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 106, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 107, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "ipv6-icmp" } }, { "xt": { "type": "match", "name": "icmp6" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-before-forward", "handle": 140, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-user-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 115, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 137 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 116, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 138 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 117, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 139 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 118, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 445 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 119, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 546 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-input", "handle": 120, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 547 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-skip-to-policy-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-logging-input", "handle": 130, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 1, "bytes": 655 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-after-logging-forward", "handle": 131, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-track-output", "handle": 40, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "tcp" } }, { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-track-output", "handle": 41, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "l4proto" } }, "right": "udp" } }, { "xt": { "type": "match", "name": "conntrack" } }, { "counter": { "packets": 18, "bytes": 2400 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 142, "expr": [ { "counter": { "packets": 68, "bytes": 7765 } }, { "jump": { "target": "LIBVIRT_INP" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 20, "expr": [ { "counter": { "packets": 70, "bytes": 7917 } }, { "jump": { "target": "ufw6-before-logging-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 21, "expr": [ { "counter": { "packets": 70, "bytes": 7917 } }, { "jump": { "target": "ufw6-before-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 22, "expr": [ { "counter": { "packets": 1, "bytes": 655 } }, { "jump": { "target": "ufw6-after-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 23, "expr": [ { "counter": { "packets": 1, "bytes": 655 } }, { "jump": { "target": "ufw6-after-logging-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 24, "expr": [ { "counter": { "packets": 1, "bytes": 655 } }, { "jump": { "target": "ufw6-reject-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "INPUT", "handle": 25, "expr": [ { "counter": { "packets": 1, "bytes": 655 } }, { "jump": { "target": "ufw6-track-input" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 144, "expr": [ { "counter": { "packets": 45, "bytes": 4012 } }, { "jump": { "target": "LIBVIRT_OUT" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 27, "expr": [ { "counter": { "packets": 50, "bytes": 4380 } }, { "jump": { "target": "ufw6-before-logging-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 28, "expr": [ { "counter": { "packets": 50, "bytes": 4380 } }, { "jump": { "target": "ufw6-before-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 29, "expr": [ { "counter": { "packets": 20, "bytes": 2592 } }, { "jump": { "target": "ufw6-after-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 30, "expr": [ { "counter": { "packets": 20, "bytes": 2592 } }, { "jump": { "target": "ufw6-after-logging-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 31, "expr": [ { "counter": { "packets": 20, "bytes": 2592 } }, { "jump": { "target": "ufw6-reject-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "OUTPUT", "handle": 32, "expr": [ { "counter": { "packets": 20, "bytes": 2592 } }, { "jump": { "target": "ufw6-track-output" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 162, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-USER" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 157, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-FORWARD" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 150, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWX" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 148, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWI" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 146, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "LIBVIRT_FWO" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 34, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-before-logging-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 35, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-before-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 36, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-after-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 37, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-after-logging-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 38, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-reject-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "FORWARD", "handle": 39, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "ufw6-track-forward" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-logging-deny", "handle": 132, "expr": [ { "xt": { "type": "match", "name": "conntrack" } }, { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "return": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-logging-deny", "handle": 133, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-logging-allow", "handle": 134, "expr": [ { "limit": { "rate": 3, "burst": 10, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-skip-to-policy-input", "handle": 47, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-skip-to-policy-output", "handle": 48, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-skip-to-policy-forward", "handle": 49, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-user-input", "handle": 129, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "tcp", "field": "dport" } }, "right": 22 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "drop": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-user-limit", "handle": 135, "expr": [ { "limit": { "rate": 3, "burst": 5, "per": "minute" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "LOG" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-user-limit", "handle": 136, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "REJECT" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "ufw6-user-limit-accept", "handle": 137, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "accept": null } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 160, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-CT" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 159, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-ISOLATION-STAGE-1" } } ] } }, { "rule": { "family": "ip6", "table": "filter", "chain": "DOCKER-FORWARD", "handle": 158, "expr": [ { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER-BRIDGE" } } ] } }, { "table": { "family": "ip", "name": "nat", "handle": 3 } }, { "chain": { "family": "ip", "table": "nat", "name": "LIBVIRT_PRT", "handle": 1 } }, { "chain": { "family": "ip", "table": "nat", "name": "POSTROUTING", "handle": 2, "type": "nat", "hook": "postrouting", "prio": 100, "policy": "accept" } }, { "chain": { "family": "ip", "table": "nat", "name": "DOCKER", "handle": 4 } }, { "chain": { "family": "ip", "table": "nat", "name": "PREROUTING", "handle": 5, "type": "nat", "hook": "prerouting", "prio": -100, "policy": "accept" } }, { "chain": { "family": "ip", "table": "nat", "name": "OUTPUT", "handle": 7, "type": "nat", "hook": "output", "prio": -100, "policy": "accept" } }, { "rule": { "family": "ip", "table": "nat", "chain": "POSTROUTING", "handle": 11, "expr": [ { "match": { "op": "==", "left": { "payload": { "protocol": "ip", "field": "saddr" } }, "right": { "prefix": { "addr": "172.17.0.0", "len": 16 } } } }, { "match": { "op": "!=", "left": { "meta": { "key": "oifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "MASQUERADE" } } ] } }, { "rule": { "family": "ip", "table": "nat", "chain": "POSTROUTING", "handle": 3, "expr": [ { "counter": { "packets": 1065, "bytes": 102445 } }, { "jump": { "target": "LIBVIRT_PRT" } } ] } }, { "rule": { "family": "ip", "table": "nat", "chain": "DOCKER", "handle": 12, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "iifname" } }, "right": "docker0" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "return": null } ] } }, { "rule": { "family": "ip", "table": "nat", "chain": "PREROUTING", "handle": 6, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER" } } ] } }, { "rule": { "family": "ip", "table": "nat", "chain": "OUTPUT", "handle": 8, "expr": [ { "match": { "op": "!=", "left": { "payload": { "protocol": "ip", "field": "daddr" } }, "right": { "prefix": { "addr": "127.0.0.0", "len": 8 } } } }, { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER" } } ] } }, { "table": { "family": "ip", "name": "mangle", "handle": 4 } }, { "chain": { "family": "ip", "table": "mangle", "name": "LIBVIRT_PRT", "handle": 1 } }, { "chain": { "family": "ip", "table": "mangle", "name": "POSTROUTING", "handle": 2, "type": "filter", "hook": "postrouting", "prio": -150, "policy": "accept" } }, { "rule": { "family": "ip", "table": "mangle", "chain": "LIBVIRT_PRT", "handle": 4, "expr": [ { "match": { "op": "==", "left": { "meta": { "key": "oifname" } }, "right": "virbr1" } }, { "match": { "op": "==", "left": { "payload": { "protocol": "udp", "field": "dport" } }, "right": 68 } }, { "counter": { "packets": 0, "bytes": 0 } }, { "xt": { "type": "target", "name": "CHECKSUM" } } ] } }, { "rule": { "family": "ip", "table": "mangle", "chain": "POSTROUTING", "handle": 3, "expr": [ { "counter": { "packets": 35006, "bytes": 3697120 } }, { "jump": { "target": "LIBVIRT_PRT" } } ] } }, { "table": { "family": "ip6", "name": "nat", "handle": 5 } }, { "chain": { "family": "ip6", "table": "nat", "name": "LIBVIRT_PRT", "handle": 1 } }, { "chain": { "family": "ip6", "table": "nat", "name": "POSTROUTING", "handle": 2, "type": "nat", "hook": "postrouting", "prio": 100, "policy": "accept" } }, { "chain": { "family": "ip6", "table": "nat", "name": "DOCKER", "handle": 4 } }, { "chain": { "family": "ip6", "table": "nat", "name": "PREROUTING", "handle": 5, "type": "nat", "hook": "prerouting", "prio": -100, "policy": "accept" } }, { "chain": { "family": "ip6", "table": "nat", "name": "OUTPUT", "handle": 7, "type": "nat", "hook": "output", "prio": -100, "policy": "accept" } }, { "rule": { "family": "ip6", "table": "nat", "chain": "POSTROUTING", "handle": 3, "expr": [ { "counter": { "packets": 8, "bytes": 1380 } }, { "jump": { "target": "LIBVIRT_PRT" } } ] } }, { "rule": { "family": "ip6", "table": "nat", "chain": "PREROUTING", "handle": 6, "expr": [ { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER" } } ] } }, { "rule": { "family": "ip6", "table": "nat", "chain": "OUTPUT", "handle": 8, "expr": [ { "match": { "op": "!=", "left": { "payload": { "protocol": "ip6", "field": "daddr" } }, "right": "::1" } }, { "xt": { "type": "match", "name": "addrtype" } }, { "counter": { "packets": 0, "bytes": 0 } }, { "jump": { "target": "DOCKER" } } ] } }, { "table": { "family": "ip6", "name": "mangle", "handle": 6 } }, { "chain": { "family": "ip6", "table": "mangle", "name": "LIBVIRT_PRT", "handle": 1 } }, { "chain": { "family": "ip6", "table": "mangle", "name": "POSTROUTING", "handle": 2, "type": "filter", "hook": "postrouting", "prio": -150, "policy": "accept" } }, { "rule": { "family": "ip6", "table": "mangle", "chain": "POSTROUTING", "handle": 3, "expr": [ { "counter": { "packets": 63, "bytes": 6412 } }, { "jump": { "target": "LIBVIRT_PRT" } } ] } } ] }