# rules6-save generated by awall
*filter
:FORWARD DROP [0:0]
:INPUT DROP [0:0]
:OUTPUT DROP [0:0]
:icmp-routing - [0:0]
-A FORWARD -i eth0 -p tcp --dport 6667 -j LOG --log-level 6
-A FORWARD -i eth0 -p tcp --dport 21 -j LOG --log-level emerg
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A FORWARD -p 123 -j ACCEPT
-A FORWARD -i ppp0 -m string --string "bar is open" --algo bm -j ACCEPT
-A FORWARD -i eth0 -j ACCEPT
-A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth0 -o eth4 -j ACCEPT
-A FORWARD -i eth0 -o eth5 -j ACCEPT
-A FORWARD -i eth0 -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -o eth0 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -o eth4 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -o eth5 -j ACCEPT
-A FORWARD -i eth1 -s fc00::/7 -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -i eth4 -o eth0 -j ACCEPT
-A FORWARD -i eth5 -o eth0 -j ACCEPT
-A FORWARD -i eth4 -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth5 -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -i eth4 -o eth4 -j ACCEPT
-A FORWARD -i eth4 -o eth5 -j ACCEPT
-A FORWARD -i eth5 -o eth4 -j ACCEPT
-A FORWARD -i eth5 -o eth5 -j ACCEPT
-A FORWARD -i eth4 -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -i eth5 -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -o eth0 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -o eth1 -d fc00::/7 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -o eth4 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -o eth5 -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec -m policy --dir out --pol ipsec -j ACCEPT
-A FORWARD -p icmpv6 -j icmp-routing
-A INPUT -i eth0 -p tcp --dport 6667 -j LOG --log-level 6
-A INPUT -i eth0 -p tcp --dport 21 -j LOG --log-level emerg
-A INPUT -m statistic --mode nth --every 5 --packet 0 -j NFLOG --nflog-prefix "FOO " --nflog-threshold 3
-A INPUT -j NFLOG --nflog-group 1 --nflog-size 128
-A INPUT -j TEE --gateway fc00::2
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A INPUT -i lo -j ACCEPT
-A INPUT -p 123 -j ACCEPT
-A INPUT -i ppp0 -m string --string "bar is open" --algo bm -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -p icmpv6 -j ACCEPT
-A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A OUTPUT -p icmpv6 -m conntrack --ctstate RELATED -j icmp-routing
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p 123 -j ACCEPT
-A OUTPUT -j ACCEPT
-A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
-A OUTPUT -p icmpv6 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 1 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 2 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 3 -j ACCEPT
-A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
COMMIT
*mangle
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A INPUT -j MARK --set-mark 3
-A OUTPUT -j MARK --set-mark 1
-A POSTROUTING -o eth1 -d fc00::/7 -j MARK --set-mark 3
-A PREROUTING -i eth0 -j MARK --set-mark 1
COMMIT
*nat
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 22 -j ACCEPT
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE --to-ports 7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE --to-ports 1234-5678
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source fc00:600d::cafe
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:600d::cafe]:7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:600d::cafe]:1234-5678
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source fc00:600d::cafe
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:600d::cafe]:7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:600d::cafe]:1234-5678
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 22 -j ACCEPT
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE --to-ports 7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j MASQUERADE --to-ports 1234-5678
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source fc00:dead::beef-fc00:dead::ca1f
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:dead::beef-fc00:dead::ca1f]:7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:dead::beef-fc00:dead::ca1f]:1234-5678
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source fc00:dead::beef-fc00:dead::ca1f
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:dead::beef-fc00:dead::ca1f]:7890
-A POSTROUTING -o eth1 -d fc00::/7 -p tcp --dport 80 -j SNAT --to-source [fc00:dead::beef-fc00:dead::ca1f]:1234-5678
-A PREROUTING -i eth0 -p tcp --dport 22 -j ACCEPT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 1234-5678
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination fc00:600d::cafe
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:600d::cafe]:7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:600d::cafe]:1234-5678
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination fc00:600d::cafe
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:600d::cafe]:7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:600d::cafe]:1234-5678
-A PREROUTING -i eth0 -p tcp --dport 22 -j ACCEPT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-ports 1234-5678
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination fc00:dead::beef-fc00:dead::ca1f
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:dead::beef-fc00:dead::ca1f]:7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:dead::beef-fc00:dead::ca1f]:1234-5678
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination fc00:dead::beef-fc00:dead::ca1f
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:dead::beef-fc00:dead::ca1f]:7890
-A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination [fc00:dead::beef-fc00:dead::ca1f]:1234-5678
COMMIT
*raw
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
-A OUTPUT -j CT --notrack
-A PREROUTING -i eth0 -j CT --notrack
-A PREROUTING -i eth1 -s fc00::/7 -j CT --notrack
-A PREROUTING -m addrtype --dst-type LOCAL -j CT --notrack
COMMIT
