Re: 8.1: Rechner bleibt bei Phase 2 v. 3 der Firewall haengen.

15 Oct 2002

      On Mittwoch, 16. Oktober 2002 00:10 Wolfgang Kueter wrote:
...
Am Die, 2002-10-15 um 20.21 schrieb Al Bogner:
...
Mit und ohne Update von 8.1 bleibt der Rechner beim Hochfahren
bei Phase 2 v. 3 der Firewall hängen. Installiert wurde ein
"minimales grafisches System" ohne Maus. Hardware: Cel. 466,
160MB RAM, S3-Graka, Asus P2B-S Mobo.
Ich ergänze, auch bei Abschluß der FW-Konfiguration unter yast 
passiert es meistens, dass es bei 66% hängen bleibt. Schön langsam 
vermute ich einen Hardware-Fehler der ISDN-Karte. Einmal sah ich 
kurz eine Meldung, die so ungefähr besagte, dass ippp0 nicht 
gefunden wurde und deswegen die Konfiguration der FW nicht 
abgeschlossen werden konnte. hwinfo erkennt die Karte aber.
...
Wozu dient die Mschine denn?
FW, Masquerading, Router, Notsystem. Ich bin schon fast soweit, dass 
ich mal http://www.fli4l.de/ ausprobiere.

Auf diesem Rechner schaffe ich es unter 8.0 gar nicht mehr eine 
Internetverbindung zustande zu bringen, aber unter 8.1. ISDN-Karte 
(Fritz PCI) war immer die gleiche. Also doch wieder kein 
Hardwareproblem, sondern ein Konfigurationsproblem? Ich verstehe 
nur nicht, warum es am anderen Rechner unter 8.0 ein Kinderspiel 
war den Internetzugang zu konfigurieren und ich bei diesem Rechner 
unter 8.0 scheitere, aber es mit 8,1 geht. Egal, bleiben wir mal 
bei 8.1 und dem FW-Problem.
...
In der Runlevelkonfiguration von Yast kannst Du einstellen, ob
das Firewallgeraffel gestartet werden soll. Schalte es ab, Du
brauchst es wahrscheinlich sowieso nicht. Falls doch, begründe
bitte wozu Du es Deiner Meinung nach brauchst.
Das dachte ich mir auch und habe o.a. Vorschlag bereits umgesetzt. 
Eben sah ich noch mals nach und irgendwas, vermutlich 
yast-Firewall, hat es wieder aktiv gesetzt. Im Augenblick muß ich 
aber sehr vorsichtig sein, um mir nicht die Internetverbindung 
kaputt zu machen. Ich probier jetzt also nichts aus und warte 
vorher die Antwort ab.
...
...
Ein ping bzw. ssh von einem anderen Rechner funktioniert nicht.
Manchmal geht es doch. Das sind immer die besten Bemerkungen, sorry 
es ist so :-) Das ssh-Problem unter 8.1 kommt da auch noch 
erschwerend hinzu.
...
Was sagt denn iptables -nL
Siehe PS.

Albert

PS:

# iptables -nL
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
LOG        all  --  127.0.0.0/8          0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
LOG        all  --  0.0.0.0/0            127.0.0.0/8        LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP       all  --  127.0.0.0/8          0.0.0.0/0
DROP       all  --  0.0.0.0/0            127.0.0.0/8
LOG        all  --  192.168.1.99         0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP       all  --  192.168.1.99         0.0.0.0/0
LOG        all  --  62.46.155.103        0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOFING '
DROP       all  --  62.46.155.103        0.0.0.0/0
input_ext  all  --  0.0.0.0/0            62.46.155.103
input_int  all  --  0.0.0.0/0            192.168.1.99
DROP       all  --  0.0.0.0/0            192.168.1.255
DROP       all  --  0.0.0.0/0            255.255.255.255
LOG        all  --  0.0.0.0/0            62.46.155.103      LOG 
flags 6 level 4 prefix `SuSE-FW-ACCESS_DENIED_INT '
DROP       all  --  0.0.0.0/0            62.46.155.103
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-ILLEGAL-TARGET '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x06/0x02 TCPMSS clamp to PMTU
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
forward_ext  all  --  0.0.0.0/0            0.0.0.0/0
forward_int  all  --  0.0.0.0/0            0.0.0.0/0
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-ILLEGAL-ROUTING '
DROP       all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-FORWARD-ERROR '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 11 LOG flags 6 level 4 prefix `SuSE-FW-TRACEROUTE-ATTEMPT '
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3 code 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3 code 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3 code 9
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3 code 10
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3 code 13
DROP       icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 3
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED
LOG        all  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-OUTPUT-ERROR '

Chain forward_dmz (0 references)
target     prot opt source               destination
LOG        all  --  62.46.155.103        0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  62.46.155.103        0.0.0.0/0
LOG        all  --  192.168.1.0/24       0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  192.168.1.0/24       0.0.0.0/0
LOG        all  --  0.0.0.0/0            192.168.1.99       LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP       all  --  0.0.0.0/0            192.168.1.99
LOG        all  --  0.0.0.0/0            62.46.155.103      LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP       all  --  0.0.0.0/0            62.46.155.103
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain forward_ext (1 references)
target     prot opt source               destination
LOG        all  --  192.168.1.0/24       0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  192.168.1.0/24       0.0.0.0/0
LOG        all  --  0.0.0.0/0            192.168.1.99       LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP       all  --  0.0.0.0/0            192.168.1.99
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain forward_int (1 references)
target     prot opt source               destination
LOG        all  --  62.46.155.103        0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  62.46.155.103        0.0.0.0/0
LOG        all  --  0.0.0.0/0            62.46.155.103      LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-CIRCUMVENTION '
DROP       all  --  0.0.0.0/0            62.46.155.103
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain input_dmz (0 references)
target     prot opt source               destination
LOG        all  --  62.46.155.103        0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  62.46.155.103        0.0.0.0/0
LOG        all  --  192.168.1.0/24       0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  192.168.1.0/24       0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 18
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 2 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP       icmp --  0.0.0.0/0            0.0.0.0/0
reject_func  tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:113 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:22 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:111 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:111 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix 
`SuSE-FW-ACCEPT '
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT     udp  --  195.3.96.67          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
ACCEPT     udp  --  195.3.96.68          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:22
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:111
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:111
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED udp dpts:1024:65535
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain input_ext (1 references)
target     prot opt source               destination
LOG        all  --  192.168.1.0/24       0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  192.168.1.0/24       0.0.0.0/0
LOG        icmp --  62.46.155.103        0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT-SOURCEQUENCH '
ACCEPT     icmp --  62.46.155.103        0.0.0.0/0          icmp 
type 4
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 18
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 2 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP       icmp --  0.0.0.0/0            0.0.0.0/0
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-ACCEPT '
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED tcp dpt:22
reject_func  tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:113 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:22 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:22 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:111 flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP '
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:111 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix 
`SuSE-FW-ACCEPT '
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT     udp  --  195.3.96.67          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
ACCEPT     udp  --  195.3.96.68          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:22
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:111
DROP       udp  --  0.0.0.0/0            0.0.0.0/0          udp 
dpt:111
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED udp dpts:1024:65535
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED udp dpts:61000:65095
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain input_int (1 references)
target     prot opt source               destination
LOG        all  --  62.46.155.103        0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-ANTI-SPOOF '
DROP       all  --  62.46.155.103        0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 12
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 14
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED icmp type 18
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 2 LOG flags 6 level 4 prefix `SuSE-FW-DROP-ICMP-CRIT '
DROP       icmp --  0.0.0.0/0            0.0.0.0/0
reject_func  tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpt:113 flags:0x16/0x02
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
dpts:1024:65535 flags:0x16/0x02 LOG flags 6 level 4 prefix 
`SuSE-FW-ACCEPT '
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED tcp dpts:1024:65535
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpts:600:65535 flags:!0x16/0x02
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0          state 
ESTABLISHED tcp dpt:20 flags:!0x16/0x02
ACCEPT     udp  --  195.3.96.67          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
ACCEPT     udp  --  195.3.96.68          0.0.0.0/0          state 
NEW,RELATED,ESTABLISHED udp spt:53 dpts:1024:65535
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0          state 
RELATED,ESTABLISHED udp dpts:1024:65535
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0          tcp 
flags:0x16/0x02 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 4 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 5 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 8 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 13 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0          icmp 
type 17 LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        udp  --  0.0.0.0/0            0.0.0.0/0          LOG 
flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT '
LOG        all  --  0.0.0.0/0            0.0.0.0/0          state 
INVALID LOG flags 6 level 4 prefix `SuSE-FW-DROP-DEFAULT-INVALID '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain reject_func (3 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0          
reject-with tcp-reset
REJECT     udp  --  0.0.0.0/0            0.0.0.0/0          
reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0          
reject-with icmp-proto-unreachable