iptables-restore-wrapper: 6938
[6938] *filter
[6938] # builtin chains
[6938] :INPUT DROP [0:0]
[6938] :FORWARD DROP [0:0]
[6938] :OUTPUT ACCEPT [0:0]
[6938] COMMIT
[6938] wrapper exits

iptables-restore-wrapper: 7019
[7019] *filter
[7019] -A ufw-reject-input -j REJECT
[7019] COMMIT
iptables-restore: line 2 failed
[7019] wrapper exits

iptables-restore-wrapper: 7024
[7024] *filter
[7024] -A ufw-track-output -p tcp -m state --state NEW -j ACCEPT
[7024] -A ufw-track-output -p udp -m state --state NEW -j ACCEPT
[7024] COMMIT
iptables-restore: line 2 failed
[7024] wrapper exits

iptables-restore-wrapper: 7029
[7029] *filter
[7029] :ufw-logging-deny - [0:0]
[7029] :ufw-logging-allow - [0:0]
[7029] COMMIT
[7029] wrapper exits

iptables-restore-wrapper: 7035
[7035] *filter
[7035] :ufw-skip-to-policy-input - [0:0]
[7035] :ufw-skip-to-policy-output - [0:0]
[7035] :ufw-skip-to-policy-forward - [0:0]
[7035] -A ufw-skip-to-policy-input -j "REJECT"
[7035] -A ufw-skip-to-policy-output -j "ACCEPT"
[7035] -A ufw-skip-to-policy-forward -j "DROP"
[7035] COMMIT
[7035] wrapper exits

iptables-restore-wrapper: 7037
[7037] #
[7037] # rules.before
[7037] #
[7037] # Rules that should be run before the ufw command line added rules. Custom
[7037] # rules should be added to one of these chains:
[7037] #   ufw-before-input
[7037] #   ufw-before-output
[7037] #   ufw-before-forward
[7037] #
[7037] 
[7037] # Don't delete these required lines, otherwise there will be errors
[7037] *filter
[7037] :ufw-before-input - [0:0]
[7037] :ufw-before-output - [0:0]
[7037] :ufw-before-forward - [0:0]
[7037] :ufw-not-local - [0:0]
[7037] # End required lines
[7037] 
[7037] 
[7037] # allow all on loopback
[7037] -A ufw-before-input -i lo -j ACCEPT
[7037] -A ufw-before-output -o lo -j ACCEPT
[7037] 
[7037] # quickly process packets for which we already have a connection
[7037] -A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
[7037] -A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
[7037] 
[7037] # drop INVALID packets (logs these in loglevel medium and higher)
[7037] -A ufw-before-input -m state --state INVALID -j ufw-logging-deny
[7037] -A ufw-before-input -m state --state INVALID -j DROP
[7037] 
[7037] # ok icmp codes
[7037] -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
[7037] -A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
[7037] -A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
[7037] -A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
[7037] -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEPT
[7037] 
[7037] # allow dhcp client to work
[7037] -A ufw-before-input -p udp --sport 67 --dport 68 -j ACCEPT
[7037] 
[7037] #
[7037] # ufw-not-local
[7037] #
[7037] -A ufw-before-input -j ufw-not-local
[7037] 
[7037] # if LOCAL, RETURN
[7037] -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
[7037] 
[7037] # if MULTICAST, RETURN
[7037] -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
[7037] 
[7037] # if BROADCAST, RETURN
[7037] -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
[7037] 
[7037] # all other non-local packets are dropped
[7037] -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
[7037] -A ufw-not-local -j DROP
[7037] 
[7037] # allow MULTICAST, be sure the MULTICAST line above is uncommented
[7037] -A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
[7037] -A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
[7037] 
[7037] 
[7037] # don't delete the 'COMMIT' line or these rules won't be processed
[7037] COMMIT
[7037] wrapper exits

iptables-restore-wrapper: 7040
[7040] #
[7040] # rules.input-after
[7040] #
[7040] # Rules that should be run after the ufw command line added rules. Custom
[7040] # rules should be added to one of these chains:
[7040] #   ufw-after-input
[7040] #   ufw-after-output
[7040] #   ufw-after-forward
[7040] #
[7040] 
[7040] # Don't delete these required lines, otherwise there will be errors
[7040] *filter
[7040] :ufw-after-input - [0:0]
[7040] :ufw-after-output - [0:0]
[7040] :ufw-after-forward - [0:0]
[7040] # End required lines
[7040] 
[7040] # don't log noisy services by default
[7040] -A ufw-after-input -p udp --dport 137 -j ufw-skip-to-policy-input
[7040] -A ufw-after-input -p udp --dport 138 -j ufw-skip-to-policy-input
[7040] -A ufw-after-input -p tcp --dport 139 -j ufw-skip-to-policy-input
[7040] -A ufw-after-input -p tcp --dport 445 -j ufw-skip-to-policy-input
[7040] -A ufw-after-input -p udp --dport 67 -j ufw-skip-to-policy-input
[7040] -A ufw-after-input -p udp --dport 68 -j ufw-skip-to-policy-input
[7040] 
[7040] # don't log noisy broadcast
[7040] -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
[7040] 
[7040] # don't delete the 'COMMIT' line or these rules won't be processed
[7040] COMMIT
[7040] wrapper exits

iptables-restore-wrapper: 7047
[7047] *filter
[7047] :ufw-user-input - [0:0]
[7047] :ufw-user-output - [0:0]
[7047] :ufw-user-forward - [0:0]
[7047] :ufw-user-logging-input - [0:0]
[7047] :ufw-user-logging-output - [0:0]
[7047] :ufw-user-logging-forward - [0:0]
[7047] :ufw-user-limit - [0:0]
[7047] :ufw-user-limit-accept - [0:0]
[7047] COMMIT
[7047] wrapper exits

iptables-restore-wrapper: 7055
[7055] *filter
[7055] :ufw-user-input - [0:0]
[7055] :ufw-user-output - [0:0]
[7055] :ufw-user-forward - [0:0]
[7055] :ufw-before-logging-input - [0:0]
[7055] :ufw-before-logging-output - [0:0]
[7055] :ufw-before-logging-forward - [0:0]
[7055] :ufw-user-logging-input - [0:0]
[7055] :ufw-user-logging-output - [0:0]
[7055] :ufw-user-logging-forward - [0:0]
[7055] :ufw-after-logging-input - [0:0]
[7055] :ufw-after-logging-output - [0:0]
[7055] :ufw-after-logging-forward - [0:0]
[7055] :ufw-logging-deny - [0:0]
[7055] :ufw-logging-allow - [0:0]
[7055] :ufw-user-limit - [0:0]
[7055] :ufw-user-limit-accept - [0:0]
[7055] ### RULES ###
[7055] 
[7055] ### tuple ### allow any any 0.0.0.0/0 any 192.168.1.0/24 in
[7055] -A ufw-user-input -s 192.168.1.0/24 -j ACCEPT
[7055] 
[7055] ### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
[7055] -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache'
[7055] 
[7055] ### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
[7055] -A ufw-user-input -p tcp --dport 22 -j ACCEPT
[7055] -A ufw-user-input -p udp --dport 22 -j ACCEPT
[7055] 
[7055] ### tuple ### allow any 5060 0.0.0.0/0 any 0.0.0.0/0 in
[7055] -A ufw-user-input -p tcp --dport 5060 -j ACCEPT
[7055] -A ufw-user-input -p udp --dport 5060 -j ACCEPT
[7055] 
[7055] ### tuple ### allow any any 0.0.0.0/0 any 192.168.122.0/24 in
[7055] -A ufw-user-input -s 192.168.122.0/24 -j ACCEPT
[7055] 
[7055] ### tuple ### allow any 24220 0.0.0.0/0 any 0.0.0.0/0 in
[7055] -A ufw-user-input -p tcp --dport 24220 -j ACCEPT
[7055] -A ufw-user-input -p udp --dport 24220 -j ACCEPT
[7055] 
[7055] ### END RULES ###
[7055] 
[7055] ### LOGGING ###
[7055] -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7055] -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7055] -I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
[7055] -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7055] -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
[7055] ### END LOGGING ###
[7055] 
[7055] ### RATE LIMITING ###
[7055] -A ufw-user-limit -m limit --limit 3/minute -j LOG --log-prefix "[UFW LIMIT BLOCK] "
[7055] -A ufw-user-limit -j REJECT
[7055] -A ufw-user-limit-accept -j ACCEPT
[7055] ### END RATE LIMITING ###
[7055] COMMIT
[7055] wrapper exits

iptables-restore-wrapper: 7059
[7059] *filter
[7059] -A ufw-before-input -j ufw-user-input
[7059] -A ufw-before-output -j ufw-user-output
[7059] -A ufw-before-forward -j ufw-user-forward
[7059] COMMIT
[7059] wrapper exits

ip6tables-restore-wrapper: 7069
[7069] *filter
[7069] # builtin chains
[7069] :INPUT DROP [0:0]
[7069] :FORWARD DROP [0:0]
[7069] :OUTPUT ACCEPT [0:0]
[7069] COMMIT
[7069] wrapper exits

ip6tables-restore-wrapper: 7159
[7159] *filter
[7159] -A ufw6-reject-input -j REJECT
[7159] COMMIT
ip6tables-restore: line 2 failed
[7159] wrapper exits

ip6tables-restore-wrapper: 7162
[7162] *filter
[7162] -A ufw6-track-output -p tcp -m state --state NEW -j ACCEPT
[7162] -A ufw6-track-output -p udp -m state --state NEW -j ACCEPT
[7162] COMMIT
ip6tables-restore: line 2 failed
[7162] wrapper exits

ip6tables-restore-wrapper: 7166
[7166] *filter
[7166] :ufw6-logging-deny - [0:0]
[7166] :ufw6-logging-allow - [0:0]
[7166] COMMIT
[7166] wrapper exits

ip6tables-restore-wrapper: 7170
[7170] *filter
[7170] :ufw6-skip-to-policy-input - [0:0]
[7170] :ufw6-skip-to-policy-output - [0:0]
[7170] :ufw6-skip-to-policy-forward - [0:0]
[7170] -A ufw6-skip-to-policy-input -j "REJECT"
[7170] -A ufw6-skip-to-policy-output -j "ACCEPT"
[7170] -A ufw6-skip-to-policy-forward -j "DROP"
[7170] COMMIT
[7170] wrapper exits

ip6tables-restore-wrapper: 7172
[7172] #
[7172] # rules.before
[7172] #
[7172] # Rules that should be run before the ufw command line added rules. Custom
[7172] # rules should be added to one of these chains:
[7172] #   ufw6-before-input
[7172] #   ufw6-before-output
[7172] #   ufw6-before-forward
[7172] #
[7172] 
[7172] # Don't delete these required lines, otherwise there will be errors
[7172] *filter
[7172] :ufw6-before-input - [0:0]
[7172] :ufw6-before-output - [0:0]
[7172] :ufw6-before-forward - [0:0]
[7172] # End required lines
[7172] 
[7172] 
[7172] # allow all on loopback
[7172] -A ufw6-before-input -i lo -j ACCEPT
[7172] -A ufw6-before-output -o lo -j ACCEPT
[7172] 
[7172] # for stateless autoconfiguration (restrict NDP messages to hop limit of 255)
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
[7172] 
[7172] # quickly process packets for which we already have a connection
[7172] -A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
[7172] -A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
[7172] 
[7172] # drop INVALID packets (logs these in loglevel medium and higher)
[7172] -A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny
[7172] -A ufw6-before-input -m state --state INVALID -j DROP
[7172] 
[7172] # ok icmp codes
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
[7172] 
[7172] # allow dhcp client to work
[7172] -A ufw6-before-input -p udp --sport 67 --dport 68 -j ACCEPT
[7172] 
[7172] # allow MULTICAST
[7172] -A ufw6-before-input -p icmpv6 -s ff00::1/8 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 -d ff00::1/8 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 -s ff00::2/8 -j ACCEPT
[7172] -A ufw6-before-input -p icmpv6 -d ff00::2/8 -j ACCEPT
[7172] 
[7172] # don't delete the 'COMMIT' line or these rules won't be processed
[7172] COMMIT
[7172] wrapper exits

ip6tables-restore-wrapper: 7174
[7174] #
[7174] # rules.input-after
[7174] #
[7174] # Rules that should be run after the ufw command line added rules. Custom
[7174] # rules should be added to one of these chains:
[7174] #   ufw6-after-input
[7174] #   ufw6-after-output
[7174] #   ufw6-after-forward
[7174] #
[7174] 
[7174] # Don't delete these required lines, otherwise there will be errors
[7174] *filter
[7174] :ufw6-after-input - [0:0]
[7174] :ufw6-after-output - [0:0]
[7174] :ufw6-after-forward - [0:0]
[7174] # End required lines
[7174] 
[7174] # don't log noisy services by default
[7174] -A ufw6-after-input -p udp --dport 137 -j ufw6-skip-to-policy-input
[7174] -A ufw6-after-input -p udp --dport 138 -j ufw6-skip-to-policy-input
[7174] -A ufw6-after-input -p tcp --dport 139 -j ufw6-skip-to-policy-input
[7174] -A ufw6-after-input -p tcp --dport 445 -j ufw6-skip-to-policy-input
[7174] -A ufw6-after-input -p udp --dport 67 -j ufw6-skip-to-policy-input
[7174] -A ufw6-after-input -p udp --dport 68 -j ufw6-skip-to-policy-input
[7174] 
[7174] # don't delete the 'COMMIT' line or these rules won't be processed
[7174] COMMIT
[7174] wrapper exits

ip6tables-restore-wrapper: 7178
[7178] *filter
[7178] :ufw6-user-input - [0:0]
[7178] :ufw6-user-output - [0:0]
[7178] :ufw6-user-forward - [0:0]
[7178] :ufw6-user-logging-input - [0:0]
[7178] :ufw6-user-logging-output - [0:0]
[7178] :ufw6-user-logging-forward - [0:0]
[7178] :ufw6-user-limit - [0:0]
[7178] :ufw6-user-limit-accept - [0:0]
[7178] COMMIT
[7178] wrapper exits

ip6tables-restore-wrapper: 7180
[7180] *filter
[7180] :ufw6-user-input - [0:0]
[7180] :ufw6-user-output - [0:0]
[7180] :ufw6-user-forward - [0:0]
[7180] :ufw6-before-logging-input - [0:0]
[7180] :ufw6-before-logging-output - [0:0]
[7180] :ufw6-before-logging-forward - [0:0]
[7180] :ufw6-user-logging-input - [0:0]
[7180] :ufw6-user-logging-output - [0:0]
[7180] :ufw6-user-logging-forward - [0:0]
[7180] :ufw6-after-logging-input - [0:0]
[7180] :ufw6-after-logging-output - [0:0]
[7180] :ufw6-after-logging-forward - [0:0]
[7180] :ufw6-logging-deny - [0:0]
[7180] :ufw6-logging-allow - [0:0]
[7180] ### RULES ###
[7180] 
[7180] ### tuple ### allow any any ::/0 any 2001:470:1f0b:cfb::2/64 in
[7180] -A ufw6-user-input -s 2001:470:1f0b:cfb::2/64 -j ACCEPT
[7180] 
[7180] ### tuple ### allow tcp 80 ::/0 any ::/0 Apache - in
[7180] -A ufw6-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache'
[7180] 
[7180] ### tuple ### allow any 22 ::/0 any ::/0 in
[7180] -A ufw6-user-input -p tcp --dport 22 -j ACCEPT
[7180] -A ufw6-user-input -p udp --dport 22 -j ACCEPT
[7180] 
[7180] ### tuple ### allow tcp 113 ::/0 any ::/0 in
[7180] -A ufw6-user-input -p tcp --dport 113 -j ACCEPT
[7180] 
[7180] ### tuple ### allow any 5060 ::/0 any ::/0 in
[7180] -A ufw6-user-input -p tcp --dport 5060 -j ACCEPT
[7180] -A ufw6-user-input -p udp --dport 5060 -j ACCEPT
[7180] 
[7180] ### tuple ### allow any 24220 ::/0 any ::/0 in
[7180] -A ufw6-user-input -p tcp --dport 24220 -j ACCEPT
[7180] -A ufw6-user-input -p udp --dport 24220 -j ACCEPT
[7180] 
[7180] ### END RULES ###
[7180] 
[7180] ### LOGGING ###
[7180] -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7180] -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7180] -I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
[7180] -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
[7180] -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
[7180] ### END LOGGING ###
[7180] COMMIT
[7180] wrapper exits

ip6tables-restore-wrapper: 7183
[7183] *filter
[7183] -A ufw6-before-input -j ufw6-user-input
[7183] -A ufw6-before-output -j ufw6-user-output
[7183] -A ufw6-before-forward -j ufw6-user-forward
[7183] COMMIT
[7183] wrapper exits