Fri Dec 05 14:11:03 ⛔🔜 root@hst-fr:~ # uname -a
Linux hst-fr 6.12.60-ninja #1 SMP PREEMPT_DYNAMIC Fri Dec  5 02:02:24 CET 2025 x86_64 GNU/Linux

Fri Dec 05 14:11:06 ⛔🔜 root@hst-fr:~ # cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 13 (trixie)"
NAME="Debian GNU/Linux"
VERSION_ID="13"
VERSION="13 (trixie)"
VERSION_CODENAME=trixie
DEBIAN_VERSION_FULL=13.2
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

# ----------------------------------------------------------------------------------------------------------------------------------
# After 10 secondes d'activité du firewall - HST-FR
# Date : vendredi 05 décembre 2025, 14:01:56 (UTC+0100)
# uptime 14:01:38 up  9:32,  1 user,  load average: 0.01, 0.02, 0.00
# -----------------
# Resume 
# ------
# Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: above 1/sec burst 1 mode srcip
   13   692 syn-flood  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F

    2   120            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    2   120 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

# ------
# Chain syn-flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13   692 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/sec burst 4
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

# ----------------------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------------------
# After 1 heure et 5 minutes d'activité du firewall - HST-FR
# Date : vendredi 05 décembre 2025, 15:06:57 (UTC+0100)
# 15:06:55 up 10:37,  1 user,  load average: 0.00, 0.00, 0.00
# -----------------
# Resume 
# ------
# Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: above 1/sec burst 1 mode srcip
  376 20412 syn-flood  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
    1    40 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F

  116  6920            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
  116  6920 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

# ------
# Chain syn-flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
  373 20244 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/sec burst 4
    3   168 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

# ----------------------------------------------------------------------------------------------------------------------------------


Fri Dec 05 13:55:17 ⛔🔜 root@hst-fr:~ # /root/firewall-hst-lab3w.sh restart
/root/firewall-hst-lab3w.sh Stop
   + On fixe les portes : ACCEPT
/root/firewall-hst-lab3w.sh Starting
   + Options du kernel : [OK]
iptables: No chain/target/match by that name.
   + Synflood Attack : [OK]
   + Spoofing Attack : [OK]
   + On accepte la loop : [OK]
   + Retour REQ : [OK]
   + Ping Limit 1/s Burst 4 : [OK]
   + SSH : [OK]
   + RSYNC : [OK]
   + TCP : [OK]
   + UDP : [OK]
   + VPN IPSEC / XL2TP : [OK]
   + VSERVERS NAT : [OK]
   + DNS : [OK]
   + HTTP : [OK]
   + LOG BURST 5 : [OK]
   + On fixe les portes : DROP


Fri Dec 05 13:55:38 ⛔🔜 root@hst-fr:~ # /root/firewall-ipv6-hst-lab3w.sh restart
/root/firewall-ipv6-hst-lab3w.sh Stop
   + POLICY ACCEPT : [OK]
/root/firewall-ipv6-hst-lab3w.sh Starting
   + KERNEL : [OK]
   + LOOPBACK : [OK]
   + ICMPV6 - DEFAULT : [OK]
   + ICMPV6 - LINK-LOCAL : [OK]
   + ICMPV6 - ADD CONF & ROUTEUR SELECTION : [OK]
   + ICMPV6 - MULTICAST ROUTEUR DISCOVERY : [OK]
   + ICMPV6 - EXPERIMENTATION : [OK]
   + ICMPV6 - INLIMIT + OUTPUT : [OK]
   + ICMPV6 - LIMIT 1/second DROP : [OK]
   + IPv6 - FORWARDING VMS : [OK]
   + IPv6 - FORWARDING WAN : [OK]
   + NAT : [OK]
   + SSH : [OK]
   + RSYNC : [OK]
   + TCP : [OK]
   + UDP : [OK]
   + HTTP : [OK]
   + VPN IPSEC / XL2TP : [OK]
   |
   + IPv6 - Addrs Unique Locale Area -----------------------
   |\
   | +--> fc00::/7 : ACCEPT
   | |
   | + IPv6 - Addrs Unique Locale Area : [OK]
   |
   + IPv6 - Addrs Multicast -----------------------
   |\
   | +--> ff00::/8 : ACCEPT
   | |
   | + IPv6 - Addrs Multicast : [OK]
   |
   + IPv6 - Addrs Link-Local Unicast -----------------------
   |\
   | +--> fe80::/10 : ACCEPT
   | |
   | + IPv6 - Addrs Link-Local : [OK]
   |
   + IPv6 - Addrs Site-Local Secure Area Network -------------------------
   |\
   | +--> fec0::/10 : ACCEPT
   | |
   | + IPv6 - Addrs Secure Area Network : [OK]
   |
   + IPv6 - Forwarding Addrs SWAN 2 ULA Networks -------------------------
   |\
   | +--> fec0::/10 <←> fc00::/7 : ACCEPT
   | |
   | + IPv6 - Forwarding Addrs SWAN 2 ULA Networks : [OK]
   |
   |
   + IPv6 - Addrs WAN ----------------------------------------------------
   |\
   | +--> 2a02:4780:28:5295:0000:0000:0000:0001 : ACCEPT
   | +--> fec5::1 : ACCEPT
   | |
   | + IPv6 - Addrs WAN : [OK]
   |
   + GENERIQUE : [OK]
   + LOGGING : [OK]
   + POLICY RT DROP : [OK]
   + POLICY DROP : [OK]


Fri Dec 05 13:55:46 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 128 limit: above 1/sec burst 1 mode srcip
   18  1296 aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
    0     0 ACCEPT     all  --  lo     *       ::/0                 ::/0
    0     0 ACCEPT     tcp  --  *      *       2607:5300:60:9300::/56  ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       fc00::/7             ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       fec0::/10            ::/0                 tcp dpt:22
    0     0            tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22 state NEW recent: SET name: SSH side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    0     0 DROP       tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
   16  1232 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       2607:5300:60:9300::/56  ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       2607:5300:60:9300::/56  ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       fc00::/7             ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       fc00::/7             ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       fec0::/10            ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       fec0::/10            ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:514
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:4949
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:5201
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:123
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:161
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:514
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:547
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:8443
    0     0 ACCEPT     udp  --  eth0   *       ::/0                 ::/0                 udp dpt:500
    0     0 ACCEPT     udp  --  eth0   *       ::/0                 ::/0                 udp dpt:4500
    0     0 ACCEPT     esp  --  eth0   *       ::/0                 ::/0                 esp
    0     0 ACCEPT     tcp  --  eth0   *       ::/0                 ::/0                 tcp dpt:50
    0     0 ACCEPT     tcp  --  eth0   *       ::/0                 ::/0                 tcp dpt:51
  398 42238 ACCEPT     all  --  *      *       fc00::/7             ::/0
    0     0 ACCEPT     all  --  *      *       ::/0                 ff00::/8
    0     0 ACCEPT     all  --  *      *       fe80::/10            ::/0
    0     0 ACCEPT     all  --  *      *       fec0::/10            ::/0
    1    90 ACCEPT     all  --  *      *       ::/0                 2a02:4780:28:5295::1
    0     0 ACCEPT     all  --  *      *       ::/0                 fec5::1
    0     0 ACCEPT     all  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "INPUT-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
    0     0 ACCEPT     all  --  lo     *       ::/0                 ::/0
    0     0 ACCEPT     all  --  *      lo      ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 eth0    ::/0                 ::/0
    0     0 ACCEPT     all  --  eth0   incusbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  lxcbr0 eth0    ::/0                 ::/0
    0     0 ACCEPT     all  --  eth0   lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  *      *       fc00::/7             fc00::/7
    0     0 ACCEPT     all  --  *      *       fc00::/7             fc00::/7
    0     0 ACCEPT     all  --  *      *       ff00::/8             ff00::/8
    0     0 ACCEPT     all  --  *      *       ff00::/8             ff00::/8
    0     0 ACCEPT     all  --  *      *       fe80::/10            fe80::/10
    0     0 ACCEPT     all  --  *      *       fe80::/10            fe80::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fec0::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fec0::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fc00::/7
    0     0 ACCEPT     all  --  *      *       fc00::/7             fec0::/10
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "FORWARD-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    4   426 aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
    0     0 ACCEPT     all  --  *      lo      ::/0                 ::/0
    0     0 ACCEPT     tcp  --  *      *       ::/0                 2607:5300:60:9300::/56  tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fc00::/7             tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fec0::/10            tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 2607:5300:60:9300::/56  tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 2607:5300:60:9300::/56  udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fc00::/7             tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 fc00::/7             udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fec0::/10            tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 fec0::/10            udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:514
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:4949
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:5201
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:123
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:161
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:514
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:546
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:547
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:80
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:443
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:8443
    0     0 ACCEPT     udp  --  *      eth0    ::/0                 ::/0                 udp spt:500
    0     0 ACCEPT     udp  --  *      eth0    ::/0                 ::/0                 udp spt:4500
    0     0 ACCEPT     tcp  --  *      eth0    ::/0                 ::/0                 tcp spt:50
    0     0 ACCEPT     tcp  --  *      eth0    ::/0                 ::/0                 tcp spt:51
  653 49302 ACCEPT     all  --  *      *       ::/0                 fc00::/7
    0     0 ACCEPT     all  --  *      *       ::/0                 ff00::/8
    0     0 ACCEPT     all  --  *      *       ::/0                 fe80::/10
    0     0 ACCEPT     all  --  *      *       ::/0                 fec0::/10
   10  1592 ACCEPT     all  --  *      *       2a02:4780:28:5295::1  ::/0
    0     0 ACCEPT     all  --  *      *       fec5::1              ::/0
    0     0 ACCEPT     all  --  *      *       ::/0                 ::/0
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "OUTPUT-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain aICMPs (3 references)
 pkts bytes target     prot opt in     out     source               destination
    1   138 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 2 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 3 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 3 code 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 2
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 128 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 129 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 130 code 0 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 131 code 0 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 132 code 0 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 133 code 0 HL match HL == 255
    3   288 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 134 code 0 HL match HL == 255
   18  1296 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 135 code 0 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 136 code 0 HL match HL == 255
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 137 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 138 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 139 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 140 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ff02::1              ipv6-icmptype 141 code 0 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 142 code 0 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 143 ctstate NEW HL match HL == 1
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 144 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 145 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 146 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 147
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 151 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 152 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 153 ctstate NEW HL match HL == 1
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 200
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 201
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 255


Fri Dec 05 13:56:14 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t raw
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 13:56:22 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 13:56:27 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 229K packets, 18M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::1000 !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::10 !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::bdc !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:1000   !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:db     !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:ad     !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:10     !fc00::/7


# ------


Fri Dec 05 13:57:36 ⛔🔜 root@hst-fr:~ # iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: above 1/sec burst 1 mode srcip
   13   692 syn-flood  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
    0     0 DROP       all  --  eth0   *       10.0.0.0/8           0.0.0.0/0
    0     0 DROP       all  --  eth0   *       172.16.0.0/12        0.0.0.0/0
    0     0 DROP       all  --  eth0   *       224.0.0.0/4          0.0.0.0/0
    0     0 DROP       all  --  eth0   *       240.0.0.0/5          0.0.0.0/0
    0     0 DROP       all  --  eth0   *       127.0.0.0/8          0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
 2132  332K ACCEPT     all  --  *      *       0.0.0.0/0            147.79.115.130       state RELATED,ESTABLISHED
    8   480 ACCEPT     icmp --  *      *       0.0.0.0/0            147.79.115.130       limit: avg 5/sec burst 4
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.175.0.254         state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            10.175.0.254         limit: avg 5/sec burst 4
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.3.1             state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            10.0.3.1             limit: avg 5/sec burst 4
    0     0 ACCEPT     tcp  --  eth0   *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       10.101.0.1           0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       10.101.0.1           0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       10.101.0.1           0.0.0.0/0            tcp dpt:22
    2   120            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    2   120 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0            tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0            tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       83.159.31.116        0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       83.159.31.116        0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       158.69.126.137       0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       158.69.126.137       0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.137         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.137         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.253         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.253         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.143         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.143         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.10.0/24       0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.10.0/24       0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       10.101.0.1           0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       10.101.0.1           0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:514
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:514
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:4500
    0     0 ACCEPT     esp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            esp
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:50
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51
    0     0 ACCEPT     tcp  --  eth0   *       104.113.170.241      0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       104.113.170.241      0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       151.231.39.39        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       151.231.39.39        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       121.201.29.121       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       121.201.29.121       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       183.39.223.233       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       183.39.223.233       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       183.15.177.153       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       183.15.177.153       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       216.105.171.68       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       216.105.171.68       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       173.254.28.48        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       173.254.28.48        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       162.212.252.227      0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       162.212.252.227      0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       222.70.229.251       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       222.70.229.251       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       148.66.136.61        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       148.66.136.61        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       185.17.52.46         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       185.17.52.46         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       59.127.92.11         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       59.127.92.11         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       45.61.237.40         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       45.61.237.40         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       180.86.4.148         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       180.86.4.148         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       201.64.112.162       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       201.64.112.162       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 limit: above 20/sec burst 20 mode srcip
    0     0            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state NEW recent: SET name: NAMED side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 recent: UPDATE seconds: 60 hit_count: 10 TTL-Match name: NAMED side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 tcp state NEW recent: SET name: WEB_80 side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    1    52 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 tcp state NEW recent: SET name: WEB_443 side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 LOG        udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES UDP-IN: "
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES ICMP-IN: "
    0     0 DROP       icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0
    5   268 LOG        tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES TCP-IN: "
   10   520 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES PROTOCOL-X-IN: "
    0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  incusbr0 eth0    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0   incusbr0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lxcbr0 eth0    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0   lxcbr0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
 3623  491K ACCEPT     all  --  *      *       147.79.115.130       0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.175.0.254         0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.0.3.1             0.0.0.0/0
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:500
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:4500
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            tcp spt:50
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            tcp spt:51
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 LOG flags 0 level 4 prefix "OUTPUT-U-NAMED:"
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:53 LOG flags 0 level 4 prefix "OUTPUT-T-NAMED:"
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:443
    0     0 LOG        udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES UDP-OUT: "
    0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES ICMP-OUT: "
    0     0 DROP       icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES TCP-OUT: "
    0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES PROTOCOL-X-OUT: "
    0     0 DROP       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain syn-flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
   13   692 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/sec burst 4
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0


Fri Dec 05 13:57:44 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t raw
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 13:57:51 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 13:57:54 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 21 packets, 1172 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            147.79.115.130       udp dpt:53 to:10.175.0.1:53
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            147.79.115.130       tcp dpt:53 to:10.175.0.1:53

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.1           0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.2           0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.10          0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.0.3.10            0.0.0.0/0

Fri Dec 05 13:58:00 ⛔🔜 root@hst-fr:~ #

# ----------------------------------------------------------------------------------------------------------------------------------

Fri Dec 05 15:04:01 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 128 limit: above 1/sec burst 1 mode srcip
 3714  273K aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
 1248 1132K ACCEPT     all  --  lo     *       ::/0                 ::/0
    0     0 ACCEPT     tcp  --  *      *       2607:5300:60:9300::/56  ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       fc00::/7             ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       fec0::/10            ::/0                 tcp dpt:22
    2   140            tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22 state NEW recent: SET name: SSH side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
    0     0 DROP       tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 1538  159K ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       2607:5300:60:9300::/56  ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       2607:5300:60:9300::/56  ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       fc00::/7             ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       fc00::/7             ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       fec0::/10            ::/0                 tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       fec0::/10            ::/0                 udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:514
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:4949
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp dpt:5201
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:123
    1    88 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:161
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:514
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:546
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp dpt:547
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:80
   31  2316 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state NEW tcp dpt:8443
    0     0 ACCEPT     udp  --  eth0   *       ::/0                 ::/0                 udp dpt:500
    0     0 ACCEPT     udp  --  eth0   *       ::/0                 ::/0                 udp dpt:4500
    0     0 ACCEPT     esp  --  eth0   *       ::/0                 ::/0                 esp
    0     0 ACCEPT     tcp  --  eth0   *       ::/0                 ::/0                 tcp dpt:50
    0     0 ACCEPT     tcp  --  eth0   *       ::/0                 ::/0                 tcp dpt:51
69427 7293K ACCEPT     all  --  *      *       fc00::/7             ::/0
    0     0 ACCEPT     all  --  *      *       ::/0                 ff00::/8
    0     0 ACCEPT     all  --  *      *       fe80::/10            ::/0
    0     0 ACCEPT     all  --  *      *       fec0::/10            ::/0
   83  6835 ACCEPT     all  --  *      *       ::/0                 2a02:4780:28:5295::1
    0     0 ACCEPT     all  --  *      *       ::/0                 fec5::1
    0     0 ACCEPT     all  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "INPUT-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
    0     0 ACCEPT     all  --  lo     *       ::/0                 ::/0
    0     0 ACCEPT     all  --  *      lo      ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  incusbr0 eth0    ::/0                 ::/0
    0     0 ACCEPT     all  --  eth0   incusbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  lxcbr0 eth0    ::/0                 ::/0
    0     0 ACCEPT     all  --  eth0   lxcbr0  ::/0                 ::/0
    0     0 ACCEPT     all  --  *      *       fc00::/7             fc00::/7
    0     0 ACCEPT     all  --  *      *       fc00::/7             fc00::/7
    0     0 ACCEPT     all  --  *      *       ff00::/8             ff00::/8
    0     0 ACCEPT     all  --  *      *       ff00::/8             ff00::/8
    0     0 ACCEPT     all  --  *      *       fe80::/10            fe80::/10
    0     0 ACCEPT     all  --  *      *       fe80::/10            fe80::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fec0::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fec0::/10
    0     0 ACCEPT     all  --  *      *       fec0::/10            fc00::/7
    0     0 ACCEPT     all  --  *      *       fc00::/7             fec0::/10
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "FORWARD-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
  672 63706 aICMPs     ipv6-icmp --  *      *       ::/0                 ::/0
 1248 1132K ACCEPT     all  --  *      lo      ::/0                 ::/0
    0     0 ACCEPT     tcp  --  *      *       ::/0                 2607:5300:60:9300::/56  tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fc00::/7             tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fec0::/10            tcp spt:22
    0     0 ACCEPT     tcp  --  *      *       ::/0                 2607:5300:60:9300::/56  tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 2607:5300:60:9300::/56  udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fc00::/7             tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 fc00::/7             udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 fec0::/10            tcp spt:873
    0     0 ACCEPT     udp  --  *      *       ::/0                 fec0::/10            udp spt:873
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:514
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:4949
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 tcp spt:5201
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:123
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:161
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:514
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:546
    0     0 ACCEPT     udp  --  *      *       ::/0                 ::/0                 udp spt:547
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:80
   63 16487 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:443
    0     0 ACCEPT     tcp  --  *      *       ::/0                 ::/0                 state RELATED,ESTABLISHED tcp spt:8443
    0     0 ACCEPT     udp  --  *      eth0    ::/0                 ::/0                 udp spt:500
    0     0 ACCEPT     udp  --  *      eth0    ::/0                 ::/0                 udp spt:4500
    0     0 ACCEPT     tcp  --  *      eth0    ::/0                 ::/0                 tcp spt:50
    0     0 ACCEPT     tcp  --  *      eth0    ::/0                 ::/0                 tcp spt:51
 116K 8854K ACCEPT     all  --  *      *       ::/0                 fc00::/7
    0     0 ACCEPT     all  --  *      *       ::/0                 ff00::/8
    0     0 ACCEPT     all  --  *      *       ::/0                 fe80::/10
    0     0 ACCEPT     all  --  *      *       ::/0                 fec0::/10
 1254  592K ACCEPT     all  --  *      *       2a02:4780:28:5295::1  ::/0
    0     0 ACCEPT     all  --  *      *       fec5::1              ::/0
    0     0 ACCEPT     all  --  *      *       ::/0                 ::/0
    0     0 LOG        all  --  *      *       ::/0                 ::/0                 LOG flags 0 level 4 prefix "OUTPUT-v6:"
    0     0 DROP       all  --  *      *       ::/0                 ::/0                 rt type:0

Chain aICMPs (3 references)
 pkts bytes target     prot opt in     out     source               destination
    3   402 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 1
    5  6400 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 2 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 3 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 3 code 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 1
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 4 code 2
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 128 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 129 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 130 code 0 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 131 code 0 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 132 code 0 ctstate NEW HL match HL == 1
    3   168 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 133 code 0 HL match HL == 255
  635 60960 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 134 code 0 HL match HL == 255
 3708  267K ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 135 code 0 HL match HL == 255
   32  2048 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 136 code 0 HL match HL == 255
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 137 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 138 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 139 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 140 code 0
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ff02::1              ipv6-icmptype 141 code 0 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 142 code 0 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 143 ctstate NEW HL match HL == 1
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 144 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 145 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 146 code 0
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 147
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 148 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 149 HL match HL == 255
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 151 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 152 ctstate NEW HL match HL == 1
    0     0 ACCEPT     ipv6-icmp --  *      *       fe80::/64            ::/0                 ipv6-icmptype 153 ctstate NEW HL match HL == 1
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 200
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 201
    0     0 DROP       ipv6-icmp --  *      *       ::/0                 ::/0                 ipv6-icmptype 255
Fri Dec 05 15:04:24 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t raw
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 15:04:34 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 15:04:38 ⛔🔜 root@hst-fr:~ # ip6tables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 257K packets, 21M bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::1000 !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::10 !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00:4780:28:5295::bdc !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:1000   !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:db     !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:ad     !fc00::/7
    0     0 MASQUERADE  all  --  *      eth0    fc00::10:0:3:10     !fc00::/7

# ------

Fri Dec 05 15:05:20 ⛔🔜 root@hst-fr:~ # iptables -L -vn
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DROP       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            limit: above 1/sec burst 1 mode srcip
  376 20412 syn-flood  tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
    1    40 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 state NEW
    0     0 DROP       all  -f  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
    0     0 DROP       all  --  eth0   *       10.0.0.0/8           0.0.0.0/0
    0     0 DROP       all  --  eth0   *       172.16.0.0/12        0.0.0.0/0
    0     0 DROP       all  --  eth0   *       224.0.0.0/4          0.0.0.0/0
    0     0 DROP       all  --  eth0   *       240.0.0.0/5          0.0.0.0/0
    0     0 DROP       all  --  eth0   *       127.0.0.0/8          0.0.0.0/0
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
73508   12M ACCEPT     all  --  *      *       0.0.0.0/0            147.79.115.130       state RELATED,ESTABLISHED
  286 17008 ACCEPT     icmp --  *      *       0.0.0.0/0            147.79.115.130       limit: avg 5/sec burst 4
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.175.0.254         state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            10.175.0.254         limit: avg 5/sec burst 4
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            10.0.3.1             state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            10.0.3.1             limit: avg 5/sec burst 4
    0     0 ACCEPT     tcp  --  eth0   *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       83.159.31.116        0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       158.69.126.137       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.137         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.253         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.5.143         0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       172.16.10.0/24       0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  eth0   *       10.101.0.1           0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  incusbr0 *       10.101.0.1           0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  lxcbr0 *       10.101.0.1           0.0.0.0/0            tcp dpt:22
  116  6920            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
  116  6920 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0            tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  incusbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0            tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW recent: SET name: SSH side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: SSH side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  lxcbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     tcp  --  *      *       83.159.31.116        0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       83.159.31.116        0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       158.69.126.137       0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       158.69.126.137       0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.137         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.137         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.253         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.253         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.5.143         0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.5.143         0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       172.16.10.0/24       0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       172.16.10.0/24       0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       10.101.0.1           0.0.0.0/0            tcp dpt:873
    0     0 ACCEPT     udp  --  *      *       10.101.0.1           0.0.0.0/0            udp dpt:873
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:514
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:123
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:514
    6  1830 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:4500
    0     0 ACCEPT     esp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            esp
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:50
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:51
    0     0 ACCEPT     tcp  --  eth0   *       104.113.170.241      0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       104.113.170.241      0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       151.231.39.39        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       151.231.39.39        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       121.201.29.121       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       121.201.29.121       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       183.39.223.233       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       183.39.223.233       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       183.15.177.153       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       183.15.177.153       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       216.105.171.68       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       216.105.171.68       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       173.254.28.48        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       173.254.28.48        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       162.212.252.227      0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       162.212.252.227      0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       222.70.229.251       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       222.70.229.251       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       148.66.136.61        0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       148.66.136.61        0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       185.17.52.46         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       185.17.52.46         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       59.127.92.11         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       59.127.92.11         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       45.61.237.40         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       45.61.237.40         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       180.86.4.148         0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       180.86.4.148         0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  eth0   *       201.64.112.162       0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       201.64.112.162       0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp dpt:53 limit: above 20/sec burst 20 mode srcip
    0     0            tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 state NEW recent: SET name: NAMED side: source mask: 255.255.255.255
    0     0 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53 recent: UPDATE seconds: 60 hit_count: 10 TTL-Match name: NAMED side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    9   492 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 tcp state NEW recent: SET name: WEB_80 side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
  104  5684 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 tcp state NEW recent: SET name: WEB_443 side: source mask: 255.255.255.255
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
   10   486 LOG        udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES UDP-IN: "
   11   539 DROP       udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES ICMP-IN: "
    0     0 DROP       icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0
   11   568 LOG        tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES TCP-IN: "
  140  6924 DROP       tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  eth0   *       0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES PROTOCOL-X-IN: "
    0     0 DROP       all  --  eth0   *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  incusbr0 eth0    0.0.0.0/0            0.0.0.0/0
    1    42 ACCEPT     all  --  eth0   incusbr0  0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  lxcbr0 eth0    0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  eth0   lxcbr0  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0
 121K   17M ACCEPT     all  --  *      *       147.79.115.130       0.0.0.0/0
    6  2058 ACCEPT     all  --  *      *       10.175.0.254         0.0.0.0/0
    0     0 ACCEPT     all  --  *      *       10.0.3.1             0.0.0.0/0
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:500
    0     0 ACCEPT     udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:4500
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            tcp spt:50
    0     0 ACCEPT     tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            tcp spt:51
    0     0 LOG        udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:53 LOG flags 0 level 4 prefix "OUTPUT-U-NAMED:"
    0     0 LOG        tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:53 LOG flags 0 level 4 prefix "OUTPUT-T-NAMED:"
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:443
    0     0 LOG        udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES UDP-OUT: "
    0     0 DROP       udp  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES ICMP-OUT: "
    0     0 DROP       icmp --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES TCP-OUT: "
    0     0 DROP       tcp  --  *      eth0    0.0.0.0/0            0.0.0.0/0
    0     0 LOG        all  --  *      eth0    0.0.0.0/0            0.0.0.0/0            limit: avg 6/hour burst 5 LOG flags 0 level 4 prefix "IPTABLES PROTOCOL-X-OUT: "
    0     0 DROP       all  --  *      eth0    0.0.0.0/0            0.0.0.0/0

Chain syn-flood (1 references)
 pkts bytes target     prot opt in     out     source               destination
  373 20244 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 1/sec burst 4
    3   168 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0


Fri Dec 05 15:05:26 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t raw
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 15:05:31 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t mangle
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination


Fri Dec 05 15:05:35 ⛔🔜 root@hst-fr:~ # iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 682 packets, 39917 bytes)
 pkts bytes target     prot opt in     out     source               destination
    1    42 DNAT       udp  --  *      *       0.0.0.0/0            147.79.115.130       udp dpt:53 to:10.175.0.1:53
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            147.79.115.130       tcp dpt:53 to:10.175.0.1:53

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 6 packets, 350 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.1           0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.2           0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.175.0.10          0.0.0.0/0
    0     0 MASQUERADE  all  --  *      eth0    10.0.3.10            0.0.0.0/0
Fri Dec 05 15:05:38 ⛔🔜 root@hst-fr:~ #