Scribd
Upload
36 views

Iptables

The document describes the packet flow through various chains in the iptables firewall on a device. It shows statistics on packets and bytes processed by each chain, as well as targets and rules within chains that filter traffic based on protocol, source, destination and other criteria. The chains filter both incoming and outgoing traffic across the INPUT, FORWARD, and OUTPUT chains at various policy enforcement points in the firewall.

Uploaded by

salwasalwasabaddin
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
36 views

Iptables

The document describes the packet flow through various chains in the iptables firewall on a device. It shows statistics on packets and bytes processed by each chain, as well as targets and rules within chains that filter traffic based on protocol, source, destination and other criteria. The chains filter both incoming and outgoing traffic across the INPUT, FORWARD, and OUTPUT chains at various policy enforcement points in the firewall.

Uploaded by

salwasalwasabaddin
Copyright
© © All Rights Reserved
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Chain INPUT (policy ACCEPT 10641 packets, 12M bytes)

pkts bytes target prot opt in out source destination


57M 60G bw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
57M 60G fw_INPUT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)


pkts bytes target prot opt in out source destination
0 0 oem_fwd all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 fw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 bw_FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 tetherctrl_FORWARD all -- * * 0.0.0.0/0
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 9765 packets, 1047K bytes)


pkts bytes target prot opt in out source destination
37M 5309M nm_qti_filter_ssdp_dropper all -- * * 0.0.0.0/0
0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 52.81.126.7
NFQUEUE num 0
0 0 NFQUEUE all -- * * 0.0.0.0/0 119.28.206.152
NFQUEUE num 1
37M 5309M oem_out all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M fw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M wifi all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M mobile all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M st_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M bw_OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M fw_mobile all -- * * 0.0.0.0/0 0.0.0.0/0
37M 5309M fw_wifi all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_FORWARD (1 references)


pkts bytes target prot opt in out source destination
0 0 bw_costly_bt-pan all -- bt-pan * 0.0.0.0/0
0.0.0.0/0
0 0 bw_costly_bt-pan all -- * bt-pan 0.0.0.0/0
0.0.0.0/0

Chain bw_INPUT (1 references)


pkts bytes target prot opt in out source destination
57M 60G bw_global_alert all -- * * 0.0.0.0/0 0.0.0.0/0
668 388K bw_costly_bt-pan all -- bt-pan * 0.0.0.0/0
0.0.0.0/0
0 0 RETURN esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
mark match 0x100000/0x100000
57M 60G MARK all -- * * 0.0.0.0/0 0.0.0.0/0
MARK or 0x100000

Chain bw_OUTPUT (1 references)


pkts bytes target prot opt in out source destination
37M 5309M bw_global_alert all -- * * 0.0.0.0/0 0.0.0.0/0
578 123K bw_costly_bt-pan all -- * bt-pan 0.0.0.0/0
0.0.0.0/0

Chain bw_costly_bt-pan (4 references)


pkts bytes target prot opt in out source destination
1246 511K bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
! quota bt-pan: 9223372036854775807 bytes reject-with icmp-port-unreachable
Chain bw_costly_shared (0 references)
pkts bytes target prot opt in out source destination
0 0 bw_penalty_box all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_data_saver (1 references)


pkts bytes target prot opt in out source destination
407K 362M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_global_alert (2 references)


pkts bytes target prot opt in out source destination
20M 16G all -- * * 0.0.0.0/0 0.0.0.0/0
! quota globalAlert: 2097152 bytes

Chain bw_happy_box (1 references)


pkts bytes target prot opt in out source destination
1475K 1335M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
match bpf pinned /sys/fs/bpf/prog_netd_skfilter_whitelist_xtbpf
407K 362M bw_data_saver all -- * * 0.0.0.0/0 0.0.0.0/0

Chain bw_penalty_box (2 references)


pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
match bpf pinned /sys/fs/bpf/prog_netd_skfilter_blacklist_xtbpf reject-with icmp-
port-unreachable
1881K 1697M bw_happy_box all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw_FORWARD (1 references)


pkts bytes target prot opt in out source destination

Chain fw_INPUT (1 references)


pkts bytes target prot opt in out source destination

Chain fw_OUTPUT (1 references)


pkts bytes target prot opt in out source destination

Chain fw_mobile (1 references)


pkts bytes target prot opt in out source destination

Chain fw_wifi (1 references)


pkts bytes target prot opt in out source destination

Chain mobile (1 references)


pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_doze_mode_skip (0 references)


pkts bytes target prot opt in out source destination

Chain nm_mdmprxy_iface_pkt_fwder (0 references)


pkts bytes target prot opt in out source destination

Chain nm_qti_filter_ssdp_dropper (1 references)


pkts bytes target prot opt in out source destination
0 0 DROP udp -- * r_rmnet_data+ 0.0.0.0/0
0.0.0.0/0 udp dpt:1900
0 0 DROP udp -- * rmnet_data+ 0.0.0.0/0 0.0.0.0/0
udp dpt:1900

Chain oem_fwd (1 references)


pkts bytes target prot opt in out source destination

Chain oem_out (1 references)


pkts bytes target prot opt in out source destination

Chain st_OUTPUT (1 references)


pkts bytes target prot opt in out source destination

Chain st_clear_caught (2 references)


pkts bytes target prot opt in out source destination

Chain st_clear_detect (0 references)


pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
connmark match 0x2000000/0x2000000 reject-with icmp-port-unreachable
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
connmark match 0x1000000/0x1000000
0 0 CONNMARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
u32
"0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0xffff0000=0x16030000&&0x0>>0x16&0x3c@0xc>>0x1a&
0x3c@0x4&0xff0000=0x10000" CONNMARK or 0x1000000
0 0 CONNMARK udp -- * * 0.0.0.0/0 0.0.0.0/0
u32
"0x0>>0x16&0x3c@0x8&0xffff0000=0x16fe0000&&0x0>>0x16&0x3c@0x14&0xff0000=0x10000"
CONNMARK or 0x1000000
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
connmark match 0x1000000/0x1000000
0 0 st_clear_caught tcp -- * * 0.0.0.0/0 0.0.0.0/0
state ESTABLISHED u32 "0x0>>0x16&0x3c@0xc>>0x1a&0x3c@0x0&0x0=0x0"
0 0 st_clear_caught udp -- * * 0.0.0.0/0 0.0.0.0/0

Chain st_penalty_log (0 references)


pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK or 0x1000000
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0

Chain st_penalty_reject (0 references)


pkts bytes target prot opt in out source destination
0 0 CONNMARK all -- * * 0.0.0.0/0 0.0.0.0/0
CONNMARK or 0x2000000
0 0 NFLOG all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable

Chain tetherctrl_FORWARD (1 references)


pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain tetherctrl_counters (0 references)


pkts bytes target prot opt in out source destination

Chain wifi (1 references)


pkts bytes target prot opt in out source destination

You might also like